Login/Register
Logging on ISP Config broke my PHP sessions and cookies forever
Asked Answered
Solved phpsession-cookiesispconfig
G

1

15

To explain my problem I have to add some context info:

We have a website, it works with sessions and has been working for 7 years with no problems, except for our server administrator, he can not login, and we never knew why... until now...

Our Server administrator is on vacations, so I had to do some of his works, it include login on ISP Config which is located on the same server and domain using a different port (8080), I logged there, to check some values and then when I go back to our website, I could not login, just as our server administrator.

Doing some debug I found it is a problem with sessions, on every refresh session_id() changes.

using ini_get I got session.cookie_domain and session.cookie_secure are empty.

If I do a print_r($_COOKIE) there is no PHPSESSID, if I set it to any value it dissapears, even if I write a long expiration It is not saved, If I set 2 cookies like this:

setcookie("PHPSESSID", "MYSESSION", time()+365*24*60*60, '/');
setcookie("a", "b", time()+365*24*60*60, '/');

and then print_r($_COOKIE); I get this: 

Array ( [a] => b )

I don't have any .htaccess, so there is no rules in my side, seems like there is something in ISP config what changed the way I store cookies.

I could ask on webmasters.stackexchange.com but I need a PHP answer to set the new values when someone log in my website after logging in ISP config.

This is my current code to test:

<?php
session_set_cookie_params(3600,"/");
session_start();
//$_SESSION[b_id]=1;
setcookie("PHPSESSID", "GTS", time()+365*24*60*60, '/');
setcookie("a", "b", time()+365*24*60*60, '/');
echo "<div>b_id: $_SESSION[b_id]</div>";
echo "<div>session_id: ".session_id()."</div>";
echo "<div>cookie_domain: ".ini_get('session.cookie_domain')."</div>";
echo "<div>save_path: ".ini_get('session.save_path')."</div>";
echo "<div>cookie_secure: ".ini_get('session.cookie_secure')."</div>";
print_r($_COOKIE);
/*echo "<pre>";
print_r(ini_get_all());
echo "</pre>";*/
?>

This is the output, (session_id value changes each time):

b_id:
session_id: du95eljbkct54qktvcd18a7ej0
cookie_domain:
save_path: /var/lib/php/sessions
cookie_secure:
Array ( [a] => b )

This is the output of ini_get_all() function:

[session.auto_start] => Array   (
    [global_value] => 0
    [local_value] => 0
    [access] => 2
)
[session.cache_expire] => Array (
    [global_value] => 180
    [local_value] => 180
    [access] => 7
)
[session.cache_limiter] => Array    (
    [global_value] => nocache
    [local_value] => nocache
    [access] => 7
)
[session.cookie_domain] => Array    (
    [global_value] => 
    [local_value] => 
    [access] => 7
)
[session.cookie_httponly] => Array  (
    [global_value] => 
    [local_value] => 
    [access] => 7
)
[session.cookie_lifetime] => Array  (
    [global_value] => 0
    [local_value] => 3600
    [access] => 7
)
[session.cookie_path] => Array  (
    [global_value] => /
    [local_value] => /
    [access] => 7
)
[session.cookie_secure] => Array    (
    [global_value] => 
    [local_value] => 
    [access] => 7
)
[session.entropy_file] => Array (
    [global_value] => /dev/urandom
    [local_value] => /dev/urandom
    [access] => 7
)
[session.entropy_length] => Array   (
    [global_value] => 32
    [local_value] => 32
    [access] => 7
)
[session.gc_divisor] => Array   (
    [global_value] => 1000
    [local_value] => 1000
    [access] => 7
)
[session.gc_maxlifetime] => Array   (
    [global_value] => 1440
    [local_value] => 1440
    [access] => 7
)
[session.gc_probability] => Array   (
    [global_value] => 0
    [local_value] => 0
    [access] => 7
)
[session.hash_bits_per_character] => Array  (
    [global_value] => 5
    [local_value] => 5
    [access] => 7
)
[session.hash_function] => Array    (
    [global_value] => 0
    [local_value] => 0
    [access] => 7
)
[session.lazy_write] => Array   (
    [global_value] => 1
    [local_value] => 1
    [access] => 7
)
[session.name] => Array (
    [global_value] => PHPSESSID
    [local_value] => PHPSESSID
    [access] => 7
)
[session.referer_check] => Array    (
    [global_value] => 
    [local_value] => 
    [access] => 7
)
[session.save_handler] => Array (
    [global_value] => files
    [local_value] => files
    [access] => 7
)
[session.save_path] => Array    (
    [global_value] => /var/lib/php/sessions
    [local_value] => /var/lib/php/sessions
    [access] => 7
)
[session.serialize_handler] => Array    (
    [global_value] => php
    [local_value] => php
    [access] => 7
)
[session.upload_progress.cleanup] => Array  (
    [global_value] => 1
    [local_value] => 1
    [access] => 2
)
[session.upload_progress.enabled] => Array  (
    [global_value] => 1
    [local_value] => 1
    [access] => 2
)
[session.upload_progress.freq] => Array (
    [global_value] => 1%
    [local_value] => 1%
    [access] => 2
)
[session.upload_progress.min_freq] => Array (
    [global_value] => 1
    [local_value] => 1
    [access] => 2
)
[session.upload_progress.name] => Array (
    [global_value] => PHP_SESSION_UPLOAD_PROGRESS
    [local_value] => PHP_SESSION_UPLOAD_PROGRESS
    [access] => 2
)
[session.upload_progress.prefix] => Array   (
    [global_value] => upload_progress_
    [local_value] => upload_progress_
    [access] => 2
)
[session.use_cookies] => Array  (
    [global_value] => 1
    [local_value] => 1
    [access] => 7
)
[session.use_only_cookies] => Array (
    [global_value] => 1
    [local_value] => 1
    [access] => 7
)
[session.use_strict_mode] => Array  (
    [global_value] => 0
    [local_value] => 0
    [access] => 7
)
[session.use_trans_sid] => Array    (
    [global_value] => 0
    [local_value] => 0
    [access] => 7
)
[session.cookie_domain] => Array    (
    [global_value] => 
    [local_value] => 
    [access] => 7
)
[session.cookie_httponly] => Array  (
    [global_value] => 
    [local_value] => 
    [access] => 7
)
[session.cookie_lifetime] => Array  (
    [global_value] => 0
    [local_value] => 3600
    [access] => 7
)
[session.cookie_path] => Array  (
    [global_value] => /
    [local_value] => /
    [access] => 7
)
[session.cookie_secure] => Array    (
    [global_value] => 
    [local_value] => 
    [access] => 7
)

