Posted by "Daevid Vincent" on 01/19/06 07:27

I have a gentoo server that doesn't save/restore the CLASS portion of a
session, but it does retain other $_SESSION values. This code works fine on
a debian box.

WORKING BOX:
root@DAEVID:/lockdown# php --version
PHP 5.0.3 (cli) (built: Jan 5 2006 13:18:18)
Copyright (c) 1997-2004 The PHP Group
Zend Engine v2.0.3, Copyright (c) 1998-2004 Zend Technologies
with Zend Extension Manager v1.0.9, Copyright (c) 2003-2005, by Zend
Technologies
with Zend Optimizer v2.6.0, Copyright (c) 1998-2005, by Zend
Technologies

NOT WORKING BOX:
vmware apache2-php5 # php --version
PHP 5.0.5-pl3-gentoo (cli) (built: Dec 14 2005 15:44:04)
Copyright (c) 1997-2004 The PHP Group
Zend Engine v2.0.5, Copyright (c) 1998-2004 Zend Technologies

I've compared the php.ini files and can't find anything related to sessions
that is different. In fact they're almost the same with a few minor
exceptions that should have no effect that I can think of.

Here is the code I'm executing:

<?php
[SNIP DATABASE LOAD, ETC.]
echo "<B>UserData array = </B><BR>\n";
print_r($UserData);

//set the session variables:
$_SESSION['login'] = true;
$_SESSION['ie'] =
(stristr($_SERVER['HTTP_USER_AGENT'],"MSIE")) ? true : false;
$_SESSION['id'] = $UserData['id'];
$_SESSION['username'] = $UserData['username'];
$_SESSION['firstname'] = $UserData['firstname'];
$_SESSION['lastname'] = $UserData['lastname'];
$_SESSION['email'] = $UserData['email'];
$_SESSION['foo'] = '1234567890';

require_once('includes/classes/User.class.php');
$_SESSION['user'] = new User($UserData['id']);

echo "<P><B>_SESSION array = </B><BR>\n";
var_dump($_SESSION);
echo "<P><B>USERNAME</B> = ".$_SESSION['user']->get_username()."<BR>\n";
exit;
?>

Which properly results in this (as it's all on the same page):

UserData array =
Array ( [id] => 1 [firstname] => Daevid [lastname] => Vincent [email] =>
daevid@daevid.com ) <snip>

_SESSION array =
array(9) { ["login"]=> bool(true) ["ie"]=> bool(true) ["id"]=> string(1) "1"
["username"]=> string(6) "daevid" ["firstname"]=> string(6) "Daevid"
["lastname"]=> string(7) "Vincent" ["email"]=> string(17)
"daevid@daevid.com" ["foo"]=> string(10) "1234567890" ["user"]=>
object(User)#2 (24) { ["username:protected"]=> string(6) "daevid"
["firstname:protected"]=> string(6) "Daevid" ["lastname:protected"]=>
string(7) "Vincent" ["email:protected"]=> string(17) "daevid@daevid.com" ...
<snip> } }

USERNAME = daevid


Now I load a simple session loading test page with this code:

<?php
require_once('includes/classes/User.class.php');
session_start();
echo "<B>SESSION TEST:<P></B>";
var_dump($_SESSION);
exit;
?>

On the working box things are fine (obviously):

SESSION TEST:
array(9) { ["login"]=> bool(true) ["ie"]=> bool(true) ["id"]=> string(1) "1"
["username"]=> string(6) "daevid" ["firstname"]=> string(6) "Daevid"
["lastname"]=> string(7) "Vincent" ["email"]=> string(17)
"daevid@daevid.com" ["foo"]=> string(10) "1234567890" ["user"]=>
object(User)#1 (24) { ["username:protected"]=> string(6) "daevid"
["firstname:protected"]=> string(6) "Daevid" ["lastname:protected"]=>
string(7) "Vincent" ["email:protected"]=> string(17) "daevid@daevid.com"
["timestamp:protected"]=> string(19) "0000-00-00 00:00:00" ... <snip> } }

but on the broken box I see:

SESSION TEST:
array(9) { ["login"]=> bool(true) ["ie"]=> bool(true) ["id"]=> string(1) "1"
["username"]=> string(6) "daevid" ["firstname"]=> string(6) "Daevid"
["lastname"]=> string(7) "Vincent" ["email"]=> string(17)
"daevid@daevid.com" ["foo"]=> string(10) "1234567890" ["user"]=>
object(User)#1 (20) { ["username:protected"]=> string(0) ""
["firstname:protected"]=> string(0) "" ["lastname:protected"]=> string(0) ""
["email:protected"]=> string(0) "" ["timestamp:protected"]=> NULL ... <snip>
} }

Notice how the regular session info is there, but the "User" class is all
empty or NULL. So SOME of the $_SESSION is working, but not the User class
portion. This is completely baffling to me. Examining the /tmp/sess_* file
shows this same data.

