7

I am unable to use session variables on a page other than the one where they are set, IOW they act like non-session variables. I have found a similar question posted in half a dozen other similar fora, but the answer in those other cases always turns out not to apply.

Here are my files:

sess1.php

<?php
session_start();

session_register("userid");
session_register("textvar");

$_SESSION['userid'] = 10333 ;
$_SESSION['textvar'] = TextVariable ;

echo "<p>User ID is: " . $_SESSION['userid'] . "</p>" ;
echo "<p>Another variable is: " . $_SESSION['textvar'] . "</p>" ;
?>
<p>Go to the <a href="sess2.php">next page</a>.</p>

and, sess2.php

<?php
session_start();

echo "<p>The userid session variable is: " . $_SESSION['userid'] . "</p>";
echo "<p>The other session variable is: " . $_SESSION['newvar']. "</p> ";
?>

The browser output in each case is:

sess1.php

User ID is: 10333

Another variable is: TextVariable

Go to the [next page].

and, sess2.php

The userid session variable is:

The other session variable is:

Go to the [last page].

A few things it is NOT:

  • I do have session_start() at the top of both files.
  • The variables directory is writable, and the session variables are showing up there. (I have about a hundred little files called sess_b62, that have this inside: 'userid|i:10333;textvar|s:12:"TextVariable";'.)
  • phpinfo() tells me that the php.ini file is being read correctly and the lifetime is set to the default, 0, i.e. until the browser is closed.

I'm at my wit's end. Any suggestions?

Thanks so much.

Improve this question
3
  • Have you checked if the same session ID is used? Commented Mar 19, 2009 at 18:31
  • Is one of the pages over SSL? Commented Mar 19, 2009 at 18:33
  • What version of PHP are you running? (from phpinfo() as well) Commented Mar 19, 2009 at 18:54

11 Answers 11

Reset to default
7

session_register() is not required and may be causing a problem here. Read the docs on session_register() - it is intended to assign session variables using existing variables.

and from here:

Well, session_register() tells PHP that a certain global variable should be considered a session variable. That means that at the end of the script's execution (which is when session data writes usually occur), the resulting value of that global variable will be written using the current enabled session handlers.

I think this is the problem that you are experiencing. At the end of the script execution the session variable gets over-written.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Yeah, session_register() has been deprecated for quite a while, it definitely shouldn't be used any more. I don't know whether it's causing this specific issue, but it shouldn't be in that code regardless.
Interesting. I'm working from an introductory PHP/SQL book that's copyright '07, and the code is pretty much a direct quote. Unfortunately, remvoing the session_register() lines doesn't seem to solve the problem. Thanks very much for the information.
4

I was facing the same problem. The reason was, in php.ini I've set the value of session.cookie_secure parameter to 1. But I was using the http protocol instead of the https protocol; using the https protocol resolved the issue.

Setting session.cookie_secure = 1 indicates cookies should only be sent over secure connections. Therefore, I was getting new session_ids on every new page while using http.

Improve this answer

Comments

2

The session ID has to be carried along in some way in order that the same session can be used over several pages. In general this is done with a cookie (see session.use_cookies) but it can also be done in the URL or in forms (see session.use_trans_sid).

So first you have to make sure that the session ID is transmitted so that PHP can load the right session and session data.

See also Is my understanding of PHP sessions correct?

Improve this answer

4 Comments

Thanks for the help. phpinfo() would seem to confirm that I'm using cookies and the ID is being transmitted. session.use_cookies is "On" and session.use_trans_sid is 0. Set-Cookie records the cookie that was created by the first page, and that page is named as the referer.
And the session ID is the same on both pages? That a Set-Cookie header field was sent doesn’t mean that the cookie has been accepted and sent along with the second request. Try to compare the session_id() return values in both pages.
Crud. The session IDs are different. Now what...?
Then I assume that you browser doesn’t accept that cookie. Have you already tried an other browser?
2

One mistake that I see is that in the first file you are setting $_SESSION['textvar'] and in the second file you are calling $_SESSION['newvar'].

Also, I tested your code on a server I know is working and it worked fine other than the above error.

I also tried removing the session_register() and the code still works perfectly.

Improve this answer

2 Comments

Good eye - "newvar" was a typo, left over from when I copied the code into new simpler files. But the session_register() solution doesn't work on my system. Thanks very much for the suggestion.
Have you tried clearing your cookies (or deleting this sites cookie) and accessing this page as the first page you access again? Also, are you sure there is no other text above or the <?php ?
1

"session_register() accepts a variable number of arguments, any of which can be either a string holding the name of a variable or an array consisting of variable names or other arrays. For each name, session_register() registers the global variable with that name in the current session."

because you have no variables with those names, the result will unpredictable.

just use $_SESSION[$key] = $value;

Improve this answer

Comments

1

If all the above does not solve the problem, I´ll just ask the obvious: There wouldn´t be any spaces or new-lines before the opening php tag?

You can also check for messages in the server error log file, that should tell you whether your variables are defined (although I guess that depends on the level of error reporting as well).

Improve this answer

Comments

0

Use some kind of tool and check the http headers so you can see how the cookie is being sent. Perhaps your web-server is miss-configured and sending out cookies with an invalid different domain.

You might want to look at doing session_set_cookie_params() on each request and making sure the correct domain, path, and such are set.

Improve this answer

Comments

0

Another obvious thing to check:

Make sure your disk space isn't full; which would prevent session data from being saved.

Improve this answer

Comments

0

Know this is an older post but I have had a similar problem (not using session_register()).

Had to convert sessions to cookies because the session was timing out too often and, due to the server set up ('special' windows server hosting environment (with Apache)), the PHP session time out value could not be changed.

End result was/is that now after converting to Cookies with extended life, the cookie data is still being lost (in transmission)? sometimes.

Very frustrating.

I have NOT EVER had this happen in a LAMP environment so maybe the question to ask is whether or not you are using a LAMP server.

Hope this helps. I don't think this is a PHP problem.

Improve this answer

Comments

0

Check server logs of your PHP server, for example, nginx or apache.

You can find information why sessions don't work in nginx error.log. Path to that file usually is: /var/log/nginx/error.log.

In my case it was saying that session data can't be saved. It turned out that in the same directory old error.log.1 file had size of 17 GB and took all available disk space.

Simply freeing disk space restored normal behavior of sessions.

Improve this answer

Comments

-1

Use session_register in both files and it should work.

Improve this answer

3 Comments

Thanks for the suggestion. I tried it both ways, with the session_register() lines in both files, and without. No change to the behaviour appeared.
session_register is deprecated: don't use it if you can avoid it
@Jason: care to share some URL where it says that it is deprecated? What should be used instead?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.