php - Session variables not accessible in subdirectory

Question

When we moved our project from the beta test server to our live server we experienced the following:

Session variables are only accessible if the file accessing them is in the same folder as the file that created them. This was not the case on our beta server. So I've created three very simple test files:

test.php

<?php
session_id("581186accf44d7e80df40d0b5a47fb7d");
session_start(); 
$_SESSION['myvariable'] = 'Hello World';
?> 
<html>
    <body>
        <p><a href="page2.php">Same folder test</a></p>
        <p><a href="test/page2.php">Subfolder test</a></p>
    </body>
</html>

Then we have the following file duplicated in the same folder and in the test/ folder.

page2.php

<?php 
session_start();
print 'Here is page two, my session variable and my session cookie: '; 
print $_SESSION['myvariable']; 
print $_COOKIE['PHPSESSID'];
exit; 
?>

and here are the results: page2.php

Here is page two, my session variable and my session cookie: Hello
World581186accf44d7e80df40d0b5a47fb7d

test/page2.php

Here is page two, my session variable and my session cookie: 581186accf44d7e80df40d0b5a47fb7d

As you can see, the session variable has disappeared. But the session ID cookie is preserved in the subdirectory, so it isn't a cookie issue.

I've looked at the session block in phpinfo(); and aside from session.save_path, which is set on the beta server but not on the live server (which presumably means it will default to /tmp), the configuration is identical on both.

Also, we don't have a .htaccess file which might change domain.com paths to www.domain.com paths.

Because this test works on our beta server, I have concluded that it's a php configuration issue, but if someone could point me toward the parameter that needs changing, that would be much appreciated!

Answer 1

Ok, it appears that the problem occurred, in part, due to my lack of understanding of what putting my own php.ini in the public_html folder would do. Because we can't use ini_set() on our shared server (it's disabled) I created a local copy of php.ini that contained the following lines to override dud default settings...

date.timezone =  Australia/Melbourne
magic_quotes_gpc = Off

I assumed that the values in this local version of php.ini would simply override the values in the master php.ini.

Unfortunately this is not what happens on the Jumba / UberGlobal hosting. Creating this local php.ini meant that the entire configuration reverted to default values, except for these two settings.

The solution was for a tech from Jumba / Uberglobal to make a copy of their php.ini file (with just the above two values changed) and place it in our public_html folder.

This has fixed the problem.

Thanks for everyone's help!