PaulDotCom mailing list archives
Re: Fwd: apache not sharing sessions
From: Robin Wood <robin () digininja org>
Date: Thu, 13 Jun 2013 21:06:17 +0100
I'll check that. Robin On Jun 13, 2013 9:04 PM, "Danilo Nascimento" <danilonc () bugnotfound com> wrote:
Peharps session.referer_check is enable?* * http://www.php.net/manual/en/session.configuration.php#ini.session.referer-check []'s Danilo Clemente On Thu, Jun 13, 2013 at 5:00 PM, Robin Wood <robin () digininja org> wrote:On Jun 13, 2013 8:51 PM, "Danilo Nascimento" <danilonc () bugnotfound com> wrote:Do both sites use the same php.ini?Not sure, I'll checkThe hostname is the same?YesIs it a session cookie or a persistent cookie ( I think that a sessioncookie depending on browser are not shared between http and https) Session cookie. If it weren't shared then it would never work but it does some of the time.You can use the chrome "Developer Tools" (F12 on chrome) -> resources-> Cookies to check this out.Take a look at this page:http://www.php.net/manual/en/session.configuration.php#ini.session.save-handlerMaybe they aren't sharing the same handler.But why would this be occasional and not permanent? Robin[]'s Danilo NascimentoOn Thu, Jun 13, 2013 at 4:32 PM, Robin Wood <robin () digininja org>wrote:Hi It is mod_php running on apache/Linux and you are right, it is phpthat handles the sessions not Apache.Any ideas? Robin On Jun 13, 2013 8:03 PM, "Danilo Nascimento" <danilonc () bugnotfound com>wrote:Hi Robin. It sounds like it is a platform dependent issue. As far as i know the sessions storage are handle byAppServer/Plataform and not by apache itself (Apache only pass the session cookies to the plataform)What language/plataform are they using? (PHP, JavaEE, .Net, asp eetc?)How does the apache respond to the requests ( A specific Handler,mod_proxy, a CGI/FastCGI e etc) ?[]'s Danilo Nascimento On Thu, Jun 13, 2013 at 5:54 AM, Robin Wood <robin () digininja org>wrote:I've got a client I'm doing some dev work for and they have a website that spans HTTP and HTTPS and the site needs to pass a session cookie between both. Ignore the fact that this isn't the best way to do things, it is a legacy site and there isn't rewrite budget. The problem I've got is that occasionally the two sides don't appear to be sharing the same session file on disk so values put in to the session on the HTTP side are not appearing on the HTTPS side and vise versa. It isn't consistent and I've not been able to pin down any pattern when it does it. The hosting company is a black box who haven't been able to offermuchhelp. They say that there is no load balancer in place and that both the sites are running on the same Apache instance with no special config beyond the default. I've put a test script on both sides which displays the current session id and tries to store and retrieve values, the session ids match over the two sides so it isn't the browser doing something and messing those up. Can anyone suggest anything that could cause this? If the two sides were consistently unable to share things then I'd put it down to both using different session files on disk. If it were that a session created on HTTPS couldn't be seen by HTTP then it could be the secure flag, but that isn't set. Robin _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- apache not sharing sessions Robin Wood (Jun 13)
- Message not available
- Message not available
- Message not available
- Re: Fwd: apache not sharing sessions Danilo Nascimento (Jun 14)
- Re: Fwd: apache not sharing sessions Robin Wood (Jun 14)
- Re: Fwd: apache not sharing sessions Danilo Nascimento (Jun 14)
- Re: Fwd: apache not sharing sessions Robin Wood (Jun 14)
- Message not available
- Message not available
- Re: apache not sharing sessions Robin Wood (Jun 14)