PHP Session is empty and session file is empty

I am using PHP 5.2.2.

I am trying to save a SESSION variable which looks to succeed because right after I print it out to verify it.

I do so as follows:

session_start();

<snip>

$_SESSION['security_code'] = $code;

The problem is that I submit a form on the same page and I need to check if the $_SESSION['security_code'] == $_POST['security_code'] however this condition is always false because $_SESSION['security_code'] is empty.  I also checked the security files that are created in the PHP 'save_path' directory and it appears to be creating an empty session file.

Can anyone suggest anything here?  Also prior to the condition, I also do a session_start() and that doesn't help either.

I got this code from a open source area and on that web site, if I test it it works fine.  On my localhost it does not work.  I'm not sure if I'm missing some configuration or whether PHP 5.2.2 has problems with sessions.

I'd appreciate your input.

Thanks

Does you browser allow cookies from localhost. Also could you post your code too.

You must call session_start() first in order for the session to be initiated. Make sure session_start() is called before any output to the browser. It is recommended to place session_start() on the first line of your script.

Also, make sure that $code has a value. =) That is a key in this portion also.

Here is the open source code I am using.  It works on the author's web site:

http://www.white-hat-web-design.co.uk/articles/php-captcha.php and all the PHP's and fonts are here in zipped format.  I'll paste in the two files. 

Note, I have not changed any of his source code.  On his website, if I type in a security code, it works fine.  On my local host, it is not working and I get the error '...invalid security code'.  I do have cookies enabled on the web browser I am using at setting MEDIUM.  How do I configure it for my localhost?  Any ideas as to why it doesn't work on my local host would be appreciated.  (Note I've tried contacting the author but have not received any responses).  Thank you so much in advance!

<?php

session_start();

/*

* File: CaptchaSecurityImages.php

* Author: Simon Jarvis

* Copyright: 2006 Simon Jarvis

* Date: 03/08/06

* Updated: 07/02/07

* Requirements: PHP 4/5 with GD and FreeType libraries

* Link: http://www.white-hat-web-design.co.uk/articles/php-captcha.php

*

* This program is free software; you can redistribute it and/or

* modify it under the terms of the GNU General Public License

* as published by the Free Software Foundation; either version 2

* of the License, or (at your option) any later version.

*

* This program is distributed in the hope that it will be useful,

* but WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

* GNU General Public License for more details:

* http://www.gnu.org/licenses/gpl.html

*

*/

class CaptchaSecurityImages {

  var $font = 'monofont.ttf';

  function generateCode($characters) {

      /* list all possible characters, similar looking characters and vowels have been removed */

      $possible = '23456789bcdfghjkmnpqrstvwxyz';

      $code = '';

      $i = 0;

      while ($i < $characters) {

        $code .= substr($possible, mt_rand(0, strlen($possible)-1), 1);

        $i++;

      }

      return $code;

  }

  function CaptchaSecurityImages($width='120',$height='40',$characters='6') {

      $code = $this->generateCode($characters);

      /* font size will be 75% of the image height */

      $font_size = $height * 0.75;

      $image = @imagecreate($width, $height) or die('Cannot initialize new GD image stream');

      /* set the colours */

      $background_color = imagecolorallocate($image, 255, 255, 255);

      $text_color = imagecolorallocate($image, 20, 40, 100);

      $noise_color = imagecolorallocate($image, 100, 120, 180);

      /* generate random dots in background */

      for( $i=0; $i<($width*$height)/3; $i++ ) {

        imagefilledellipse($image, mt_rand(0,$width), mt_rand(0,$height), 1, 1, $noise_color);

      }

      /* generate random lines in background */

      for( $i=0; $i<($width*$height)/150; $i++ ) {

        imageline($image, mt_rand(0,$width), mt_rand(0,$height), mt_rand(0,$width), mt_rand(0,$height), $noise_color);

      }

      /* create textbox and add text */

      $textbox = imagettfbbox($font_size, 0, $this->font, $code) or die('Error in imagettfbbox function');

      $x = ($width - $textbox[4])/2;

      $y = ($height - $textbox[5])/2;

      imagettftext($image, $font_size, 0, $x, $y, $text_color, $this->font , $code) or die('Error in imagettftext function');

