PHP session_id is constantly changing

Source: Internet
Author: User
Tags setcookie
Excuse me, why is the session_id on my page not fixed? I'm going to change it every time I refresh. This should be fixed.
What's the problem?


Reply to discussion (solution)

Browser does not support cookies?

Mostly Session.auto_start = 1

Also does not rule out that your browser does not support cookies

Session.auto_start = 0
My browser supports cookies

That's the only code to talk about.

rss.php

Session_Start ();
$_session["name"] = "LIFFFFFFF4";
echo $_session["name"];
echo "
";
Echo session_id ();
?>
First access the above file and then access the following file two times session_id not the same
index.php
Session_Start ();
echo $_session["name"];
Echo session_id ();

?>

rss.php Plus URL jump past

Do not open a new browser window

Session_Start ();
$_session["name"] = "LIFFFFFFF4";
echo $_session["name"];
echo "
";
Echo session_id ();
echo "2222"
?>
The same effect

After each piece of code, add
Print_r ($_cookie);

After each piece of code, add
Print_r ($_cookie);
I printed all the empty arrays.

Session_Start ();
$_session["name"] = "LIFFFFFFF4";
echo $_session["name"];
echo "
";
Echo session_id ();
echo "2222";
Print_r ($_cookie);
?>


Session_Start ();
echo $_session["name"];
Echo session_id ();
Print_r ($_cookie);
?>

That is, the cookie is not supported, anyway $_cookie[' phpsessid ' should have

Have you changed the session-related settings in php.ini?

I didn't change php.ini now what to do

Now how to solve the problem I also depressed how not phpsession this cookie

My browser is a cookie-free one without doubt

Weak weak ask, session_id to the program is there any special purpose? It's usually a $_session operation.

You use Setcookie to set a cookie variable and try again if you can read it back.

The same code is on someone else's computer. What's going on with me?

echo     ini_get ("session.use_cookies");//How much is this value

You use Setcookie to set a cookie variable and try again if you can read it back.
Yes, I tried that one, no problem.

Note Turn on the error message to see if there are any error messages

Error_reporting (E_all); Ini_set (' display_errors ', true);


Then the session related php.ini configuration information to put out, everyone good to help you analyze.

[Session]
; Handler used to store/retrieve data.
; Http://php.net/session.save-handler
Session.save_handler = Files

; Argument passed to Save_handler. In the case of files, the the path
; Where data files are stored. Note:windows users has the
; Variable in order to use PHP ' s session functions.
;
; The path can be defined as:
;
; Session.save_path = "N;/path"
;
; Where N is an integer. Instead of storing all the session files in
; /path, what's this would do are use subdirectories n-levels deep, and
; Store the session data in those directories. This is useful if you
; Or your OS has problems with lots of the files in one directory, and is
; A more efficient layout for servers that handle lots of sessions.
;
; NOTE 1:php won't create this directory structure automatically.
; You can use the script with the Ext/session dir for that purpose.
; NOTE 2:see the garbage collection below if you choose to
; Use subdirectories for session storage
;
; The file storage module creates files using mode by default.
; You can change the by using
;
; Session.save_path = "N; Mode;/path "
;
; Where mode is the octal representation of the mode. Note that this
; Does not overwrite the process ' s umask.
; Http://php.net/session.save-path
Session.save_path = "D:/wamp/tmp"

; Whether to use cookies.
; Http://php.net/session.use-cookies
Session.use_cookies = 1

; Http://php.net/session.cookie-secure
; session.cookie_secure =

; This option forces PHP-to-fetch and use-a cookie for storing and maintaining
; The session ID. We encourage this operation as it's very helpful in combatting
; Session hijacking when not specifying and managing your own session ID. It is
; The end all is all of the session hijacking defense, but it's a good start.
; Http://php.net/session.use-only-cookies
Session.use_only_cookies = 1

; Name of the session (used as cookie name).
; Http://php.net/session.name
Session.name = Phpsessid

; Initialize session on request startup.
; Http://php.net/session.auto-start
Session.auto_start = 0

