It seems like it's not possible to use $_SESSION to store data when the current session is anonymous, but it works fine if it's an authenticated session. Does anyone know why this is and if it's changeable (preferably without changing core code of course)?


keesje’s picture

$_SESSION data has nothing to do with being logged in to Drupal AFIAK. An anonymous session is still a session, it will be lost when closing your browser in most cases (depending on browser and settings).

Your browser establishes a session with the webserver on a specific domain.
Could it be session loss due to domain changes? E.g. www.domain.tld / domain.tld.

easyfit’s picture

Yes that's exactly what I was thinking as well, it shouldn't matter since even if you're not logged into drupal you're still running a session - it's just an anonymous one from drupals perspective, but I don't see why that should matter for $_SESSION, you should still be able to store things there temporarily. But for some reason you can't, not when the session is anonymous, but you can when you're authenticated by drupal.

So I'm wondering why this is and if there's anyway to change it.

barrya’s picture

I'm having exactly the same problem.

Drupal Version 6.8

With an "Anonymous" user I am unable to access $_SESSION

When logged in then I am able to access $_SESSION fine.

I have tried tweaking the settings.php file with different php.ini settings to no avail.

Any other ideas?


barrya’s picture

I had a quick look at sess_read(), function that reads the session information.

It runs a query with a join against the users table. obviously an anonymous user does not have an account, so I assumed this would attempt to makea join against user "0". I took a look in my users table and noticed that there wasn't a user 0. I seem to recall on install this user is created. I recreated this user and it appears to be working fine now.

Hope this fixes your problem, as it has fixed mine.

easyfit’s picture

Fantastic! That seems to be the fix! Adding the anonymous user (which apparently I had accidentally removed as well) seems to have fixed the problem. This has been pestering me for a long time so thank you very much barrya!

uhsarp’s picture

Small clarification. I have the same problem and what do you guys mean by 'adding anonymous user'?

I've checked my Drupal Mysql's users table. I see an entry for uid with value 0. But the other fields are completely empty. Should I set

name = anonymous
pass = somestring


mpruitt’s picture

Hey barrya, just wanted to say thanks for the information in your post. I was having a tough time figuring out why I couldn't use $_Session variables, and while doing research, came across your response. I check my users table, and sure enough, I had deleted user 0 for some reason. Doh!

keesje’s picture

You can easily loose the #0 user entry when moving/migrating database tables by export/import. It happened to me a few times too. Simply add it again.
This is not incidental:

Fix and more info:

Handdoek kopen, huishoud textiel online

mpruitt’s picture

I don't remember deleting the 0 user, but assumed I did since it wasn't in the user table. This particular database has been exported/imported a number of times on different production and development machines. It's certainly something I'll keep an eye on going forward. I'm adding this little gem of info to my Drupal Notebook on my desk!

jonigual’s picture

Thanks a lot! I was having the same problem, you saved my life!

DanielFbrg’s picture


candelas’s picture

i was going crazy!!!

//trying to answer one question for each one that i make.
//this way, drupal will be more friendly and strong

lurkerX’s picture

Not in a million years and a day would have I figured that one out. Thanks again!

lmeurs’s picture

An allmost empty record showed up when one of my scripts queried the user table. I thought this record was created by mistake, so deleted it. Re-creating solved the problem, I now have to alter the queries in my scripts. Thank you!

Laurens Meurs

kovalev’s picture

You, probably, have to play with /sites/default/settings.php file, in Drupal 6 - around line 140.
I'm talking about this:

ini_set('session.cache_expire', 200000);
ini_set('session.cache_limiter', 'none');
ini_set('session.cookie_lifetime', 2000000);
ini_set('session.gc_maxlifetime', 200000);
ini_set('session.save_handler', 'user');
ini_set('session.use_only_cookies', 1);
ini_set('session.use_trans_sid', 0);

You can find some explanations for this, here:

Sergata - פיתוח תוכנה

PhilDHD’s picture

This behaviour can also be caused by drupal caching differently for anonymous and authentucated users). Try disabling caching and see if your session variables persist. If this sloves the problem you can stop caching an individual page by including: $GLOBALS['conf']['cache'] = FALSE;

lsiden’s picture

My site has a custom front page with a registration form. If the user registers with an existing name/email, the submit callback calls drupal_set_messages('You already have an account. Please log in.') and sends him to /user. However the message is not displayed.

Investigation showed that $_SESSION is empty on the /user page. Then, in sess_read ( I var_dump($key). The result shows that the session id for the /user page is different than the session id for my custom front page, even though in both cases, the user is the same (uid == 0) and both pages have the same domain.

Can anyone tell me what I might be missing here?

Caching is disabled on my dev server and uid=0 is present in the 'users' table.

Sinan Erdem’s picture

I had a different problem, and fixed it by disabling cache for my module. I added $GLOBALS['conf']['cache'] = FALSE; in my hook_init.

My module is a multi page form. When the user fill it first time, the variables in the session are correct. But if he fills it immediately again, the old values remained. So, this is fixed by disabling cache.


jurgenhaas’s picture

I've had the very same problem and I thought it was the missing user 0 but it wasn't. Also, the session table contained the expacted values, just that not all pages got delivered as expected.

My problem here was, that the pages I had trouble with got delivered from cache and not individually following different session values. Turning off caching solved the problem.

Well, OK. I now have to find a way to use cache and only produce the pages individually when there is a need according to my session values.

reign85’s picture

you can use the cacheexclude module.

I get the same problem but restore the anonymous user (uid = 0) don't resolve my problem, and cache is disabled on my website (dev mode)

Anyone can help me to find the problem here? This drive me crazy
I get the row but not the anonymous user in the user list, normal thing?