      /* output captcha image to browser */

      header('Content-Type: image/jpeg');

      imagejpeg($image);

      imagedestroy($image);

      $_SESSION['security_code'] = $code;

  }

}

$width = isset($_GET['width']) ? $_GET['width'] : '120';

$height = isset($_GET['height']) ? $_GET['height'] : '40';

$characters = isset($_GET['characters']) && $_GET['characters'] > 1 ? $_GET['characters'] : '6';

$captcha = new CaptchaSecurityImages($width,$height,$characters);

?>

And here is the form.php file:

<?php

session_start();

if( isset($_POST['submit'])) {

  if( $_SESSION['security_code'] == $_POST['security_code'] && !empty($_SESSION['security_code'] ) ) {

      // Insert you code for processing the form here, e.g emailing the submission, entering it into a database.

  echo 'Thank you. Your message said "'.$_POST['message'].'"';

  } else {

      // Insert your code for showing an error message here

  echo 'Sorry, you have provided an invalid security code';

  }

} else {

?>

<form action="form.php" method="post">

<label for="name">Name: </label><input type="text" name="name" id="name" /><br />

<label for="email">Email: </label><input type="text" name="email" id="email" /><br />

<label for="message">Message: </label><textarea rows="5" cols="30" name="message" id="message"></textarea><br />

<img src="CaptchaSecurityImages.php?width=100&height=40&characters=5" /><br />

<label for="security_code">Security Code: </label><input id="security_code" name="security_code" type="text" /><br />

<input type="submit" name="submit" value="Submit" />

</form>

<?php

}

?>

Your never setting the $_SESSION['security_code'] to $code.

<?php
session_start();
$_SESSION['security_code'] = $captcha->generateCode($characters);
?>

Hi frost110,

In method function CaptchaSecurityImages($width='120',$height='40',$characters='6') at the very end of it, there is an assignment:  $_SESSION['security_code'] = $code;

For some reason I thought by setting it in that function that it would be accessible in the form.php at the time of the condition check.  I still wonder why it works on the author's website.

Thank you,

Anita

It does, I just missed that. In that case I am not sure what is wrong.

Are you using IIS? IIS is rather buggy with sessions. See http://www.sitepoint.com/forums/showthread.php?t=461479 (It's a long thread, but the author found a hack solution)

The author of your script is using Apache on a Unix server.

http://www.google.com/search?hl=uk&q=PHP+sessions+problems+IIS

I'm also using Apache 2.2.x on windows XP with PHP 5.2.2.

Thanks,

Anita

I meant, I'm using Apache 2.2.4 on Windows 2000 with PHP 5.2.2.

Anyone have another ideas?  I might try to install a different PHP version.  Can someone recommend a stable release for PHP for Windows and corresponding Apache version?

Thank you so much.

I got something for you to read, perhaps this will help:

http://www.aeonity.com/frost/php-setcookie-localhost-apache

I wrote that after searching the internet and realizing that the cookie for localhost had to be set a specific way.

Thanks frost110 for bringing this to our attention.

To get around the localhost problem, here's a simple solution:

Go to www.dyndns.org and register an account.

Then give yourself a sub-domain name like http://apachetester.dyndns.org with their dynamic IP service

This service is free, just requiring you to update your IP address once a month. We used it for our church site (http://calvarybaptist.homedns.org) before we got a domain name.

I tried both suggestions but couldn't get anywhere.

But, I finally found something that worked and I don't know why it worked.  Could someone please explain it?  I'm not a Web expert and all of this stuff with cookies and sessions is new to me.

I commented out two lines the php.ini:

; The path for which the cookie is valid.

#session.cookie_path = \

; The domain for which the cookie is valid.

#session.cookie_domain =

Thanks for everyone who has been responding.  I appreciate your feedback and have learned a lot from your responses.

Anita

session.cookie_path is where the session data will be saved. Maybe you don't have write access to the default save path. In my php.ini, the save path is also /, but it defaults to c:\documents and settings\myname\local settings\temp. I've heard of other people having trouble with the save path. You might try hard-coding this variable to a directory on your hard drive.

You might try googling the problem.