[pmwiki-users] Session Erors and UserAuth2

ThomasP pmwikidev at sigproc.de
Mon May 21 00:20:37 CDT 2007


On Sun, May 20, 2007 19:14, IchBin wrote:
> Sorry Thomas I have to look into it closer. I have not had time to play
> around with it. I would guess that something had to be persisted to see
> this behavior for maintaining information between sessions(). With
> little knowledge I will speculate:
>
> It seems there are three pieces to this puzzle:
>
>    1 - session.save_path
>    2 - the actual physical location of the saved session.
>    3 - more importantly the index\pointer to that saved session:
> (sess_9af2e42745051da48fab511b67112ac7)
>
>
> I would think that 1 and 2 are indirectly the problem.  Since the
> default session.save_path points to a different place then where you
> save your session information it has to be storing the session id
> somewhere else or it would have not know about
> sess_9af2e42745051da48fab511b67112ac7.
>
> So as far as I can tell I just need to find out where, under Windows,
> does PHP saved this index information. Do thy save it in the windows
> temp area (not the session.save_path, this is just the path to the data)
> or maybe in the registry.
>
> I think this maybe the right way to resolve...? I'm a beginner with PHP
> so take this with a grain of salt but will try to resolve.
>
> Does this make sense?
>

I see now (-- at least I think so). The key point is: The session id which
is manufactured by PHP into the filename
'sess_9af2e42745051da48fab511b67112ac7' is taken from the session cookie!!

How it works: when a session is created on the server side, its data is
stored with under a (hopefully) unique id on the server. Now to convey to
the client what id had been used, a cookie is transfered to it upon
outputing the HTML, usually as part of the header information. Then on a
subsequent page request by the client, the client browser in turn takes
this cookie and sends it to the server, and by this the server knows which
session to load for this particular client. (*)

This means: the above file name is constructed by PHP from the session
cookie it has received from the client. This cookie might exists on your
browser even if you would have executed a 'rm -r *' on your server. It
tries to look for the corresponding session file (in which all session
data is saved), but can't find it since the session path is not existent.

Try

session_save_path("C:/tmp"); // or
session_save_path("C:/windows/temp");

somewhere near the beginning of your local config.php. That should be
working, unless ... well, unless there is a deeper problem that I haven't
yet imagined.

Let's see whether that was it.

Thomas

(*) [Admittedly, it took me some while to figure out how session work as
well, since it is not documented on www.php.net]





More information about the pmwiki-users mailing list