Session question
 

This will be a somewhat vague inquiry as I don't quite understand the problem. I have some code which uses the session_start() function. It works fine on my development environment when I test it basically I set a $_SESSION variable and then I check to see that it is set in another page. On my PC it works fine, but on my online server no success. Any idea why the disparity? Or suggestions as to how to find out why?

Here's an example which I tested on my home computer and on the webserver.

test1.php[PHP]<?php
session_start();
$_SESSION['test'] = 'haha';
?>
<html>
<head>
<meta http-equiv="refresh" content="1;test2.php">
</head>
<body>
</body>
</html>[/PHP]
test2.php[PHP]<?php
session_start();
?>
<html>
<head>
</head>
<body>
<?php
if(IsSet($_SESSION['test'])){
echo 'SET';
}
?>
</body>
</html>[/PHP]
The string SET is not echoed onto the browser in test2.php

on a whim, do a phpinfo() and make sure sessions are enabled.

Hey Jimbo, nice to see you again. I gave up on getting that session stuff to work. It was working before and just suddenly stopped and rather than dealing with it I just gave up. Rather than using sessions I'll just store cookies on my server which recognize people by their IP. Already been done and the code I had working with sessions previously now works that way. Not necessarily an effective workaround, but I think it will prove pretty useful in its own right. I needed to get something done so that the forum I was coding would still be functional. I think this will be more compatible with PHP servers rather than using sessions as a lot of them restrict this option.

What if you have people logging in (or accessing the side at least) from behind a common NAT box? Going by IP doesn't work so well in that case. Using cookies on their computers also falls by the wayside if they have cookies disabled. 'Course, you can just state that cookies have to be enabled for your site, but that's up to you.

Well the cookie is structured as follows and receives a unique name. This unique name for the cookie is passed through the browser URL via the $_GET superglobal array. Here's the structure of the cookie.The filename of the cookie is assigned by computing the crc32 checksum of the username and appending '.txt'. This value is then passed into all pages through the $_GET superglobal with the 'uid' identifier. I think that sorta makes the whole NAT thing ok since your computer knows who you are. The purpose of checking against the IP is to make sure somebody else isn't using your screenname, and the cookie can't be created/initialized if you don't enter your password which only you know. Granted if somebody on that same NAT figured out your uid 'cause you pasted it in somewhere or something then it might be a problem. If I could pass it silently without the use of the URL that would be better. But the $_SESSION array was the one to use for that or the $_POST array but I don't know how to access the $_POST array without using a form (not that it's even possible). I think it would be fairly reasonable to assume that the chances of someone on your same NAT trying to use your identity are somewhat slim. Correct me if I'm wrong though.

Besides checking the phpinfo() to ensure that you can use sessions, what is your server setup like?

http://www.480x.com/2006/05/23/php-o...anced-servers/

PHP sessions don't work very well on load balanced setups. There may be additional complications on your server setup that deal the death blow to sessions.

- Sean