_SESSION not visible inside captcha file

Question

I want to use a captcha generator witch works like this:

1)Save some security text in the $_SESSION variable 2)Display the captha image.

<img src="http://www.website.ro/captcha/captcha_source.php">

the captcha image is a php file which reads the $_SESSION["security_text"] and generates an image, by setting it-s header to an image:

header("Content-type:image/jpeg");
header("Content-Disposition:inline ; filename=secure.jpg");

3)compare the submited text to the one stored inside _SESSION

The problem: -I set $_SESSION["outside"]="outside"; before the image tag, but inside captcha_source.php the $_SESSION variable is empty.

-If I give it session_start() at the beginning of captcha_source.php, the session_id IS THE SAME as for the rest of the site, but _SESSION is still empty.

-If I set $_SESSION["inside"]="inside"; inside captcha_source.php, when I read SESSION outside of captcha_source.php (after the img tag), SESSION only includes ["outside"]="outside". (And inside captcha_source, session prints as inside=>inside)

-If I remove the line with img src=captcha_source.php, and set SESSION to "test" and write "test" in the form, everything works after submitting (but I don't have the image, because it wasn't included).

-If instead of including the file inside the image tag, I include it as include "/captcha/captcha_source.php" it sets the sessions ok, but I need the image, not garbage text.

So session works from page to page, but somehow not inside captcha_soruce.php. Even thow the id-s are the same, the sessions seam to be totally independent.

One hunch is that the problem is from htaccess (but the identical session id-s are strange), maybe from these lines: (the captcha folder is treated differently, but the base address should be unchanged)

RewriteCond $1 !^(index_ro|imagini|extra|fisiere|slider|tinymce|captcha)
RewriteRule ^(.*)/ index_ro.php?$1/

Maybe the identical sessions have to do with the way I read the files: remove the header from captcha_source.php and open the file www.site.ro/captcha/captcah_source.php whitch the same browser (firefox). And I see the garbage text and session id and session variables whitch I printed. Openning multiple tabs with the same site, keeps the same id.

I hope it's not to long, but it's been 2 days since I strougled with this problem. If it won't work, I'll do this with sql, but I would like to know where the problem is so it won't show up again in other circumstances.

Thank you :)

and here is a stripped code to show what hapens:

//the form part

<?php
    session_start();

    echo session_id();  //prints the same as on all pages

    //the form was not submittted
    if(!$_POST["mail_form_captcha"])
    {
        unset($_SESSION); //just to be sure nothing remains from older sessions

    //generate form that has a field "mail_form_captcha"
    [...]

        //generate a random text for captcha and put it in security_text
        InitCaptcha();

        $_SESSION["before"]="before";

        ?>       
    <img src="<?php echo "./captcha/image.php"; ?>" />
        <?php

        //include "./captcha/image.php"; //if uncoment this line, everything works, but the image is included as garbage text

        $_SESSION["after"]="after";

        print_r($_SESSION); //this prints [security_text] => 10 [before] => before [after] => after

    }
    else //interpret the submission
    {
        print_r($_SESSION); //this is empty if session_start() is at the beginning of captcha_source.php, otherwise only contains before after and security_text
    }

?>





//the captcha part
<?php
    session_start();    //if included, it erases the session from the other files, otherwise it leaves it intact :-/

    $_SESSION["inside"]="inside";

    print_r($_SESSION); //this prints [inside] => inside

    echo session_id();  //this prints the same session id as on the rest of the pages

[...]

    imagettftext([...] $_SESSION["security_text"]); //this draws a blank image

[...]

    header("Content-type:image/jpeg");

    header("Content-Disposition:inline ; filename=secure.jpg");

    imagejpeg($img);
?>

Answer 1

Just as I said I won't try anythind else with this captcha, I tried moving all the files in the same directory as the file calling it (it was in a file ./captcha) and it works now!!! What was the problem with it being in a different directory?