Hi,
I'm a newbie learning web development in my spare time. I've built a LAMP server from scratch on an old PC as a learning exercise and I think the basic install and setup of that is fine as I installed PHPBB previously and that runs and is working. I've backed the server up at that point and restored so everything up to there is pretty much out of the box. I'm now coding my own web pages, so I've setup virtual hosting so I can hit them and start learning PHP, MySQL etc using quite an old book (PHP4 days) so yes things have changed. I've got an issue right at the start with sessions. It's a basic user authorisation exercise setting a session value authorising the user, and then when you click on a link, the authorised user session variable is tested to determine whether the user is allowed to view the page. This is not working and I've worked out what is happening.
The main page is starting a new session – session_start();
The session value is set.
When I click on the link, the next page is calling session_start();
... but it's starting a second session, and the authorised user value is not found. I've confirmed this watching sessions in the folder ... /var/lib/php/sessions
I can see the first being created containing the authorised user variable, and then a second empty session being created with just the session id. The session folder group is www-data with rwx permissions. The session file owner and group is www-data with rw permissions ...
-rw------- 1 www-data www-data 13 Nov 29 21:29 sess_bgih8hu82plbrvo0f9naledmdd
-rw------- 1 www-data www-data 0 Nov 29 21:29 sess_vhq4kfcm3sm0avrmif8e2fli9v
I don't think permissions is the issue as I can read and display the $_SESSIONID in each page – which also confirms different sessions are being used. I'm also seeing the following error in the apache error log when the second page is requested ...
[Fri Nov 29 20:58:27.829382 2019] [php7:notice] [pid 1065] [client x.x.x.x:x] PHP Notice: Undefined index: authuser in /var/www/licks/moviesite.php on line 22, referer: http://licksdev.com/moviemain.php
There's hardly any code, it's a very basic exercise, but here you go, this is the main page ...
<?php
session_start();
$_SESSION['authuser']=1;
?>
<HTML>
<HEAD>
<TITLE>Find my favourite movie</TITLE>
</HEAD>
<BODY>
<?php
echo "<a href='http://www.licksdev.com/moviesite.php'>Click ...</a>";
?>
</BODY>
</HTML>
Here is the second page. when I hit this page I get the not authorised error message:
<?php
session_start();
if ($_SESSION['authuser']!=1){
echo "Sorry but you don't have permission to view this page.";
exit();
}
?>
<HTML>
<HEAD>
<TITLE>Movie Details</TITLE>
</HEAD>
<BODY>
<?php
echo "User is authorised";
echo "<br>";
echo $_SESSION['authuser'];
?>
</BODY>
</HTML>
Versions ...
Ubuntu 18.04.
PHP 7.2.24
Apache/2.4.29
I'm guessing this is some basic configuration issue I should know about but I've spent a few days trying to find a solution - thought the session was not persisting at first, then the permissions, played around with session.use_only cookies but it's not that. Can't seem to frame the right question to find anyone talking about a similar issue.
Thanks for any help you can give.