login page, session

[kabuc]

Script URL:
Version of script: 2.3
Hosting company:
URL of phpinfo.php:
URL of session_test.php:
What terms did you try when SEARCHING for a solution:

Write your message below:

After I upadate from 2.2 to 2.3 always ask login and wrote "session expired".

[Klemen]

URL of phpinfo.php:
URL of session_test.php:

Tip: you will find these two files in the "READ THIS BEFORE POSTING" topic of the forum.

[kabuc]

Session is success in session test.

After I close browser and I go to hesk, I need always login because hesk said that session expired

[Klemen]

But you are able to login successfully?

If yes try clearing your cookies and temporary internet files, then try logging in again.

[Estelle]

Hi,
I just installed for the first time HESK. I tried it on a windows server and on a Unix server.
I have this kind of session problems. I am not satisfied with the answers I can read on this forum about this topic.
What I would like to know is the exact PHP configuration for sessions : there are MANY ways of dealing with sessions (transitional session id ? cookie ? automatic starting ?). I tried some configurations. I see that if I enable the automatic transitional ID, there are pages where the ID is transmitted, and other where not (depends on the type of action for going to the next page - form submit, image link, javascript link, ...).

When I allow sessions by cookie, it works. I would have saved lots of time it I had found the information somewhere - "Enable session through cookies". It works - but it creates a new session file at each click !! I can't believe it's supposed to do so, I expect a lot more from HESK.
Thanks for any comment.
Estelle

[Klemen]

Sessions are a PHP configuration issue, not a HESK issue. If you are having problems with sessions *any* script using sessions will have problems, not just HESK.

How to configure PHP is beyond the scope of this forum.

To make HESK work you should have autostart sessions set to OFF. Where the session data is stored (file or cookie) doesn't matter to HESK as long as it works on the server.

The default PHP setup should work fine on most servers. The most common problem is that the session.save_path is not correct or doesn't exist, so PHP has nowhere to store session files.

[Estelle]

Hi,
How sessions have to be configured on the server is part of the "requirements" for the software ! This IS a software question.
Serious hosters won't just activate all options in PHP, it wouldn't be secure. As such, cookies are not always enabled and when it's not, HESK is not working while my programs are working well because I program them knowing how to share session when sessions through cookies are not enabled.
The path for files is okay, everything is fine, but the session ID is not transferred from page to page - so it HAS to be taken into a cookie. Fine with me. But again, if this was documented, it would be less time consuming - and many of the posts in this forum about the same question would have a real answer.
All this does not explain why the session is recreated with a new session id at each click - I can assure you this is not the case for the other scripts I use with sessions. If this forum is not the location for such questions, I would be more than happy to hear where I could ask my questions...
Thanks, Estelle

[Klemen]

I don't have the time or the will to argue about what should and what should not be enabled in PHP. Any host that claims to support PHP but doesn't support basic functionality such as sessions, is, in my opinion, ripping you off your money.

I have no idea how your server is configured. To be able to help I would at least need to see your phpinfo and session test files, as asked for in the "READ THIS BEFORE POSTING" topic. Without any information at all about your setup I can just make wild guesses and assumptions.

Session ID is recreated for security purposes using session_regenerate_id(). I don't know what other scripts you are using, but this is one of the basic security considerations that helps fight session hijacking attempts and should be used by any script that uses sessions to transfer sensitive data such as user privileges.

That said, I am happy to provide free help for the free HESK script, but you will have to do better than just "it isn't working". Post the required information and details about what you did and didn't do and we can go from there.

[Estelle]

Sessions ARE working - but there are many ways of having them configured.

By the way, I would be more than happy to pay for support - free is always too expensive if it does not provide the basic answers we need.