Posted on: 2008/6/21 23:02
Admin login and PHP5
I have a working XOOPS website (in fact lots of them) on a server running PHP4.4 but I plan to move these sites to a different host running PHP5. I copied over one of these sites but have experienced a number of issues related to PHP5. I was able to fix all but one of the issues by overriding settings in a custom php.ini file. The last and most frustrating problem is the website being unable to retain session information belonging to valid logged in user/administrator.
I know that there are many different threads on the forums pertaining to this issue and I have tried all the suggested fixes.
-- cleared files in cache/ and templates_c/
-- cleared browser cookies and sessions for the website
-- emptied session table and also repaired it even though it didnt have problems. Sessions are being added to that table just fine.
-- ensured server timezone was set correctly
-- toggled between setting use_mysession to be 1 and 0
-- toggled activating and deactivating Protector module
-- toggling the autologin feature on and off
-- turned on debug mode to see if that could provide clues
-- toggled between having session.save_path to be a valid writable folder under the account for this website and also setting it to the default setting
-- ensured session.use_cookies was set to On
-- I dont have a "regenerate" setting in kernel/session.php
-- setting HTTP_REFERER value in xoopssecurity.php to be true
The version of XOOPS is 2.2 and as I say the exact same website works fine on a server running PHP4.4 - no login problems.
I have tried logging in using IE7 and FF2, and setting my cookies very low. I have also tried stepping through the XOOPS code in common.php and checklogin.php and outputting the $_SESSION and $_COOKIE array during the login and redirection process. The $_COOKIE array always contains the correct information. But the $_SESSION array initially contains all the valid logged in user information (when checklogin.php has finished executing), but then on the redirected page, the $_SESSION array is empty (outputting the array from common.php). I believe thats where the problem lies as XOOPS has to check elements fromt the $_SESSION array to ensure its a valid logged in users with correct permissions for modules.
Perhaps there is another php.ini setting I need to change to get this working? Or including updated code for session.php from a newer version of Xoops?