; Lifetime in seconds of cookies or, if 0, until browser is restarted.
; Http://php.net/session.cookie-lifetime
Session.cookie_lifetime = 1000

; The path for which the cookie is valid.
; Http://php.net/session.cookie-path
Session.cookie_path =/

; The domain for which the cookie is valid.
; Http://php.net/session.cookie-domain
Session.cookie_domain =80tao.dev

; Whether or not to add the HTTPONLY flag to the cookie, which makes it inaccessible to browser scripting languages such as Javascript.
; Http://php.net/session.cookie-httponly
Session.cookie_httponly =

; Handler used to serialize data. PHP is the standard serializer of PHP.
; Http://php.net/session.serialize-handler
Session.serialize_handler = PHP

; Defines the probability, the ' garbage collection ' process is started
; On every session initialization. The probability is calculated by using
; Gc_probability/gc_divisor. Where Session.gc_probability is the numerator
; And Gc_divisor are the denominator in the equation. Setting this value to 1
; When the Session.gc_divisor value was give you approximately a 1% chance
; The GC would run on any give request.
; Default value:1
; Development Value:1
; Production value:1
; Http://php.net/session.gc-probability
session.gc_probability = 1

; Defines the probability, the ' garbage collection ' process is started on every
; Session initialization. The probability is calculated by using the following equation:
; Gc_probability/gc_divisor. Where Session.gc_probability is the numerator and
; Session.gc_divisor is the denominator in the equation. Setting this value to 1
; When the Session.gc_divisor value was give you approximately a 1% chance
; The GC would run on any give request. Increasing this value to the give you
; A 0.1% chance the GC would run on any give request. For high volume production servers,
; This was a more efficient approach.
; Default value:100
; Development value:1000
; Production value:1000
; Http://php.net/session.gc-divisor
Session.gc_divisor = 1000

; After this number of seconds, stored data would be seen as ' garbage ' and
; Cleaned up by the garbage collection process.
; Http://php.net/session.gc-maxlifetime
Session.gc_maxlifetime = 1440

; Note:if you is using the subdirectory option for storing session files
; (see session.save_path above), then garbage collection does *not*
; happen automatically. You'll need to do your own garbage
; Collection through a shell script, cron entry, or some other method.
; For example, the following script would is the equivalent of
; Setting Session.gc_maxlifetime to 1440 (1440 seconds = minutes):
; Cd/path/to/sessions; Find-cmin +24 | Xargs RM

; PHP 4.2 and less has an undocumented feature/bug that allows
; To initialize a session variable in the global scope, even when register_globals
; is disabled. PHP 4.3 and later would warn you, if this feature is used.
; You can disable the feature and the warning separately. At this time,
; The warning is only displayed, if BUG_COMPAT_42 is enabled. This feature
; Introduces some serious security problems if not handled correctly. It ' s
; Recommended this feature on production servers. But you
; Should enable the development servers and enable the warning as well. If You
; Do not enable the feature in development servers, you won ' t is warned when it ' s
; Used and debugging errors caused by this can is difficult to track down.
; Default Value:on
; Development Value:on
; Production Value:off
; Http://php.net/session.bug-compat-42
Session.bug_compat_42 = On

; This setting controls whether or is warned by PHP when initializing a
; Session value into the global space. Session.bug_compat_42 must be enabled before
; These warnings can be issued by PHP. See the directive above for more information.
; Default Value:on
; Development Value:on
; Production Value:off
; Http://php.net/session.bug-compat-warn
Session.bug_compat_warn = On

; Check HTTP Referer to invalidate externally stored URLs containing IDs.
; Http_referer have to contain this substring for the session
; considered as valid.
; Http://php.net/session.referer-check
Session.referer_check =

; How many bytes to read from the file.
; Http://php.net/session.entropy-length
Session.entropy_length = 0

; Specified here to create the session ID.
; Http://php.net/session.entropy-file
; session.entropy_file =/dev/urandom
Session.entropy_file =

; Http://php.net/session.entropy-length
; session.entropy_length = 16

; Set to {nocache,private,public,} to determine HTTP caching aspects
; Or leave this empty to avoid sending anti-caching headers.
; Http://php.net/session.cache-limiter
Session.cache_limiter = NoCache

