Site ID is missing from session data!

system · April 20, 2012, 2:13am

antijoey wrote on Friday, April 20, 2012:

Greetings,

I have a fresh installation in a shared hosting environment under Debian. For cross referencing, see this thread:

https://sourceforge.net/projects/openemr/forums/forum/202504/topic/4581341

The issue I am having is EXACTLY the same, with the following differences:

1) This not GoDaddy (iPage). although hosting setup is likely similar,
2) Latest patches have been applied (in hopes there was a fix),
3)This installation is 4 days old, whereas the above referenced thread is from June, 2011(toledomed test site is still there, behaving the same as my site: http://www.toledomed.com/emr )

Installation was flawless, all recommendations for php.ini were instituted, database was prepared in advance of installation. $webserver_root and $web_root in globals.php had to be set post installation to initiate log-in page. $_SESSION and $_GET echoes default.

Upon login, all frames display with “Site ID is missing from session data!”.

If I append globals.php before section starting line 124 with

ignoreAuth = true;

then I can successfully log in and view the main page, although much functionality is gone, and (of course), I need no credentials whatsoever to login.

This leads me to believe that something is wrong with authentication under the conditions which I am attempting to run OpenEMR. What function defines $ignoreAuth, and where is it?

I understand that there are only 2 people posting here who seem to be experiencing this (myself and toledomed). Does anyone have a clue as to why !$ignoreAuth = death ?

Thanks all,

AJ

system · April 21, 2012, 11:08pm

bradymiller wrote on Saturday, April 21, 2012:

Hi,

My guess is that the session is not being recorded correctly. For example, the $_SESSION variable is not getting correctly populated, which is why it escapes when both the session and get are empty. I’d probably found out where your php is supposed to be storing these and see if there are any there:
http://stackoverflow.com/questions/454635/where-are-session-variables-stored

The authentication script is run in interface/globals.php here:

if (!isset($ignoreAuth) || !$ignoreAuth) {
  include_once("$srcdir/auth.inc");
}

Perhaps something in this script could also be wiping out your session data also.

-brady
OpenEMR

system · April 23, 2012, 7:07pm

antijoey wrote on Monday, April 23, 2012:

Brady,

You were correct, sir. After an extended conversation with customer/tech support, we wrangled out the details. The issue was indeed where and how the session data is stored.

In this case, I had already created a /tmp directory and created a session.save_path entry in php.ini to that directory (as no default path is provided by host). Additionally, this path is duplicated in globals.php as such:

session_save_path('/absolute/path/to/tmp');
ini_set('session.gc_probability', 1);

, although one or the other may be enough. it’s working so I’ll leave it alone for now.
Furthermore, /tmp is permissioned 755 (is this too liberal? I don’t want any hijacked sessions!). However, these changes did not take effect without the intervention of my hosting provider. I would imagine this to be true for many shared hosting situations.

Things now seem to be completely in order and functional. Thank you for pointing me in the right direction. As this problem was cross-posted, I shall duplicate this in the other thread.

SOLVED
aj

system · April 19, 2014, 3:58am

htuckjr wrote on Saturday, April 19, 2014:

Hi Folks-

Both on an old 4.1.1 and a brand new 4.1.2 install I got the mystery “Site ID is missing from session data”. The first time I got it I chased down a good number of these remedies til I finally ran into a mention of cookies in globals.php… and I had just changed my cookie settings to refuse all. So a quick exception for the OpenEMR login page fixed THAT.

Love them simple fixes!

system · April 19, 2014, 11:14am

yehster wrote on Saturday, April 19, 2014:

Refusing cookies from OpenEMR would definitely cause this problem.

github.com

openemr/openemr/blob/master/library/restoreSession.php

<?php
/**
 * Generated DocBlock
 *
 * @package OpenEMR
 * @link    http://www.open-emr.org
 * @author  ophthal <magauran@ophthal.org>
 * @author  sunsetsystems <sunsetsystems>
 * @author  JP-DEV\sjpad <sjpadgett@gmail.com>
 * @author  Rod Roark <rod@sunsetsystems.com>
 * @copyright Copyright (c) 2016 ophthal <magauran@ophthal.org>
 * @copyright Copyright (c) 2007 sunsetsystems <sunsetsystems>
 * @copyright Copyright (c) 2017 JP-DEV\sjpad <sjpadgett@gmail.com>
 * @copyright Copyright (c) 2015 Rod Roark <rod@sunsetsystems.com>
 * @license https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
 */
?>
// login.php makes sure the session ID captured here is different for each
// new login.  We maintain it here because most browsers do not have separate
// cookie storage for different top-level windows.  This function should be

This file has been truncated. show original

All pages are supposed to reset the session cookie before calling back to the server to allow multiple session in the same browser.