Hi, in the web hosting server wherein I have my site, the server does not store session variables. I designed the site from my localhost and uploaded it to the remote web server, but I noticed that when I logged in, the server does not even create sessions and does not store the session variables. Please what should I do as regards this? I have run through php.ini file and made some settings there. Yet, it does not still store session. Please help.
Thank you.
If you are not using database to write sessions, you need to ensure that server is writing them (session files) to the writable folder. It is usually just “/tmp” but sometimes this folder doesn’t exist or is not writable.
Create php.ini file in your website root and put following in it:
sessions.save_path = "/tmp"
If this doesn’t work you should create a folder and name it e.g. “tmp”, then replace path in your php.ini with the FULL path of this new folder.
Make sure noone can access files in this folder by either placing it above the wwwroot (public_html, htdocs) folder or by denying access to the folder with .htaccess file.
Note: Your php.ini should contain FULL path to the writable folder.
Note2: On Windows, paths start with drive letter, e.g. C:\blabla\, while on linux and other *nix-like systems they are all starting from root (/home/user/public_html/)
Note3: To make folder writable in Linux you will need to change it’s chmod. In most cases chmod 777 will do the work, but that’s very loose setting and on shared hostin it may represent a problem as all users can write to folders with chmod 777.
I quite like your explanation. But, considering my domain name http://www.myname.com/dce/, the domain is under the /www/ directory, i.e, /www/myname.com; what will be the full path of the tmp folder in which I should store the session variables? Also, should the /tmp/ folder be on the same level as /www/? please kindly furnish me with this information.
Thank you!
First create phpinfo file and open it in your web browser, it will give you various information about your web server. Search for “DOCUMENT_ROOT” there and it’ll give you full path to your web site folder, e.g. /home/myname/www/myname.com
You should then create folder “tmp” above your webroot folder (above myname.com folder), and add it’s path to your php.ini file. It will look like /home/myname/www/tmp
If you don’t have permissions to create folders here, create folder tmp in your webroot folder so it’s path would be /home/myname/www/myname.com/tmp
Then just add file .htaccess in that folder and add following in it:
Deny From All
This will prevent anyone from accessing this folder (via web browser)
Did you look at the response headers the server sent to verify that it actually isn’t sending a cookie? It might be sending a cookie for a malformed domain, or for a directory, or something else that is mis-configured. Use an inspector or Live HTTP Headers for firefox to see the headers being responded with.
@Avram; PHP gives big fat warnings when you want to start a session and have the tmp directory for sessions set to a non-writable directory, so that’s probably not the issue here. Unless all those errors are suppressed of course. Also, the default /tmp directory should be fine since all users on a *nix system are able to write there.
@Easytime: session.save_path can also be found in phpinfo file I told you to make, so you can see to what path it’s set right now.
@ScallioXTX: I’m far from server guru like yourself, I was just explaining what I did in several occasions when server didn’t accept session data, and it worked almost every time. Usually it was just like that - sessions folder wasn’t writable (or didn’t exist) and PHP error reporting was turned off.
I know the /tmp is writable for everyone, but we still don’t know if it’s *nix server in this case or not. Btw. I’m just looking at phpinfo output on one of my clients’ website and session.save_path is set to no value. What does this mean? Will it use default (/tmp) or it won’t save session files at all?
Thanks for your post. I have created a phpinfo.php file in the server. It shows me the server info. But from the following:
doc_root; docref_ext; docref_root; there are no value for these variables. I did not see the DOCUMENT_ROOT as you specified it. I only saw the short name of it.
Example:
doc_root = no value
docref_ext = no value
docref_root = no value
What could this mean? So, now that it shows no value for each, what do I do?
Thank you!
I quite understand you. Ok, the server is a Linux server… however, I will give you a link to the phpinfo I have created on the server. It is, http://troikaengineering.com/dce/phpinfo.php
Hi Avram, this is a site I developed on my local computer using wampserver as a web server and php as the application server. However, the site runs fine on my local computer. But when I uploaded it to the remote server, I noticed that, the pages am not supposed to access except I login, would not display even when I login.
Example:
On the main.php,
<?php session_start();
if(! isset ($_SESSION['admin'])) {
header("Location: errorpage.php"); }
else {
echo "Welcome ". $_SESSION['admin'] ."<BR />";
?>
When I login from the login page, the conditional statement on the main.php page is evaluated to true (NOT SET) and it redirects the page to errorpage.php.
