Menu
Community /Pin to ProfileBookmark
@NogDogJan 26.2021 βΒ #
Well, that's going to be a problem, so need to figure out why. First thing I'd check is the session cookie lifetime, I guess? Maybe add this to your debug scripts after the
@NogDogJan 26.2021 βΒ #
0 actually means no expiration, so that shouldn't be a problem.
If you haven't already, maybe a little temporary page to do a
@NogDogJan 27.2021 βΒ #Might be interesting to try this:
Theoretically that would show any settings that have been overruled (such as via .htaccess). My eye was drawn to the session save path as well, as that does need to be read/writable by whatever server user is actually running the PHP stuff (typically
Also, if you haven't already tried it, the good old "turn on all errors" might reveal something:
🤞@NogDogJan 27.2021 βΒ #@mfox#1627261
Apparently the "access" relates to where that setting can be set, as perhttps://www.php.net/manual/en/configuration.changes.modes.php , though I don't know what the number actually means -- but I think we don't need to worry about it. Ignoring that, the one thing I noticed was this:
The
PS: According to a user comment on the PHP manual page for
So I don't think it tells us where it was set, but with a 7 it could have been anywhere that's possible. :@NogDogJan 28.2021 βΒ #I guess since we moved our app into an infrastructure using Docker containers a few years back, I've been fortunate not to have to worry about this kind of thing any more. If the container works on my macbook, it's 99.9+% likely to work when we deploy that container to the servers. Not saying you should drop everything and dockerize your app, as there's a definite learning curve -- and fortunately my team leader knows it very well -- but something to think about if it makes sense for your team and deployment options (e.g. needs a hosting option that supports container usage).
Is $_SESSION still a thing in PHP 7?
Okay, so I built an app on our dev server, which is running PHP 5.4.16, and when IT set up a production server it was running PHP 7.2; now I’m sure I’m in for a steep learning curve and plenty of debugging, but this first one has been a real hair-jerker: After spending hours pouring over my code, throwing error_logs everywhere, and scouring the interwebz praying for a clue, I eventually came to the conclusion that apparently, something has changed between v5 and v7 in how PHP handles sessions. My theory appears to be validated by these two pages I threw together:
`//a.php
<?php
session_start();
$_SESSION[“test”] = “Testing sessions.”;
var_dump($
// b.php
<?php
session_start();
var_dump($_SESSION);`
The first one prints: array(1) { [“test”]=> string(17) “Testing sessions.” }
The second prints: array(0) { }
I’ve confirmed that the session settings (in php.ini) are the same on dev and production, and phpinfo() says sessions are enabled. So………..???????? while(true) { $frustration++; $hair–; } lol
Any ideas?
EDIT: After further struggleshooting, I also discovered that session_id is returning a different string for every page (even if i.e. refresh a.php a bunch of times). This makes about as much sense as multiplying 3.14159 * the square root of cheese, but whatever’s got PHP’s bits in a bunch, I’m sure someone somewhere understands it.
Sign in
to post a comment16 Comments(s) β΄
0
@NogDogJan 26.2021 βΒ #>@mfox#1627207 I also discovered that session_id is returning a different string for every page
Well, that's going to be a problem, so need to figure out why. First thing I'd check is the session cookie lifetime, I guess? Maybe add this to your debug scripts after the
session_start()<i>
</i>echo "<pre>".print_r(session_get_cookie_params(), 1)."</pre>";
0
@NogDogJan 26.2021 βΒ #>@mfox#1627211 lifetime=0 is a bit of a red flag,
0 actually means no expiration, so that shouldn't be a problem.
pathdomainyourdomain.comwww.yourdomain.comdomain".yourdomain.com"0
@NogDogJan 27.2021 βΒ #To be embarrassingly honest, I have very little experience with PHP 7 in any non-trivial context. The only sizeable PHP app I work on is still 5.6...and whenever we start looking into what it would take to migrate to a recent 7.x version, we get sad and decide to worry about more urgent issues. :( If you haven't already, maybe a little temporary page to do a
phpinfo()<i>
</i><?php
phpinfo();
0
@NogDogJan 27.2021 βΒ #Might be interesting to try this:<i>
</i>$session_config = ini_get_all('session');
echo "<pre>".print_r($session_config, true)."</pre>";
Theoretically that would show any settings that have been overruled (such as via .htaccess). My eye was drawn to the session save path as well, as that does need to be read/writable by whatever server user is actually running the PHP stuff (typically
nobodyapacheAlso, if you haven't already tried it, the good old "turn on all errors" might reveal something:
<i>
</i><?php
ini_set('display_errors', true); // turn off in production
error_reporting(E_ALL);
session_start();
// etc....
🤞
0
@NogDogJan 27.2021 βΒ #Apparently the "access" relates to where that setting can be set, as per
<i>
</i>[session.save_path] => Array
(
[global_value] =>
[local_value] => /var/lib/php/session
[access] => 7
)
The
global_valuelocal_value.htaccess0
@NogDogJan 28.2021 βΒ #PHP settings can also be in the httpd.confPS: According to a user comment on the PHP manual page for
ini_get_all()<i>
</i>Constant Value Meaning
PHP_INI_USER 1 Entry can be set in user scripts
PHP_INI_PERDIR 2 Entry can be set in php.ini, .htaccess or httpd.conf
PHP_INI_SYSTEM 4 Entry can be set in php.ini or httpd.conf
PHP_INI_ALL 7 Entry can be set anywhere
So I don't think it tells us where it was set, but with a 7 it could have been anywhere that's possible. :
0
@NogDogJan 28.2021 βΒ #