5

I am having an issue with session_start(). It is creating a new session every refresh/load of the page.

here is the code:

<?php
    $bob = session_id();
    echo "Session ID on load is ".$bob;
    echo "<br>";
    if($bob==""){
        session_start();
        $bob = session_id();
        echo ' session ID currently is '.$bob;
    }
// a bunch more stuff

when i load the page, I get the following:

Session ID on load is session ID is currently ed320bc5e24c871c9db8ea30e6796c14 (or a variant)

if I refresh the page i get:

Session ID on load is session ID is currently fbd69d01d511a7be382799dca7279a86 (or a variant)

the session Id is always blank before session_start() is called and it is always a new session_id()

It does this in all browsers and I have checked to make sure cookies are turned on.

the session save path is given as /tmp. I am not sure exactly where that is, but looking through my root and all other directories, I can't find a session file (assuming it would look something like sess_fbd69d01d511a7be382799dca7279a86).

So I am thinking there is something going on with the save path, but am too new at this to know for sure, and the server admins are being fairly unhelpful. What should my next steps at diagnosing the issue be? The server is running 5.3.22.

phpinfo is here

Thanks for any help.

ps you can visit pcm.pcmxa.com to see the issue for yourself if you wish.

juco
  • 6,331
  • 3
  • 25
  • 42
Patrick Manning
  • 61
  • 1
  • 1
  • 2
  • You can see this if /tmp does not exist, and if php does not have write access to /tmp. You might need to create the folder yourself, or ask your host to do so. – Gavin Apr 09 '13 at 20:30
  • `ini_set('display_errors', 'on'); error_reporting(-1);` and you should see some warnings that may help. – dev-null-dweller Apr 09 '13 at 20:31
  • @dev-null-dweller the code is correct. – bwoebi Apr 09 '13 at 20:32
  • @bwoebi this is for errors with session_start, like unwritable / inexistent session save path. – dev-null-dweller Apr 09 '13 at 20:33
  • -dev-null-dweller. I do get error outputs: – Patrick Manning Apr 09 '13 at 21:03
  • They are: Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /home/pcmxacom/public_html/pcm/index.php:85) in /home/pcmxacom/public_html/pcm/index.php on line 91 Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/pcmxacom/public_html/pcm/index.php:85) in /home/pcmxacom/public_html/pcm/index.php on line 91 – Patrick Manning Apr 09 '13 at 21:03
  • line 91 is the session_start() from the above code. – Patrick Manning Apr 09 '13 at 21:04
  • @PatrickManning in this case: http://stackoverflow.com/questions/8028957/headers-already-sent-by-php – dev-null-dweller Apr 09 '13 at 21:22
  • @dev-null-dweller, thanks so much for the link and the pointers. That fixed it (I made my index page a php that starts the session and then used an include to call the rest of the content. Again, thanks! – Patrick Manning Apr 09 '13 at 23:40
  • 2
    I disagree that stackoverflow.com/questions/8028957/headers-already-sent-by-php – dev-null-dweller is the same question. It is clearly not the same question. In fact, it just happens that it is the answer, but a new session can be created at every refresh for other reasons: the session_save_path is not writable, session.cookie_secure is On and you do not use https, etc. The session.cookie_secure is On case is particularly tricky since you don't get any notice or warning. –  Nov 03 '15 at 05:47

1 Answers1

5

If your session directory (most like /tmp as you said) is not writable, then it won't be able to save and will have to regenerate a new one each time. Here is how you can verify it:

if (!is_writable(session_save_path()))
{
 echo 'Session save path "'.session_save_path().'" is not writable!'; 
}

If that is the case, you will need to have the server admins give what ever user your webserver runs as permission to write to the /tmp directory.

John
  • 1
  • 13
  • 98
  • 177
Jeremy Harris
  • 24,318
  • 13
  • 79
  • 133
  • Thank you. I added that code but got no echo, indicating that the directory is writeable. I do get error warnings when using set_ini. Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /home/pcmxacom/public_html/pcm/index.php:85) in /home/pcmxacom/public_html/pcm/index.php on line 91 Line 91 is the session_start() from the code above. The warning occurs immediately after the line echo "Session ID on load is ".$bob; – Patrick Manning Apr 09 '13 at 21:07