That means that, the session variables are not saved.
From the login_confirm.php page using post or get,
<?php session_start();
$uname=$_REQUEST['username']; $pword=$_REQUEST['password'];
//connect to mysql
//do mysql_query statements here...
//if records found,
//create session variables...
$_SESSION['admin']=$uname;
//close connection
//redirect to main.php page here
?>
These are the codes for everything…it works on localhost, but on remote, nothing…Pls help.
Yup, according to the manual, /tmp is the default. It probably asks the OS for it’s default temp path when no value is set.
Hi Avram, why are you having /home/myname/www/myname.com ? I.e, why are you using ‘myname’ in two places? Don’t forget, I told you that the my web url is: http://www.troika.com/dce.
/dce is where I put the entire design.
So, with this url, the ‘troika.com’ is under the /www/ director.
So, if am to create a folder ‘tmp’ under the /dce/ director, the entire url will be: ‘http://troika.com/dce/tmp’…
Now, if am going to tell php.ini that all session files should be store in the /tmp folder, what will the following line be?
session.cookie_path = /
session.cookie_domain =.home/www/troikaengineering.com/dce
session.save_path = “N;MODE;/path”
session.save_path = “/tmp”
session.save_path = “x;/tmp”
what is the difference between
session.save_path = “x;/tmp” and session.save_path = “/tmp” and session.save_path = “N;MODE;/path” ?
Okay!!! WOW!!! Thank God for you guys… I have corrected the problem.
I decided to change the session path to session.save_path = “/home/www/domainName.com/folder1/tmp” and it’s working now.
Am good to go continue now.
Thanks for everyone that contributed ideas to this post. I am grateful.
Thanks for clarification @ScallioXTX
@Easytime: There is _SERVER[“DOCUMENT_ROOT”] and it points to /home/www/troikaengineering.com
You could try to create /home/www/tmp and add it to your php.ini - it should also change in phpinfo output (in left, “local value” column; after refresh of course)
edit: I was writing this message for 30 minutes xD so I didn’t see your post(s). I was just making an example with that path, as on all my servers the path structure is always /home/USERNAME/public_html/ - so I was guided by that 
edit2: Since your session save path is now inside your wwwroot folder, please protect access to that folder with .htaccess file, as explained above. Also, you should remove phpinfo.php file now!
Hey, what I thought is working isn’t actually working…I forgot that I disabled the conditional statement to check whether a session is set or not… When I disabled the if…else… statement, the page showed, but when I finally found out that there is an error and I corrected it, it did not work again…
However, there is something I have discovered in the course of opening the page with checking for set session variables…
I noticed that the session variables have been registered in the folders that I chose for storage. And a session ID has been created also. But, I do not know why the page holding the conditional expression to check whether session variables are set or not, is not opening - returning a false value (session not set).
Please help me out!
I have protected the folders that I feel are vulnerable with htaccess file and I also have removed the phpinfo.php file. It is not there again.
The protection is not working…
I created a file ‘php.htaccess’, inside the file, I type ‘Deny From All’ and saved it to the location. But I tried to open the location from the address bar, it seems as if the htaccess file is not working…
Please what am I doing wrong here?
It’s not php.htaccess, just .htaccess (dot at the beginning!)
Can you add this code in your main.php (below session_start()):
var_dump($_SESSION);
Then post here output of this function.
Here is the output of the code you posted;;;
OUTPUT:
array(0) { }
Did you happen to have a look at the headers like I asked in post #5 of this thread? We need to assess if the problem is
a) the session is started and the cookie is sent but the browser doesn’t understand it, OR
b) the session is started but doesn’t send a cookie, OR
c) the session doesn’t even start
Option c is hard to assess, but the difference between a and b is easy to assess by checking the response headers of any page that calls session_start()
I have been able to figure out the problem. Thanks to you guys for your wonderful ideas…
But my wampserver does not work again. Anytime I run a php file, it returns an error like:
“Forbidden
You don’t have permission to access /dce/Admin/connString.php on this server.”
I am now forced to work directly on the remote host.
I have been able to correct the problem.
I had to change the location wherein I stored the session files back to its original path “/tmp” so that garbage collector can do its work automatically.
Please what could cause this probelm?
Thanks all the same.
God bless you all!