Ask a Question related to PHP Development, Design and Development.
-
Marek Florianczyk #1
sessions with session.cookie_secure (I've searched archives)
Hi All ;)
When I turn on session.cookie_secure my session doesn't work.
In manual there is written, that when this option is set cookie will
only be sent when secure (SSL) connection exist.
All my site works on SSL, apache doesn't eben listen on port 80.
But everything is working OK when session.cookie_secure is OFF. I was
sniffing connection, and nothing is going unencrypted, but the cookie on
my browser has parameter secure=no
I have apache 1.3.27 php-4.3.2
php.config:
register_globals=OFF
session.auto_start Off
session.bug_compat_42 Off
session.bug_compat_warn On
session.cache_expire 20
session.cache_limiter nocache
session.cookie_domain mydomain.com
session.cookie_lifetime 0
session.cookie_path /
session.cookie_secure On
session.entropy_file /dev/urandom
session.entropy_length 16
session.gc_divisor 1000
session.gc_maxlifetime 1440
session.gc_probability 1
session.name PHPSESSID
session.referer_check no value
session.save_handler files
session.save_path /tmp
session.serialize_handler php
session.use_cookies On
session.use_only_cookies On
session.use_trans_sid Off
login script:
session_id(genSessionId()) //md5 sum of timestamp, ipaddr, random number
session_start();
$_SESSION["login"]=$login;
$_SESSION["ID"]=session_id();
header("Location: main.php");
main.php:
session_start();
if(isset($_SESSION)) {
$login=$_SESSION["login"];
$ID=$_SESSION["ID"];
} else {
// apropriate info and redir to logn page
}
session_id is stored in pgSQL database, and checked everytime page is
loaded. As I sed everything is OK, when session.cookie_secure is OFF
When it's ON strange things happend:
page login.php generate session_id, store in pgSQL and send to browser
in a secure cookie, and also write it in /tmp ( with data: login and
session_id )
so far OK,
but when main.php loads, function session_start() does not retrive data
from that cookie, but it makes its own cookie ( just like session never
starts ) new cookie of course has not any data ( beside php native
session_id ) and send it again to the browser, save to /tmp ( but empty
- zero length )
So session doesn't work :(
Has any one some idea, what the fu!@#$@ is going on? ...
Sorry, but I spend half a day searching archives and I still don't know
why this hapend...
thanks for your time
greetings
PS. Can You send "cc" reply to [email]franki@tpi.pl[/email]
Marek Florianczyk Guest
-
Highlighting Searched Words
Hi All! I am writing an application using Dreamweaver MX 2004, Coldfusion 7, and MySQL Databases. I am wondering if there is a way to make it so... -
Searched Datagrid with Paging?
I am new to .NET, so bear with me. I have a datagrid with default paging of 10. I can page through it fine to the end. When I do a search from a... -
How to specify which files can be searched?
I'm building a site with Drupal (a CMS), which names many of its files with an extension of 'module' (e.g., system.module). Dreamweaver's text... -
[PHP] problem with sessions - IE working after session.use_trans_sid enabled.
On 17 August 2003 12:38, anders thoresson wrote: Just a wild guess -- but has your IE got cookies blocked, whilst Opera is accepting them? ... -
Session information swapping between sessions
I have a weird problem that's putting both my job and my company in jeopardy, and I hope you folks can help. We have an application that we're...
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
