PHP Sessions not working correctly? Tips and Tricks

There are session issues often bringing developers to forum or blog looking for answers. My following article will help you if you get either of two warnings with your PHP website:
session save path unwritable
or
session save path Not set

Also, there can be a case when you do not see any of the above warnings, but in de-bugging process you may realize that php function <?php session_start();  ?> is not working and that is a reason for unexpected error which will stop further execution of php script.

PHP Code: sesstest.php
{code type=PHP}<?php session_start();
$_SESSION['test']=”TEST SESSION TEXT”;
header(‘location:sessreceive.php’);
?>
{/code}

Following is the code of sessreceive.php
{code type=PHP}<?php session_start();
echo $_SESSION['test'];
?>
{/code}

In case, if there is issue with session configuration then output of above code (sessreceive.php) will be blank.

For most of the times the reason is session.save_path.
session.save_path is a PHP directive which needs to be set in PHP configuration settings (the php.ini file). It is unusual to encounter problems with this in a shared hosting as this is standard PHP setting that most host enable. However, sometimes hosts miss to set it correctly.

To test if session.save_path is set on server, create a file with any text editor and name it  phpinfo.php (or anything you like but with .php extension)

In this file, put following PHP code:
{code type=PHP}<?php phpinfo();
?>{/code}
Upload this file to your site and then run this in web browsers, eg. http://yourwebsite.com/phpinfo.php

Look for the entry that says:  session.save_path

In value of directive session.save_path is no value, that means session.save_path is not configured. And sessions will not work.

Solution:
Value of session.save_path has to be folder (directory) path on the server where session information is stored.

This path has to be based on “Full Server path”.

You can determine the “Full Server path” using following PHP code:
{code type=PHP}<?php echo $_SERVER["SCRIPT_FILENAME"];
?>{/code}

Generally output of above code should be in format -
/server_path/username/public_html/

If you have set up your own server, you will need to edit your php.ini file to set folder path for session.save_path. Value for session.save_path would be /server_path/username/tmp (depending on your “Full Server Path”)

You may want to set this path run-time dynamically in code itself. For this, you can use following PHP code:
{code type=PHP}<?php
session_save_path(“/path/to/tmp/folder”);
?>{/code}

You can also try .htaccess workaround:
This will work if PHP is run under Apache web server and your host has allowed .htaccess overrides
Open .htaccess file and enter following rule:
{code type=PHP}
php_value session.save_path ‘/path/to/tmp/folder’
{/code}

Above .htaccess workaround will not work if you are running PHP under CGI or site is hosted on windows server or IIS

Note that if you do not have a sessions folder on server, create one.

As sessions folder save all session related information, it should not be placed within any public area of your web space. For your website’s security, it should be outside the public_html or www or htdocs folder, in the root of your server, not in web root.

Out team at Outsourcing Partners has inhouse built server configuration testing strategy inline with PHP version used for development. With this, team test all the required configurations in advance before deploying project on live server and execute deployment of projects in organized manner. Check out our client testimonials at http://www.outsourcing-partners.com/testimonial.html

This entry was posted in Web Application Development and tagged . Bookmark the permalink.

Comments are closed.