PHP Upgrade 5.2 to 5.3 Session Issue

Question

I'm going through the pain of upgrading PHP on my server from 5.2 to 5.3. Having migrated my old php.ini to the new and upgraded my mysql passwords, my PHP sessions no longer work.

This is my login code below, it executes correctly and even logs my login correctly in the activity log. (updatelog function) I have also posted my session valid check code.

Is there anything obvious in my login code that is no longer valid in PHP 5.3, having previously worked under 5.2?

// Login User///

if(@$_POST["dologin"] == 1)
{
    //record login attempt
    updatelog("",$_SERVER['REMOTE_ADDR'],"Login Attempt By: ".$_POST['username']);

    $user_name = escape($_POST["username"]);
    $password = escape(md5(SALT.$_POST["password"]));

    $login = $query->GetSingleQuery("--SINGLE","SELECT user_name, id, user_email FROM url_users WHERE user_name='".$user_name."' and user_password='".$password."';",array("user_name","id","user_email"));

    if(!isset($login['user_name'])) //failed login
    {
        $_SESSION['loggedin'] = 0;
        //record failure
        updatelog("",$_SERVER['REMOTE_ADDR'],"Login Failure By: ".$_POST['username']);
        header("Location: index.php?failed=1&user=$user_name");
    }else
    { 
    //login valid
    //get country details
    $getcountry = $query->GetSingleQuery("--SINGLE","SELECT geo_ip.ctry FROM admin_adfly.geo_ip geo_ip WHERE INET_ATON ('".$_SERVER['REMOTE_ADDR']."') BETWEEN geo_ip.ipfrom AND geo_ip.ipto;",array("ctry"));

    //set session items
        $_SESSION['country'] = $getcountry['ctry'];
        $_SESSION['username'] = $login['user_name']; 
        $_SESSION['userid'] = $login['id']; 
        $_SESSION['loggedin'] = 1;
        $_SESSION['email'] = $login['user_email'];
    //session salt
        $hsh = md5($_SERVER['HTTP_USER_AGENT'].SALT);
        $_SESSION['_XXX(*@#!_D@R*&$%(){*@)_D_296']['user_agent'] = $hsh;

    //update the ui transaction log
        updatelog($login['id'],$_SERVER['REMOTE_ADDR'],"Login Success For: ".$_POST['username']);

        // run function to check if any adverts have completed
        adcomplete($_SESSION['userid']);

    //redirect
        header("Location: index.php");
    }

}

// Check users login session is valid, this is called on each page I want to restrict by login. ////

if(isset($_SESSION['_XXX(*@#!_D@R*&$%(){*@)_D_296']['user_agent']) ==  $_SERVER['HTTP_USER_AGENT'].SALT)
                {
                    return 1; //session success
                }else
                {
                    return 0; //session failure
                }   

Answer 1

After much messing about, it turns out that the problem was related to the last session name, it was somehow invalidating the entire browser session, removing all data from the session.

After removing "(*@#!_D@R*&$%(){*@)_D_296" from the $_SESSION array, my login session started working again.

Answer 2

Simple solution: Go to /var/lib/php and set attributes 777 to "session" directory.

EDIT: Yes, I know it is not recommended solution, but it works. For do it right, you should set owner to php, httpd or nginx - I don't have time to check which it should be

Answer 3

The check for login is not checking the hash of user agent and salt, should be :

if (isset($_SESSION['_XXX(*@#!_D@R*&$%(){*@)_D_296']['user_agent']) == md5($_SERVER['HTTP_USER_AGENT'].SALT))
{
    return 1; //session success
} else {
    return 0; //session failure
}

Edit:

Since the problem persists and it seems to be a php configuration issue I would try to make the simplest php page that uses sessions and try it out in the 5.3 environment to confirm that it is a php configuration problem and use that simple page to test the configuration while trying to fix the issue.

A simple php page:

<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');
session_start();

if (isset($_SESSION['views']))
    $_SESSION['views'] = $_SESSION['views'] + 1;
else
    $_SESSION['views'] = 0;

echo '<pre>';
var_dump(session_id()); // I should stay the same
var_dump($_SESSION); // I should start at 0 and increase
echo '</pre>';