PHP. Sessions in the database. Cross-domain authorization. Is there something I don't understand about this life?

W

wmw852010-09-28 16:09:25

PHP

wmw85, 2010-09-28 16:09:25

Sessions are stored in the database. Authorization is common for 2 sites (2 domains, sites lie side by side on the same server). When a user logs in to one site, a redirect occurs to the second one, where session_name() is set to the same value as on the first site (in cookies). The table with session data is common for 2 sites.
Everything worked fine on the old hosting, but not on the new one.
Description of the problem -
I logged in from one site. I go to the second one, data is retrieved from the database (the read function), everything is fine here. But - right after session_start(), I do print_r($_SESSION) and see an empty array. Those. gave the line, received - ... received nothing. This only happens with data recorded on one site that I'm trying to read on another.
What I found - the data on the old hosting was written in the form of a serialized array. Here it is 'rJFJvf6LVaiQoSWdAHmIFSu5Zfx-393AnbN81sd2B5jmEeWlhKYJB_E9Lv93BjVw'. Maybe that's the issue.
session.serialize_handler = php on both
php hostings - 5.2.4(old) / 5.2.14(new)
all php settings of the session block are the same.
Thank you!

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

A

Anton Korzunov, 2010-09-29
@wmw85

Option 1 - evil and terrible "Suhosin" - session data encoder.
And kindly show the settings for read-write-start sessions

H

Hotpilot, 2010-09-28
@Hotpilot

rJFJvf6LVaiQoSWdAHmIFSu5Zfx-393AnbN81sd2B5jmEeWlhKYJB_E9Lv93BjVw is more like a key than data and length = 64

H

Hotpilot, 2010-09-29
@Hotpilot

It looks like php is built with a security enhancement module like Suhosin that encrypts session data. And the encryption key depends on the domain. Try disabling all unnecessary modules.

H

Hotpilot, 2010-09-29
@Hotpilot

and session_decode() will correctly decode this string?