|   | php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login | 
| 
 PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits              [2000-05-29 19:34 UTC] arcon2600 at hotmail dot com
 | |||||||||||||||||||||||||||
|  Copyright © 2001-2025 The PHP Group All rights reserved. | Last updated: Sat Oct 25 12:00:01 2025 UTC | 
Bug Description: If you start a sesion in one script, and then follow a link to any other script or use header("Location: ") to redirect to another script, $PHPSESSION contains the previos session id, however session_start() creates and new session and session ID and passes it back to the browser. The *only* way you can switch between pages is if you send <META http-equiv="refresh" content="0;"> etc... then it seems to recreate the sesison fine. (Don't even ask how I found that out, I was getting quite creative and desperate :P). Temporary Workaround: (Untested beyond 2 pages, ie I may need to use session_register() to re-register the variables, I dunno) Use the following to replace session_start() and session_register() on b.php.... <?PHP $fpsession = fopen("/tmp/sess_$PHPSESSION","r"); $sessioninfo = ""; while (!feof($fpsession)) { $sessioninfo .= fgets($fpsession,1024); } session_decode($sessioninfo); ?> Sample Code (2 files a.php, b.php, c.php): (Tested with and without session_register() on b.php and c.php...) ---a.php--- <?PHP session_start(); $temp = "asdf"; session_register("temp"); ?> <HTML><BODY> <?PHP echo(session_id() . "<BR>" . $temp); ?> <BR> <A HREF="b.php">go here</A> </BODY></HTML> ---b.php--- <?PHP session_start(); session_register("temp"); ?> <HTML><BODY> <?PHP echo(session_id() . "<BR>" . $temp . "<BR>" . $PHPSESSION); ?> <BR> <A HREF="c.php">go here</A> </BODY></HTML> ---c.php--- <?PHP session_start(); session_register("temp"); ?> <HTML><BODY><?PHP echo(session_id() . "<BR>" . $temp);?></BODY></HTML> Configure command: ./configure --with-apxs=/var/lib/apache/sbin/apxs --with-config-file-path=/etc --enable-track-vars --enable-magic-quotes --enable-bcmath --enable-calendar --with-dom=/usr/local/lib --with-gettext --with-mhash=/usr/local --with-mysql --enable-url-includes --enable-sysvsem --enable-sysvshm --with-xml --enable-yp --enable-imap=/root/imap-4.7c -disable-debug --enable-inline-optimization --enable-trans-sid Php.ini: [PHP] ;;;;;;;;;;;;;;;;;;;; ; Language Options ; ;;;;;;;;;;;;;;;;;;;; engine = On ; Enable the PHP scripting language engine under Apache short_open_tag = On ; allow the <? tag. otherwise, only <?php and <script> tags are recognized. asp_tags = Off ; allow ASP-style <% %> tags precision = 14 ; number of significant digits displayed in floating point numbers y2k_compliance = Off ; whether to be y2k compliant (will cause problems with non y2k compliant browsers) output_buffering = Off ; Output buffering allows you to send header lines (including cookies) ; even after you send body content, in the price of slowing PHP's ; output layer a bit. ; You can enable output buffering by in runtime by calling the output ; buffering functions, or enable output buffering for all files ; by setting this directive to On. implicit_flush = Off ; Implicit flush tells PHP to tell the output layer to flush itself ; automatically after every output block. This is equivalent to ; calling the PHP function flush() after each and every call to print() ; or echo() and each and every HTML block. ; Turning this option on has serious performance implications, and ; is generally recommended for debugging purposes only. allow_call_time_pass_reference = Off ; whether to enable the ability to force arguments to be ; passed by reference at function-call time. This method ; is deprecated, and is likely to be unsupported in future ; versions of PHP/Zend. The encouraged method of specifying ; which arguments should be passed by reference is in the ; function declaration. You're encouraged to try and ; turn this option Off, and make sure your scripts work ; properly with it, to ensure they will work with future ; versions of the language (you will receive a warning ; each time you use this feature, and the argument will ; be passed by value instead of by reference). ; Safe Mode safe_mode = Off safe_mode_exec_dir = safe_mode_allowed_env_vars = PHP_ ; Setting certain environment variables ; may be a potential security breach. ; This directive contains a comma-delimited ; list of prefixes. In Safe Mode, the ; user may only alter environment ; variables whose names begin with the ; prefixes supplied here. ; By default, users will only be able ; to set environment variables that begin ; with PHP_ (e.g. PHP_FOO=BAR). ; Note: If this directive is empty, PHP ; will let the user modify ANY environment ; variable! safe_mode_protected_env_vars = LD_LIBRARY_PATH ; This directive contains a comma- ; delimited list of environment variables, ; that the end user won't be able to ; change using putenv(). ; These variables will be protected ; even if safe_mode_allowed_env_vars is ; set to allow to change them. ; Colors for Syntax Highlighting mode. Anything that's acceptable in <font color=???