_SESSION problem

roti · Post by **roti** » Thu Feb 14, 2008 1:13 am

Hi!

I have a problem, tried to debug it, but no solution.
config: "Powered by Serendipity 1.2.1 and PHP 4.4.7" apache 1.3

When I log in, and try to preview a new entry, I got the login page in the iframe.

After the login, I got the $_SESSION['author_token'] right. But when I click Preview, in the iframe, it will be empty.

after login:

after the preview button:

This because a server setting I guess, but I cant figure it out.

I tried to play with phpvalue settings, but none of the combinations helped. Currently I use this in .htaccess:

DirectoryIndex /~roti/serendipity/index.php
php_value session.use_trans_sid 0
php_value register_globals off
php_value session.use_cookies 1

Looking forward a solution.

Thanx

Roti

Post by **garvinhicking** » Thu Feb 14, 2008 12:31 pm

Hi!

You always get a new author token, because when it is not set, s9y will create one for you.

Your problem happens because your server's PHP sessions are not properly utilized. Either becaues your session.save_path is wrong, or your browser rejects the cookie?

Regards,
Garvin

roti · Post by **roti** » Thu Feb 14, 2008 9:01 pm

- browser accepts cookie
on my laptop I have apache2-php5-serendipity, and with the same browser, that serendipity works well

- on the server session save path not set, I can see the sessions in /tmp (I am admin)

any other thought?

roti · Post by **roti** » Thu Feb 14, 2008 10:15 pm

Finally I solved it:

I had to add this:

ini_set("url_rewriter.tags", "a=href,area=href,frame=src,iframe=src,input=src,form=fakeentry");

to
serendipity_config_local.inc.php

maybe it should be a default at install

roti · Post by **roti** » Thu Feb 14, 2008 10:34 pm

I was happy too early ...

with this settings, the preview is good, but I can't install new plugins.

When I click on "Install" next to a plugin,
this page flashs in:

Trying to open URL package_event_hu.xml...
Fetched 257066 bytes from already existing file on your server. Saving file as /www/chroot/home/roti/public_html/serendipity/templates_c/package_event_hu.xml...

Trying to open URL serendipity_event_mymood.php?rev=1.9999...
Fetched 30289 bytes from the URL above. Saving file as /www/chroot/home/roti/public_html/serendipity//plugins/serendipity_event_mymood/serendipity_event_mymood.php...
Data successfully fetched.
Trying to open URL lang_cs.inc.php?rev=1.9999...
Fetched 11430 b ...

and after that, I get the login screen. Actually I not logged out, because I can go back with the back button, and operate further ...
Ant the plugin not installed.

I try to investigate further, but any help would be good

Post by **garvinhicking** » Fri Feb 15, 2008 10:50 am

Hi!

Your ini_set method actually only bypassed the problem so that serendipity puts the session ID into the URL. Serendipity does not like that, it wants the session id in your cookie.

So your PHP is still not utilizing Cookie Sessions. Make sure session.save_path points to a proper directory.

Regards,
Garvin

roti · Post by **roti** » Fri Feb 15, 2008 2:58 pm

I use this:

ini_set("session.save_path","/www/chroot/home/roti/session");

and I can see the sessions:

[root@elod session]# ls -la /www/chroot/home/roti/session
total 16
drwxrwxr-x 2 roti www 4096 Feb 15 14:31 .
drwxr-x--x 13 roti roti 4096 Feb 15 14:30 ..
-rw------- 1 www www 37 Feb 15 14:31 sess_7c8fda3f88c0e3080dabd9f8bb15a004
-rw------- 1 www www 37 Feb 15 14:31 sess_d4c248793bae9a685f5f1f8c13d4e908
[root@elod session]#

[root@elod session]# cat *
SERVER_GENERATED_SID|b:1;no_smarty|N;SERVER_GENERATED_SID|b:1;no_smarty|N;[root@elod session]#
[root@elod session]#

In the other hand, there is a session in /tmp too:

/tmp/sess_8a49f44663d491017eeee7c370582261

SERVER_GENERATED_SID|b:1;serendipityLanguage|s:2:"hu";author_token|s:40:"92df7729e6f5103860933de6b68b26cb928d0202";serendipityUser|s:4:"roti";s
erendipityRealname|s:14:"Hrotkó Gábor";serendipityPassword|s:32:"7dfe1860c98ee42e7907271c0e408acf";serendipityEmail|s:15:"roti@myserver";sere
ndipityAuthorid|s:1:"1";serendipityUserlevel|s:3:"255";serendipityAuthedUser|b:1;serendipityRightPublish|s:1:"1";no_smarty|N;

what should I set to make it work?

Post by **garvinhicking** » Fri Feb 15, 2008 3:01 pm

Hi!

I think you should set the session.save_path in your vhost config, not inside a PHP script. That might be too late.

Also check the HTTP headers you receive in your browser to see if the Session-ID fluctuates. Use a tool like LiveHTTPHeader or Firebug.

Regards,
Garvin

roti · Post by **roti** » Fri Feb 15, 2008 4:10 pm

I set this:
php_value session.save_path "/www/chroot/tmp"
in the server's conf

I can see all the sessions in that directory.

I inspected the headers, but I don't see any error:

http://al.pmmf.hu/~roti/headers.txt

The session and cookie numbers are the same.
This is the method inspecting the headers:
Login/new entry/preview

Post by **garvinhicking** » Fri Feb 15, 2008 5:44 pm

Hi!

In your headers.txt you can see that your browser does not submit the "PHPSESSID" cookie string! It always only submits other variables, but never PHPSESSID.

The last call should look like this:

Code: Select all

GET /~roti/serendipity/serendipity_admin.php?serendipity[is_iframe]=true&serendipity[iframe_mode]=preview HTTP/1.1
Referer: http://myserver/~roti/serendipity/serendipity_admin.php?
Cookie: PHPSESSID=9ff9e955ce1aa1780aa5eaef25785d65
Cookie: serendipity[old_session]=9ff9e955ce1aa1780aa5eaef25785d65; serendipity[userDefLang]=hu; serendipity[author_token]=4529f9b411aca97c3e332d946b5214adfada04b4

You can also see from your output that PHP *NEVER* sets a Set-Cookie: PHPSESSID variable.

This can only happen if your PHP does not utilize Cookie sessions. Check all your php.ini cookie.* settings, there must be something wrong with the PHP setup.

Regards,
Garvin

roti · Post by **roti** » Mon Feb 18, 2008 9:49 pm

Finally, I got the final solution.

I got this in apache config:

<IfModule mod_userdir.c>
UserDir /www/chroot/home/*/public_html
UserDir disabled root

<Directory /www/chroot/home/*/public_html>
AllowOverride FileInfo AuthConfig Limit Options
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
</Directory>
php_admin_value open_basedir "/www/chroot/home/:/usr/local/lib/php/:/tmp/"
php_value session.save_path "/www/chroot/tmp"
</IfModule>

and in my public_html/.htaccess:

php_value session.use_trans_sid 0
php_value register_globals off
php_value session.use_cookies 1
php_value session.use_only_cookies 1

Now everything works so fine!

Yes, it was a server misconfig, so I thank you very much for your patient.
Now I will have time on hungarian translation.

_SESSION problem

_SESSION problem

Re: _SESSION problem

Solved