Member Avatar for assgar

Hi

I am having problems with sessions.

When using Internet Explorer I can pass sessions to other pages.
I cannot pass sessions when I use Mozilla Firefox.

//at the top of the page
session_start();

//value passed
$last_login = $_SESSION['s_last_login'];//last user login history

PHP.ini:

//This is my PHP.ini file session configuration below.

[Session]
; Handler used to store/retrieve data.
session.save_handler = files
;session.save_path = "N;/path"
;session.save_path = "N;MODE;/path"
;session.save_path = "/tmp"
session.use_cookies = 1
session.name = PHPSESSID
;Initialize session on request startup.
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor     = 100
session.gc_maxlifetime = 1440
session.bug_compat_42 = 1
session.bug_compat_warn = 1
session.referer_check =
session.entropy_length = 0
session.entropy_file =
;session.entropy_length = 16
;session.entropy_file = /dev/urandom
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.hash_function = 0
session.hash_bits_per_character = 4
Edited by mike_2000_17 because: Fixed formatting
  • 3 Contributors
  • 3 Replies
  • 118 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by R0bb0b

Recommended Answers

All 3 Replies

Member Avatar for cwarn23

Have you checked if cookies are enabled in Firefox because to use sessions you need the session ID which is usually stored in a cookie. If you haven't got cookies enabled in Firefox then try enabling them and see if that makes the sessions work.
-------
Also if it does turn out to be cookies and you want to keep cookies disabled then you could a, put the session id in the url bar (not very secure) or b, use what I have made and call server side cookies. That is when you store the session values and names of the values in a database (eg. mysql). Also each value goes on its own line with the users IP address in the same row as the session value and name of value. Then when the user visits a page, the server then checks for all rows matching the users IP address. So in your case, the server side cookie would probably be the Session ID. Nice little trick if you don't like cookies.

So let us know if it is just cookies that are disallowing the session as that is all that I can think of.

Member Avatar for assgar

Thanks for the solutions.

Enabling cookie was the temporary solution.
I will store the session info in a database.

How do I accomplish the example below if I disable cookies?

example:
I have a 20 pages I need to pass the same user preferences\permissions\data across. I have been using sessions in IE and it works. I want to move to Firefox.
Note: The total of 15 to 20 preferences\permissions\data are stored in mysql DB and security is important.

I would prefer not to have to select the preferences\permissions\data from the database for each page.

Member Avatar for R0bb0b

Have you checked if cookies are enabled in Firefox because to use sessions you need the session ID which is usually stored in a cookie. If you haven't got cookies enabled in Firefox then try enabling them and see if that makes the sessions work.
-------
Also if it does turn out to be cookies and you want to keep cookies disabled then you could a, put the session id in the url bar (not very secure) or b, use what I have made and call server side cookies. That is when you store the session values and names of the values in a database (eg. mysql). Also each value goes on its own line with the users IP address in the same row as the session value and name of value. Then when the user visits a page, the server then checks for all rows matching the users IP address. So in your case, the server side cookie would probably be the Session ID. Nice little trick if you don't like cookies.

So let us know if it is just cookies that are disallowing the session as that is all that I can think of.

What if I am using a shared IP, like most in the internet? Or what if I want to send fake http headers to mimic a fake ip? I think it is a lot harder to fake a cookie than a header call.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.