> would work. highlight.string = #DD0000 highlight.comment = #FF8000 highlight.keyword = #007700 highlight.bg = #FFFFFF highlight.default = #0000BB highlight.html = #000000 ; Misc expose_php = On ; Decides whether PHP may expose the fact that it is installed on the ; server (e.g., by adding its signature to the Web server header). ; It is no security threat in any way, but it makes it possible ; to determine whether you use PHP on your server or not. ;;;;;;;;;;;;;;;;;;; ; Resource Limits ; ;;;;;;;;;;;;;;;;;;; max_execution_time = 30 ; Maximum execution time of each script, in seconds (UNIX only) memory_limit = 8388608 ; Maximum amount of memory a script may consume (8MB) ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; Error handling and logging ; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; error_reporting is a bit-field. Or each number up to get desired error reporting level ; E_ALL - All errors and warnings ; E_ERROR - fatal run-time errors ; E_WARNING - run-time warnings (non fatal errors) ; E_PARSE - compile-time parse errors ; E_NOTICE - run-time notices (these are warnings which often result from a bug in ; your code, but it's possible that it was intentional (e.g., using an ; uninitialized variable and relying on the fact it's automatically ; initialized to an empty string) ; E_CORE_ERROR - fatal errors that occur during PHP's initial startup ; E_CORE_WARNING - warnings (non fatal errors) that occur during PHP's initial startup ; E_COMPILE_ERROR - fatal compile-time errors ; E_COMPILE_WARNING - compile-time warnings (non fatal errors) ; E_USER_ERROR - user-generated error message ; E_USER_WARNING - user-generated warning message ; E_USER_NOTICE - user-generated notice message ; Examples: ; error_reporting = E_ALL & ~E_NOTICE ; show all errors, except for notices ; error_reporting = E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR ; show only errors error_reporting = E_ALL & ~E_NOTICE ; Show all errors except for notices display_errors = On ; Print out errors (as a part of the HTML script) log_errors = Off ; Log errors into a log file (server-specific log, stderr, or error_log (below)) track_errors = Off ; Store the last error/warning message in $php_errormsg (boolean) ;error_prepend_string = "<font color=ff0000>" ; string to output before an error message ;error_append_string = "</font>" ; string to output after an error message ;error_log = filename ; log errors to specified file ;error_log = syslog ; log errors to syslog (Event Log on NT, not valid in Windows 95) warn_plus_overloading = Off ; warn if the + operator is used with strings ;;;;;;;;;;;;;;;;; ; Data Handling ; ;;;;;;;;;;;;;;;;; variables_order = "EGPCS" ; This directive describes the order in which PHP registers ; GET, POST, Cookie, Environment and Built-in variables (G, P, ; C, E & S respectively, often referred to as EGPCS or GPC). ; Registration is done from left to right, newer values override ; older values. register_globals = On ; Whether or not to register the EGPCS variables as global ; variables. You may want to turn this off if you don't want ; to clutter your scripts' global scope with user data. This makes ; most sense when coupled with track_vars - in which case you can ; access all of the GPC variables through the $HTTP_*_VARS[], ; variables. register_argv_argc = On ; This directive tells PHP whether to declare the argv&argc ; variables (that would contain the GET information). If you ; don't use these variables, you should turn it off for ; increased performance track_vars = On ; enable the $HTTP_*_VARS[] arrays, where * is one of ; ENV, POST, GET, COOKIE or SERVER. gpc_order = "GPC" ; This directive is deprecated. Use variables_order instead. gpc_globals = On ; Make session variables global automagically. gpc.globals = On ; asdf ; Magic quotes magic_quotes_gpc = On ; magic quotes for incoming GET/POST/Cookie data magic_quotes_runtime = Off ; magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc. magic_quotes_sybase = Off ; Use Sybase-style magic quotes (escape ' with '' instead of \') ; automatically add files before or after any PHP document auto_prepend_file = auto_append_file = ; As of 4.0b4, PHP always outputs a character encoding by default in ; the Content-type: header. To disable sending of the charset, simply ; set it to be empty. ; PHP's built-in default is text/html default_mimetype = "text/html" ;default_charset = "iso-8859-1" ;;;;;;;;;;;;;;;;;;;;;;;;; ; Paths and Directories ; ;;;;;;;;;;;;;;;;;;;;;;;;; include_path = /var/lib/apache/php/include:./ ; UNIX: "/path1:/path2" Windows: "\path1;\path2" doc_root = ; the root of the php pages, used only if nonempty user_dir = ; the directory under which php opens the script using /~username, used only if nonempty ;upload_tmp_dir = ; temporary directory for HTTP uploaded files (will use system default if not specified) upload_max_filesize = 2097152 ; 2 Meg default limit on file uploads extension_dir = ./ ; directory in which the loadable extensions (modules) reside ;;;;;;;;;;;;;;;;;;;;;; ; Dynamic Extensions ; ;;;;;;;;;;;;;;;;;;;;;; ; if you wish to have an extension loaded automaticly, use the ; following syntax: extension=modulename.extension ; for example, on windows, ; extension=msql.dll ; or under UNIX, ; extension=msql.so ; Note that it should be the name of the module only, no directory information ; needs to go here. Specify the location of the extension with the extension_dir directive above. ;Windows Extensions ;extension=php_mysql.dll ;extension=php_nsmail.dll ;extension=php_calendar.dll ;extension=php_dbase.dll ;extension=php_filepro.dll ;extension=php_gd.dll ;extension=php_dbm.dll ;extension=php_mssql.dll ;extension=php_zlib.dll ;extension=php_filepro.dll ;extension=php_imap4r2.dll ;extension=php_ldap.dll ;extension=php_crypt.dll ;extension=php_msql2.dll ;extension=php_odbc.dll ;;;;;;;;;;;;;;;;;;; ; Module Settings ; ;;;;;;;;;;;;;;;;;;; [Syslog] define_syslog_variables = Off ; Whether or not to define the various syslog variables, ; e.g. $LOG_PID, $LOG_CRON, etc. Turning it off is a ; good idea performance-wise. In runtime, you can define ; these variables by calling define_syslog_variables() [mail function] ;SMTP = localhost ;for win32 only ;sendmail_from = me@localhost.com ;for win32 only sendmail_path = /usr/bin/sendmail ;for unix only, may supply arguments as well (default is sendmail -t) [Debugger] debugger.host = localhost debugger.port = 7869 debugger.enabled = False [Logging] ; These configuration directives are used by the example logging mechanism. ; See examples/README.logging for more explanation. ;logging.method = db ;logging.directory = /path/to/log/directory [SQL] sql.safe_mode = Off [ODBC] ;uodbc.default_db = Not yet implemented ;uodbc.default_user = Not yet implemented ;uodbc.default_pw = Not yet implemented uodbc.allow_persistent = On ; allow or prevent persistent links uodbc.check_persistent = On ; check that a connection is still validbefore reuse uodbc.max_persistent = -1 ; maximum number of persistent links. -1 means no limit uodbc.max_links = -1 ; maximum number of links (persistent+non persistent). -1 means no limit uodbc.defaultlrl = 4096 ; Handling of LONG fields. Returns number of bytes to variables, 0 means passthru uodbc.defaultbinmode = 1 ; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char ; See the documentation on odbc_binmode and odbc_longreadlen for an explanation of uodbc.defaultlrl ; and uodbc.defaultbinmode [MySQL] mysql.allow_persistent = On ; allow or prevent persistent link mysql.max_persistent = -1 ; maximum number of persistent links. -1 means no limit mysql.max_links = -1 ; maximum number of links (persistent+non persistent). -1 means no limit mysql.default_port = ; default port number for mysql_connect(). If unset, ; mysql_connect() will use the $MYSQL_TCP_PORT, or the mysql-tcp ; entry in /etc/services, or the compile-time defined MYSQL_PORT ; (in that order). Win32 will only look at MYSQL_PORT. mysql.default_host = ; default host for mysql_connect() (doesn't apply in safe mode) mysql.default_user = ; default user for mysql_connect() (doesn't apply in safe mode) mysql.default_password = ; default password for mysql_connect() (doesn't apply in safe mode) ; Note that this is generally a *bad* idea to store passwords ; in this file. *Any* user with PHP access can run ; 'echo cfg_get_var("mysql.default_password")' and reveal that ; password! And of course, any users with read access to this ; file will be able to reveal the password as well. [mSQL] msql.allow_persistent = On ; allow or prevent persistent link msql.max_persistent = -1 ; maximum number of persistent links. -1 means no limit msql.max_links = -1 ; maximum number of links (persistent+non persistent). -1 means no limit [PostgresSQL] pgsql.allow_persistent = On ; allow or prevent persistent link pgsql.max_persistent = -1 ; maximum number of persistent links. -1 means no limit pgsql.max_links = -1 ; maximum number of links (persistent+non persistent). -1 means no limit [Sybase] sybase.allow_persistent = On ; allow or prevent persistent link sybase.max_persistent = -1 ; maximum number of persistent links. -1 means no limit sybase.max_links = -1 ; maximum number of links (persistent+non persistent). -1 means no limit ;sybase.interface_file = "/usr/sybase/interfaces" sybase.min_error_severity = 10 ; minimum error severity to display sybase.min_message_severity = 10 ; minimum message severity to display sybase.compatability_mode = Off ; compatability mode with old versions of PHP 3.0. ; If on, this will cause PHP to automatically assign types to results ; according to their Sybase type, instead of treating them all as ; strings. This compatability mode will probably not stay around ; forever, so try applying whatever necessary changes to your code, ; and turn it off. [Sybase-CT] sybct.allow_persistent = On ; allow or prevent persistent link sybct.max_persistent = -1 ; maximum number of persistent links. -1 means no limit sybct.max_links = -1 ; maximum number of links (persistent+non persistent). -1 means no limit sybct.min_server_severity = 10 ; minimum server message severity to display sybct.min_client_severity = 10 ; minimum client message severity to display [bcmath] bcmath.scale = 20 ; number of decimal digits for all bcmath functions [browscap] ;browscap = extra/browscap.ini [Informix] ifx.default_host = ; default host for ifx_connect() (doesn't apply in safe mode) ifx.default_user = ; default user for ifx_connect() (doesn't apply in safe mode) ifx.default_password = ; default password for ifx_connect() (doesn't apply in safe mode) ifx.allow_persistent = On ; allow or prevent persistent link ifx.max_persistent = -1 ; maximum number of persistent links. -1 means no limit ifx.max_links = -1 ; maximum number of links (persistent+non persistent). -1 means no limit ifx.textasvarchar = 0 ; if set on, select statements return the contents of a text blob instead of it's id ifx.byteasvarchar = 0 ; if set on, select statements return the contents of a byte blob instead of it's id ifx.charasvarchar = 0 ; trailing blanks are stripped from fixed-length char columns. May help the life ; of Informix SE users. ifx.blobinfile = 0 ; if set on, the contents of text&byte blobs are dumped to a file instead of ; keeping them in memory ifx.nullformat = 0 ; NULL's are returned as empty strings, unless this is set to 1. In that case, ; NULL's are returned as string 'NULL'. [Session] session.save_handler = files ; handler used to store/retrieve data session.save_path = /tmp ; argument passed to save_handler ; in the case of files, this is the ; path where data files are stored session.use_cookies = 1 ; whether to use cookies session.name = PHPSESSION ; name of the session ; is used as cookie name session.auto_start = 0 ; initialize session on request startup session.cookie_lifetime = 0 ; lifetime in seconds of cookie ; or if 0, until browser is restarted session.cookie_path = / ; the path the cookie is valid for session.cookie_domain = ; the domain the cookie is valid for session.serialize_handler = php ; handler used to serialize data ; php is the standard serializer of PHP session.gc_probability = 1 ; percentual probability that the ; 'garbage collection' process is started ; on every session initialization session.gc_maxlifetime = 900 ; after this number of seconds, stored ; data will be seen as 'garbage' and ; cleaned up by the gc process session.referer_check = 0 ; check HTTP Referer to invalidate ; externally stored URLs containing ids session.entropy_length = 0 ; how many bytes to read from the file session.entropy_file = ; specified here to create the session id ; session.entropy_length = 16 ; session.entropy_file = /dev/urandom session.cache_limiter = nocache ; set to {nocache,private,public} to ; determine HTTP caching aspects session.cache_expire = 180 ; document expires after n minutes [MSSQL] ;extension=php_mssql.dll mssql.allow_persistent = On ; allow or prevent persistent link mssql.max_persistent = -1 ; maximum number of persistent links. -1 means no limit mssql.max_links = -1 ; maximum number of links (persistent+non persistent). -1 means no limit mssql.min_error_severity = 10 ; minimum error severity to display mssql.min_message_severity = 10 ; minimum message severity to display mssql.compatability_mode = Off ; compatability mode with old versions of PHP 3.0. [Assertion] ;assert.active = On ; assert(expr); active by default ;assert.warning = On ; issue a PHP warning for each failed assertion. ;assert.bail = Off ; don't bail out by default. ;assert.callback = 0 ; user-function to be called if an assertion fails. ;assert.quiet_eval = 0 ; eval the expression with current error_reporting(). ; set to true if you want error_reporting(0) around the eval(). [Zend] zend_optimizer.optimization_level=7 zend_extension="/usr/local/Zend/lib/ZendOptimizer.so" ; Local Variables: ; tab-width: 4 ; End: Thanks, Adam Bregenzer