Here is the session portion of php.ini on the broken box:

[Session]
; Handler used to store/retrieve data.
session.save_handler = files

; Argument passed to save_handler. In the case of files, this is the path
; where data files are stored. Note: Windows users have to change this
; variable in order to use PHP's session functions.
;
; As of PHP 4.0.1, you can define the path as:
;
; session.save_path = "N;/path"
;
; where N is an integer. Instead of storing all the session files in
; /path, what this will do is use subdirectories N-levels deep, and
; store the session data in those directories. This is useful if you
; or your OS have problems with lots of files in one directory, and is
; a more efficient layout for servers that handle lots of sessions.
;
; NOTE 1: PHP will not create this directory structure automatically.
; You can use the script in the ext/session dir for that purpose.
; NOTE 2: See the section on garbage collection below if you choose to
; use subdirectories for session storage
;
; The file storage module creates files using mode 600 by default.
; You can change that by using
;
; session.save_path = "N;MODE;/path"
;
; where MODE is the octal representation of the mode. Note that this
; does not overwrite the process's umask.
;session.save_path = "/tmp"

; Whether to use cookies.
session.use_cookies = 1

; This option enables administrators to make their users invulnerable to
; attacks which involve passing session ids in URLs; defaults to 0.
; session.use_only_cookies = 1

; Name of the session (used as cookie name).
session.name = PHPSESSID

; Initialize session on request startup.
session.auto_start = 0

; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_lifetime = 0

; The path for which the cookie is valid.
session.cookie_path = /

; The domain for which the cookie is valid.
session.cookie_domain =

; Handler used to serialize data. php is the standard serializer of PHP.
session.serialize_handler = php

; Define the probability that the 'garbage collection' process is started
; on every session initialization.
; The probability is calculated by using gc_probability/gc_divisor,
; e.g. 1/100 means there is a 1% chance that the GC process starts
; on each request.

session.gc_probability = 1
session.gc_divisor = 100

; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
session.gc_maxlifetime = 1440

; NOTE: If you are using the subdirectory option for storing session files
; (see session.save_path above), then garbage collection does *not*
; happen automatically. You will need to do your own garbage
; collection through a shell script, cron entry, or some other method.
; For example, the following script would is the equivalent of
; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
; cd /path/to/sessions; find -cmin +24 | xargs rm

; PHP 4.2 and less have an undocumented feature/bug that allows you to
; to initialize a session variable in the global scope, albeit
register_globals
; is disabled. PHP 4.3 and later will warn you, if this feature is used.
; You can disable the feature and the warning separately. At this time,
; the warning is only displayed, if bug_compat_42 is enabled.

session.bug_compat_42 = 0
session.bug_compat_warn = 1

; Check HTTP Referer to invalidate externally stored URLs containing ids.
; HTTP_REFERER has to contain this substring for the session to be
; considered as valid.
session.referer_check =

; How many bytes to read from the file.
session.entropy_length = 0

; Specified here to create the session id.
session.entropy_file =

;session.entropy_length = 16

;session.entropy_file = /dev/urandom

; Set to {nocache,private,public,} to determine HTTP caching aspects
; or leave this empty to avoid sending anti-caching headers.
session.cache_limiter = nocache

; Document expires after n minutes.
session.cache_expire = 180

; trans sid support is disabled by default.
; Use of trans sid may risk your users security.
; Use this option with caution.
; - User may send URL contains active session ID
; to other person via. email/irc/etc.
; - URL that contains active session ID may be stored
; in publically accessible computer.
; - User may access your site with the same session ID
; always using URL stored in browser's history or bookmarks.
session.use_trans_sid = 0

; Select a hash function
; 0: MD5 (128 bits)
; 1: SHA-1 (160 bits)
session.hash_function = 0

; Define how many bits are stored in each character when converting
; the binary hash data to something readable.
;
; 4 bits: 0-9, a-f
; 5 bits: 0-9, a-v
; 6 bits: 0-9, a-z, A-Z, "-", ","
session.hash_bits_per_character = 5

; The URL rewriter will look for URLs in a defined set of HTML tags.
; form/fieldset are special; if you include them here, the rewriter will
; add a hidden <input> field with the info which is otherwise appended
; to URLs. If you want XHTML conformity, remove the form entry.
; Note that all valid entries require a "=", even if no value follows.
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=,fieldset="

• Next in forum: RE: [PHP] PHP Cache (was PHP load to high on server)
• Prev in forum: Re: [PHP] Validating Radio Buttons in two directions
• Thread view: $_SESSION saves all values but Class -- works on one server but not another?!

[Reply to this message]