How to go back my session system to default as before logging in ISP config?

Answering Iłya Bursov questions

Opening page in incognito mode let me login normally and PHPSESSID doesn't change.

Clearing cookies didn't work, PHPSESSID still changing.

phpinfo gave me some relevant info:

Set-Cookie: PHPSESSID=ositfoouhvosgcklk2k14r7t25; expires=Fri, 07-Dec-2018 19:28:01 GMT; Max-Age=3600; path=/
// This is the same time it was created, so it is creating and expiring inmediately!

Expires: Thu, 19 Nov 1981 08:52:00 GMT
// 1981!?

I have a co-worker (in the same network) who can login in my website.

After 2 days, I am unable to fix the problem, we made a new test today to reproduce this error, our web developer logged on ISP Config and now he is unable to log in in my system!!

Same error as me and our server administrator.

I am using Chrome in Windows 10.

ISP Config version 3.1.11

It seems like this guy had the same issue 6 years ago: PHPSESSID not being saved to cookie

Granthem answered 7/12, 2018 at 14:45 Comment(21)
Seems like this is more of a hosting question, not a PHP question.Hellenhellene
However you may ask here: webmasters.stackexchange.com/questions/tagged/web-hostingHellenhellene
I could ask there but I need a PHP answer to reset the new values when someone log in my website after logging in ISP config.Granthem
Include information about your code & session data if you want a PHP answer. Otherwise, this is broad and doesn't seem programming related.Allstar
Done, I included my test code and its output.Granthem
first thing to try is to open page in incognito mode (or clear cookies), also - can check output of phpinfo (and probably post parts about cookies/sessions) hereVadim
Using incognito mode let me login, I made a phpinfo and I get some relevant data I posted in the question.Granthem
try to print server's time, ie print time() and then convert it to human-readable format epochconverter.comVadim
I made this echo date('Y-m-d H:i:s',time()); and got this 2018-12-10 11:42:43Granthem
Have you set timezone in your application?Ytterbite
My server is GMT, do sessions works with local time? my local computer is GMT-3.Granthem
Which browser do you use? I know a tool on Google Chrome that can lock the cookies so the PHPSESSID won't be deleted. Maybe that will help with the investigation.Ombudsman
Is that ISP panel itself written in PHP as well? I’d start by renaming the session something else, and see if that helps, because it sounds like a possible overlap between the two systems here.Tisza
@Tisza Yes, it is PHP, even if I create a session to a name like foobar123 it expires and PHPSESSID changes.Granthem
Koen Hollander, I am using Chrome.Granthem
Can you tell us what's your session rules? (if you ever set some or if there's some already setup in a php file)Gateway
vincent-d, I never set them, I going to add to my post the results of ini_get_all()Granthem
“even if I create a session to a name like foobar123 it expires and PHPSESSID changes” - it should not have been PHPSESSID any more to begin with, if you changed the session name. (Make sure you did that before the session is started/picked up again.)Tisza
misorude, Oh, I understand!, I changed the name session_name('Foo') and it stopped changing its value and keeps correctly all the variables!, so, seems like the issues is using the default name PHPSESSID, I could fix the issue renaming the variable for my whole systems, but, I would like to restore PHPSESSID variable, why it is reseting/expiring?Granthem
Have you seen the answer to this post, pretty interesting read and may help with your sessions #3477038Sob
Of course, you are setting phpsessid arbitrarily, that is the PHP SESSION ID.Oehsen
G
1

Well, four months later of testing, I going to answer my own question to help others having this issue.

ISP Config uses the default PHP name session id, so, if you run a different system in the same domain you can not use the same id.

the first way to solve this problem is doing what @misorude said in his comment, change all the session names to a different name before starting any session:

session_name('MySystem'); // your session string ID
session_start();

For your session string ID use any string you want, use always the same on your whole system and do not use a the default value "PHPSESSID".

Session expired too fast, this is because I was running 2 systems in the same domain as second2none link commented.

shorter session.gc_maxlifetime time, will be used for all the systems in the domain.

this question shows a second alternative way to solve it changing the session directory, calling the session_save_path() function.

There is a third way if you do not want to change the session name id or the session directory in all your files, you can also change the session.save_path configuration as Álvaro González suggested.

Granthem answered 28/3, 2019 at 14:54 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.