10 Replies Latest reply on Feb 5, 2008 1:49 PM by (Brandon_Gohsman)

    Login - Restrict Access Session Problem

      Greetings,

      I've been using these tools since they were MX Kollection and this is a new problem for me. In fact, I've been using the Developer Toolbox to do this exact thing without problems on other sites. So I'm guessing it has to do with this particular server environment. Just not sure exactly what or how to work through it.

      Problem:
      Although the login form functions correctly, as soon as I add a Restrict Access behavior to the subsequent page, access is denied. I've literally looked through every post within the PHP portion of this forum and tried a handful of things that other people have done, but to no avail. The fact that the user has successfully logged in doesn't appear to make it through.

      Background Info:
      At this point, there is literally a file called login.php with nothing but a login form (generated through the wizard). On success, it redirects to index.php. As stated above, that all works great until I add the Restrict Access behavior to index.php.

      Attempting to echo the KT_user_name from the $_SESSION variable comes up empty, which tells me that the login.php page is unable to store the session info.

      This is a LAMP (Linux/Apache/MySQL/PHP) server. I don't have administrative control over the hosting environment, but can retrieve the values for the current settings. Looking at the documentation, the settings appear to match the default values for PHP. I didn't see anything that made me think it would be problematic.

      If anyone has run into this and has any ideas, suggestions, wild guesses, etc., I'd love to hear them.

      Here are the session settings from the php.ini file:

      [Session]
      ; Handler used to store/retrieve data.
      session.save_handler = files

      ; Argument passed to save_handler. In the case of files, this is the path
      ; where data files are stored. Note: Windows users have to change this
      ; variable in order to use PHP's session functions.
      session.save_path = /var/lib/php/session

      ; Whether to use cookies.
      session.use_cookies = 1

      ; This option enables administrators to make their users invulnerable to
      ; attacks which involve passing session ids in URLs; defaults to 0.
      ; session.use_only_cookies = 1

      ; Name of the session (used as cookie name).
      session.name = PHPSESSID

      ; Initialize session on request startup.
      session.auto_start = 0

      ; Lifetime in seconds of cookie or, if 0, until browser is restarted.
      session.cookie_lifetime = 0

      ; The path for which the cookie is valid.
      session.cookie_path = /

      ; The domain for which the cookie is valid.
      session.cookie_domain =
        • 1. Re: Login - Restrict Access Session Problem
          Günter Schenk Level 4
          Hi Brandon,

          will adding...



          ... on line 1 help ?

          Cheers,
          Günter Schenk
          Adobe Community Expert, Dreamweaver
          • 2. Re: Login - Restrict Access Session Problem
            Level 1
            Brandon,

            Günter's advice should fix the problem.

            You may want to run a php page with

            <?php

            phpinfo();

            ?>

            on this new site and one of your old ones that works and compare the session section of the page that is displayed in your browser.

            When I run the above php code on one of my Linux/Apache/MySQL/PHP sites, it shows the following under the session section:

            (I am running PHP Version 4.3.9 on this server BTW)

            Session Support enabled
            Registered save handlers files user

            |Directive| |Local Value| |Master Value| --- these are column headers
            session.auto_start Off Off
            session.bug_compat_42 Off Off
            session.bug_compat_warn On On
            session.cache_expire 180 180
            session.cache_limiter nocache nocache
            session.cookie_domain no value no value
            session.cookie_lifetime 0 0
            session.cookie_path / /
            session.cookie_secure Off Off
            session.entropy_file no value no value
            session.entropy_length 0 0
            session.gc_divisor 1000 1000
            session.gc_maxlifetime 1440 1440
            session.gc_probability 1 1
            session.name PHPSESSID PHPSESSID
            session.referer_check no value no value
            session.save_handler files files
            session.save_path /var/lib/php/session /var/lib/php/session
            session.serialize_handler php php
            session.use_cookies On On
            session.use_only_cookies Off Off
            session.use_trans_sid Off Off

            I just added a new ADDT login server behavior to this site today without any issues, so maybe one of your session settings is causing an issue. The settings you gave for your php.ini file seem ok, but there are other PHP session settings that might be causing a problem.

