[pmwiki-users] Session Erors and UserAuth2

IchBin weconsultants at gmail.com
Mon May 21 15:31:48 CDT 2007


IchBin wrote:
> ThomasP wrote:
>> On Sun, May 20, 2007 19:14, IchBin wrote:
>>> Sorry Thomas I have to look into it closer. I have not had time to play
>>> around with it. I would guess that something had to be persisted to see
>>> this behavior for maintaining information between sessions(). With
>>> little knowledge I will speculate:
>>>
>>> It seems there are three pieces to this puzzle:
>>>
>>>    1 - session.save_path
>>>    2 - the actual physical location of the saved session.
>>>    3 - more importantly the index\pointer to that saved session:
>>> (sess_9af2e42745051da48fab511b67112ac7)
>>>
>>>
>>> I would think that 1 and 2 are indirectly the problem.  Since the
>>> default session.save_path points to a different place then where you
>>> save your session information it has to be storing the session id
>>> somewhere else or it would have not know about
>>> sess_9af2e42745051da48fab511b67112ac7.
>>>
>>> So as far as I can tell I just need to find out where, under Windows,
>>> does PHP saved this index information. Do thy save it in the windows
>>> temp area (not the session.save_path, this is just the path to the data)
>>> or maybe in the registry.
>>>
>>> I think this maybe the right way to resolve...? I'm a beginner with PHP
>>> so take this with a grain of salt but will try to resolve.
>>>
>>> Does this make sense?
>>>
>> I see now (-- at least I think so). The key point is: The session id which
>> is manufactured by PHP into the filename
>> 'sess_9af2e42745051da48fab511b67112ac7' is taken from the session cookie!!
>>
>> How it works: when a session is created on the server side, its data is
>> stored with under a (hopefully) unique id on the server. Now to convey to
>> the client what id had been used, a cookie is transfered to it upon
>> outputing the HTML, usually as part of the header information. Then on a
>> subsequent page request by the client, the client browser in turn takes
>> this cookie and sends it to the server, and by this the server knows which
>> session to load for this particular client. (*)
>>
>> This means: the above file name is constructed by PHP from the session
>> cookie it has received from the client. This cookie might exists on your
>> browser even if you would have executed a 'rm -r *' on your server. It
>> tries to look for the corresponding session file (in which all session
>> data is saved), but can't find it since the session path is not existent.
>>
>> Try
>>
>> session_save_path("C:/tmp"); // or
>> session_save_path("C:/windows/temp");
>>
>> somewhere near the beginning of your local config.php. That should be
>> working, unless ... well, unless there is a deeper problem that I haven't
>> yet imagined.
>>
>> Let's see whether that was it.
>>
>> Thomas
>>
>> (*) [Admittedly, it took me some while to figure out how session work as
>> well, since it is not documented on www.php.net]
> 
> It looks like PHP is not complaining about the session as much as the 
> subdirectory. Once it has a real subdirectory, even with no stored 
> sessions, the error is resolved. But now with pmWiki every time I edit 
> and save I have to re-enter the password.
> 
> - The session.save_path was always blank. I never gave it a path and 
> still does not have a path.
> - Running from Opera (9.21 build 8776) it knows of no cookies.
> - I have to add a session.save_path to all of the scripts that use 
> session(). I could add a real subdirectory to the PHP.ini entry for 
> session.save_path.
> 
> The problem I have is where is PHP storing this session information if 
> it is not storing them in a browser cookie?
> 
> Why is pmWiki not remembering the admin password so I do not have to 
> enter it every time I edit or save now?
> 

As I mentioned it looks like if the session_save_path() has a real 
subdirectory, no errors are presented. Also if in the php.ini I have 
session_save_path() with no value. I happen to have a phpinfo() from few 
months ago and I compared side by side and found these different:

Now
session.bug_compat_42	On	On
session.save_path	\tmp	 \tmp
_______________________________________

WAS
session.bug_compat_42	Off	Off
session.save_path	no value no value
_______________________________________


I changed them back and I do not get the error. Had to be the 
session.save_path pointing to an nonexistent subdirectory. I do not 
remember changing these values but I guess I must have since they are 
different.

The only problem now with pmwiki is that I have to enter my password 
ever time I edit or save a wiki page.

I have no clue why pmWiki is now not remembering that I am the admin and 
that I have already entered the admin password.

-- 
Thanks in Advance...           http://weconsulting.org
IchBin, Philadelphia, Pa, USA http://ichbinquotations.weconsulting.org
______________________________________________________________________
'If there is one, Knowledge is the "Fountain of Youth"'
-William E. Taylor, Regular Guy (1952-)






More information about the pmwiki-users mailing list