PaulDotCom mailing list archives

Re: Fwd: apache not sharing sessions

From: Danilo Nascimento <danilonc () bugnotfound com>
Date: Thu, 13 Jun 2013 16:51:29 -0300

Do both sites use the same php.ini?
The hostname is the same?

Is it a session cookie or a persistent cookie ( I think that a session
cookie depending on browser are not shared between http and https)
You can use the chrome "Developer Tools" (F12 on chrome) -> resources ->
Cookies to check this out.

Take a look at this page:
http://www.php.net/manual/en/session.configuration.php#ini.session.save-handler
Maybe they aren't sharing the same handler.


[]'s Danilo Clemente


On Thu, Jun 13, 2013 at 4:32 PM, Robin Wood <robin () digininja org> wrote:

Hi
It is mod_php running on apache/Linux and you are right, it is php that
handles the sessions not Apache.

Any ideas?

Robin
On Jun 13, 2013 8:03 PM, "Danilo Nascimento" <danilonc () bugnotfound com>
wrote:



Hi Robin.

It sounds like it is a platform dependent issue.
As far as i know the sessions storage are handle by AppServer/Plataform
and not by apache itself (Apache only pass the session cookies to the
plataform)

What language/plataform are they using? (PHP, JavaEE, .Net, asp e etc?)
How does the apache respond to the requests ( A specific Handler,
mod_proxy, a CGI/FastCGI e etc) ?


[]'s Danilo Nascimento


On Thu, Jun 13, 2013 at 5:54 AM, Robin Wood <robin () digininja org> wrote:

I've got a client I'm doing some dev work for and they have a website
that spans HTTP and HTTPS and the site needs to pass a session cookie
between both. Ignore the fact that this isn't the best way to do
things, it is a legacy site and there isn't rewrite budget.

The problem I've got is that occasionally the two sides don't appear
to be sharing the same session file on disk so values put in to the
session on the HTTP side are not appearing on the HTTPS side and vise
versa. It isn't consistent and I've not been able to pin down any
pattern when it does it.

The hosting company is a black box who haven't been able to offer much
help. They say that there is no load balancer in place and that both
the sites are running on the same Apache instance with no special
config beyond the default.

I've put a test script on both sides which displays the current
session id and tries to store and retrieve values, the session ids
match over the two sides so it isn't the browser doing something and
messing those up.

Can anyone suggest anything that could cause this? If the two sides
were consistently unable to share things then I'd put it down to both
using different session files on disk. If it were that a session
created on HTTPS couldn't be seen by HTTP then it could be the secure
flag, but that isn't set.

Robin
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

apache not sharing sessions Robin Wood (Jun 13)
- Message not available
  - Message not available
    - Message not available
    - Re: Fwd: apache not sharing sessions Danilo Nascimento (Jun 14)
    - Re: Fwd: apache not sharing sessions Robin Wood (Jun 14)
    - Re: Fwd: apache not sharing sessions Danilo Nascimento (Jun 14)
    - Re: Fwd: apache not sharing sessions Robin Wood (Jun 14)
- apache not sharing sessions Jim Halfpenny (Jun 14)
  - Re: apache not sharing sessions Robin Wood (Jun 14)