            Please let us know if you fix the problem so that others may benefit :)

            Thanks,

            Shane
            • 3. Re: Login - Restrict Access Session Problem
              Level 1
              Günter,

              I actually did try that before posting with no luck. As for the PHP session settings, here is what's on the server at the moment:

              session
              Session Support enabled
              Registered save handlers files user

              Directive Local Value Master Value
              session.auto_start Off Off
              session.bug_compat_42 Off Off
              session.bug_compat_warn On On
              session.cache_expire 180 180
              session.cache_limiter nocache nocache
              session.cookie_domain no value no value
              session.cookie_lifetime 0 0
              session.cookie_path / /
              session.cookie_secure Off Off
              session.entropy_file no value no value
              session.entropy_length 0 0
              session.gc_divisor 1000 1000
              session.gc_maxlifetime 1440 1440
              session.gc_probability 1 1
              session.name PHPSESSID PHPSESSID
              session.referer_check no value no value
              session.save_handler files files
              session.save_path /var/lib/php/session /var/lib/php/session
              session.serialize_handler php php
              session.use_cookies On On
              session.use_only_cookies Off Off
              session.use_trans_sid Off Off
              • 4. Re: Login - Restrict Access Session Problem
                Günter Schenk Level 4
                Hi Brandon,

                your session setting look OK to me, mine are not different -- however the ADDT specifications say that PHP 4.4.0 or later is required, so it might well be that you´re running into whatever problems because your host´s PHP version is lower (4.3.9)

                Cheers,
                Günter Schenk
                Adobe Community Expert, Dreamweaver
                • 5. Re: Login - Restrict Access Session Problem
                  Level 1
                  That's a possibility. I'll have to see if I can find out what the specific differences are between the versions and go from there.

                  Thanks,

                  Brandon
                  • 6. Re: Login - Restrict Access Session Problem
                    Günter Schenk Level 4
                    ------
                    what the specific differences are between the versions
                    ------

                    MX Kollection´s minimum requirement was PHP 4.3.0

                    Cheers,
                    Günter Schenk
                    Adobe Community Expert, Dreamweaver
                    • 7. Re: Login - Restrict Access Session Problem
                      Level 1
                      You know, I was reading someone else's post, who had a similar problem. And they had gone back to MX Kollection and things worked fine. So far, this is making the most sense of anything else. I'm curious to learn what the differences are (and see if I can beg my hosting provider to update PHP).

                      Thanks,

                      Brandon
                      • 8. Re: Login - Restrict Access Session Problem
                        Level 1
                        Right. I've sent a support ticket off to the hosting provider to see if/when they might be willing to update PHP to at least version 4.4.0. Looking through the changelog, there were bug fixes and changes to at least some md5 and session issues. At this point, I'm not going to take the time to dig into the code and find out exactly where/what is affected. I'm simply going to see if the host will update PHP and if that fixes the problem.

                        I'll post the results here.
                        • 9. Re: Login - Restrict Access Session Problem
                          Günter Schenk Level 4
                          As PHP 4.4.x has officially reached its end of life in december 2007, it´s time to talk hosting providers into updating to PHP 5 anyway -- ADDT does work fine with that, as it doesn´t use any PHP 5 specific features, but updating will be a good thing nonetheless.

                          Apart from that, everyone please make sure that the "Expat" and "mbstring" PHP libraries are installed and enabled on your host.

                          Cheers
                          Günter Schenk
                          Adobe Community Expert, Dreamweaver
                          • 10. Re: Login - Restrict Access Session Problem
                            Level 1
                            O.k., the host did this much:

                            They changed the path that PHP uses to save session cookies. It was set as the default which, apparently, doesn't work on their hosting environment.

                            Now, the login and restrict access work without encryption. I'll have to do some additional work to see if it works with encryption.

                            So that much functions on PHP 4.3.9. The hosting provider said, begrudgingly, that they would migrate the site to a different server with PHP 5 if I needed it. But they were leary of upgrading this server because it is a shared hosting environment and would likely break other people's stuff.

                            So there's that much information. Changing that one thing got me this much further.