; Document expires after n minutes.
; Http://php.net/session.cache-expire
Session.cache_expire = 180

; Trans SID support is disabled by default.
; Use of the trans Sid may risk your users security.
; Use the This option with caution.
; -User may send URL contains active session ID
; To and the person via. Email/irc/etc.
; -URL that contains active session ID may stored
; In publically accessible computer.
; -User may access your site with the same session ID
; Always using URLs stored in browser ' s history or bookmarks.
; Http://php.net/session.use-trans-sid
Session.use_trans_sid = 0

; Select a hash function for use in generating session IDs.
; Possible Values
; 0 (MD5-bits)
; 1 (SHA-1 bits)
; Http://php.net/session.hash-function
session.hash_function = 0

; Define How many bits is stored in each character when converting
; The binary hash data to something readable.
; Possible values:
; 4 (4 bits:0-9, a-f)
; 5 (5 bits:0-9, a-v)
; 6 (6 bits:0-9, A-Z, a-Z, "-", ",")
; Default Value:4
; Development Value:5
; Production Value:5
; Http://php.net/session.hash-bits-per-character
Session.hash_bits_per_character = 5

; The URL rewriter would look for URLs in a defined set of HTML tags.
; Form/fieldset is special; If you include them here, the Rewriter would
; Add a hiddenfield with the info which is otherwise appended
; To URLs. If you want XHTML conformity, remove the form entry.
; Note that all valid entries require a "=", even if no value follows.
; Default Value: "a=href,area=href,frame=src,form=,fieldset="
; Development Value: "A=href,area=href,frame=src,input=src,form=fakeentry"
; Production Value: "A=href,area=href,frame=src,input=src,form=fakeentry"
; Http://php.net/url-rewriter.tags
Url_rewriter.tags = "A=href,area=href,frame=src,input=src,form=fakeentry"

Session.cookie_domain =80tao.dev


This value is removed, you confirm the need?

Does this have an impact on my project's configuration?

What do you mean, get rid of what you mean?

Session.cookie_domain =80tao.dev
Just get rid of this.
But why?

Session.cookie_domain =80tao.dev
Just get rid of this.
But why?

Look, the name is unclear.

That's the set of the cookie in which the session corresponds.
Are you a local test? Is http://localhost going to visit your project like this? Yes, then remove, if it is the official site, you change to


Try it.

Why can't I fill out that field? It's empty by default. Why don't you explain it to me?

That's the set of the cookie in which the session corresponds.
Are you a local test? Is http://localhost going to visit your project like this? Yes, then remove, if it is the official site, you change to
PHP Code
#注意加的那个点, indicating that all subdomains are valid, including www
Session.cookie_domain =. 80tao.dev

Try it.


It's strange, I don't seem to have seen it. Dev's official domain, yes?

Session.cookie_domain =80tao.dev

Indicates that the session is valid only in the 80tao.dev domain

So you need to test your code in this domain as well.

Reference to the 24 floor of the reply:

Session.cookie_domain =80tao.dev
Just get rid of this.
But why?


Look, the name is unclear.
I'm a local rhetorical question.

Why can't I fill out that field? It's empty by default. Why don't you explain it to me?
is the virtual domain name of my local virtual host configuration

Reference to the 26 floor of the reply:

That's the set of the cookie in which the session corresponds.
Are you a local test? Is http://localhost going to visit your project like this? Yes, then remove, if it is the official site, you change to
PHP Code
#注意加的那个点, indicating that all subdomains are valid, including www
Session.cookie_domain =. 80tao.dev

Try it.



This is strange, I don't seem to ...
How to say is really, a little wonderful, I have not seen the domain name of the dev.

It's strange, I don't seem to have seen it. Dev's official domain, yes?
is the virtual domain name of my local virtual host configuration

Well, that means I don't know.

I know this is an old post, but I have also had this problem recently. Also session_id not change, can not do shopping cart. Then I artificially use session_id ("some value"), but unexpectedly the session will not expire, regardless of how to close the browser, the previous session is still there. I hope there is a great God here to answer for me. Thank you.

  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.