# PHP Session not remembering anything



## dragonbite (Jun 7, 2013)

I am setting up a webserver on FreeBSD 9.1 and currently have Apache up and running fine, but for whatever reason I cannot get PHP to remember the session variables' values between pages/refreshes!

I have tried adding php5, php5-extensions, php5-pgsql and php5-pdo_pgsql all through ports as well as through a mixtures of ports (php5), packages (php5-extensions) and forcing when postgresql-client conflicts (php5-pgsql and php5-pdo_pgsql) all to the same effect.


```
php5-5.4.7          PHP Scripting Language
php5-ctype-5.4.7    The ctype shared extension for php
php5-dom-5.4.7      The dom shared extension for php
php5-extensions-1.7 A "meta-port" to install PHP extensions
php5-filter-5.4.7   The filter shared extension for php
php5-hash-5.4.7     The hash shared extension for php
php5-iconv-5.4.7    The iconv shared extension for php
php5-json-5.4.7     The json shared extension for php
php5-pdo-5.4.7      The pdo shared extension for php
php5-pdo_pgsql-5.4.7 The pdo_pgsql shared extension for php
php5-pdo_sqlite-5.4.7 The pdo_sqlite shared extension for php
php5-pgsql-5.4.7    The pgsql shared extension for php
php5-phar-5.4.7     The phar shared extension for php
php5-posix-5.4.7    The posix shared extension for php
php5-session-5.4.7  The session shared extension for php
php5-simplexml-5.4.7 The simplexml shared extension for php
php5-sqlite3-5.4.7  The sqlite3 shared extension for php
php5-tokenizer-5.4.7 The tokenizer shared extension for php
php5-xml-5.4.7      The xml shared extension for php
php5-xmlreader-5.4.7 The xmlreader shared extension for php
php5-xmlwriter-5.4.7 The xmlwriter shared extension for php
```

I made these two files for examples:
test1.php 

```
$ cat test1.php
<?php

session_start();

$_SESSION['foo'] = 'bar';

header('Location:test2.php');

?>
```

test2.php

```
$ cat test2.php
<?php
session_start();
echo '
session_id()=' . session_id();
echo '
session_status()=' . session_status();
echo '
$_SESSION[\'foo\'] = ' . $_SESSION['foo'];
echo '
isset($_SESSION) = ' . isset($_SESSION);
echo '
Just in case I missed one';
echo '<ul>';
echo '<li>List of Items</li>';
foreach( $_SESSION as $sname => $svalue ) {
   echo '<li>' . $sname . ' => ' . $svalue . '</li>';
}
echo '</ul>';
?>
```

It goes to test2.php and I get the following 

```
session_id()=6c830aea7365eca59a962fc056273768
session_status()=2
$_SESSION['foo'] = 
isset($_SESSION) = 1

Just in case I missed one
[LIST]
[*]List of Items[/LIST]
```

and every time I refresh the page, I get another (different) session_id() value.  So it appears that the session variables and values are not being kept in-between refresh/page directs.

I thought this was something that just works out-of-the-box.


----------



## quintessence (Jun 18, 2013)

Hello,

Enable cookies in your browser.


----------



## dragonbite (Jun 23, 2013)

No, you know what the problem was?  I could not believe it but once changed it worked perfectly. Microsoft Internet Explorer, at least versions 6-9, cannot handle PHP session variables on sites with an underscore ("_") in the hostname! An  underscore in the other levels are fine, but not in the hostname.  I was surprised to find this out, and relieved to have run across it online. Once I changed it, everything works just as expected.

The company pushes IE for our intranet (we're working on it) so I routinely use IE to "eat the dog food".


----------



## kpa (Jun 23, 2013)

I believe underscores are not allowed in host or domain names per standards. At least this *W*ikipedia article suggests so.

http://en.wikipedia.org/wiki/Hostname


----------



## ShelLuser (Jun 23, 2013)

@kpa is right, this isn't an issue of Internet Explorer not performing properly, but caused by using "illegal" characters in the host name.

When it comes to "Internet regulation", especially on a technical level, then the Internet Engineering Task Force (IETF) is an authority tasked with coming up with specific designs and concept which basically form the "blueprints" of how the Internet (should) operate. These "blueprints" come in the form of so called RFC documents, "Request For Comments" if you will, and each of them describes a particular aspect of how things should work.

The issue of host names ("Host table specification") is covered in RFC 952. I'll quote the relevant part:



> 1. A "name" (Net, Host, Gateway, or Domain name) is a text string up
> to 24 characters drawn from the alphabet (A-Z), digits (0-9), minus
> sign (-), and period (.).  Note that periods are only allowed when
> they serve to delimit components of "domain style names". (See
> ...



You will even come across this kind of information if you go over the documentation for a so called DNS server (which is the environment where such names get defined in the first place).


----------

