Search the Community

Hi, I have created a webpage that so far was working using SESSIONS. As soon as the user successfully logs in, i save some variables inside a SESSION array and pass them to the mainpage.php script (or any other script that needs these variables). Now i want to implement "REMEMBER ME" feature. I know that i need to store the variables i want into a COOKIE and then access the cookie to get the variables i want. How do i restructure my code now? In case of not selecting REMEMBER ME: I check to see if a SESSION is set and i use only the SESSION variables? In case of selecting REMEMBER ME: I check to see if a cookie is set and then retrieve the variables from COOKIE array? If thats the case i will need to check every script to check this? Is there an easier way to configure it? Regards, Chris

So I have a code that is suppose to save form sessions and then redirect to another website. It does redirect but the sessions are never saved when I go back to my site. And yes, I do have session_start() at the very top of the page. And also, the sessions do get saved on locahost server but not live server. Do you know why this is happening? Here's the code example. if(isset($_POST['submit'])) { $name = trim($_POST['name']); $email = trim($_POST['email']); $_SESSION['name'] = $name; $_SESSION['email'] = $email; $errors = array(); $db->beginTransaction(); if(empty($name)) { $errors[] = 'Name is required.'; } if(empty($email)) { $errors[] = 'Email is required.'; } if(empty($errors)) { $db->commit(); $new_url = 'https://www.google.ca/'; ?> <script> window.location.href = '<?php echo $new_url; ?>'; </script> <?php exit(); } else { $db->rollBack(); } }

Hey guys, I wanted to share something with everyone. I hope this is helpful. This is basically a native solution to easily store PHP session data in a MySQL database. Session variables contain data that is saved for a specific user by associating the user with a unique identity. Typically, PHP would store session variables in a local file system on the server by default. While this may be acceptable to many people who are running small to moderate PHP applications, some larger applications that require load balancing would need to be run on multiple servers with a load balancer. In such cases, each server running PHP would need a way to ensure that sessions continue to work properly. One common way to achieve this is to override where PHP opens, reads, writes, and destroys the session variables so that it can perform these operations on a table inside of a MySQL database. When this is performed, the web application can gain advantages such as session management, session logging, and session interactions. I have provided my source code for your reference here: https://github.com/dominicklee/PHP-MySQL-Sessions Hope this helps someone out!

There are lots of discussions about this topic online. My issue wasn't subdomain sessions being recognized by the primary domain (and vice versa), but rather just a subdomain handling things at all. You set something in the subdomain, refresh the page, and then the thing was unset. Here's what I currently have: session_name( "blah" ); ini_set( "session.cookie_domain", '.dev.example.com' ); session_set_cookie_params( 0, '/', '.dev.example.com', true, true ); setcookie( session_name(), session_id(), 0, '/' , '.example.com' ); session_start(); Things that were required, apparently: 1) Session name 2) setcookie Now with this setup, I can do this: start session in dev.example.com, access it in subsub.dev.example.com, go back and forth... session holds as expected. But what I cannot do, is: start session in subsub.dev.example.com, refresh page, have the session data hold. So lots of questions. Obviously the most important: why doesn't a session hold when I start the session in the subsub domain? Why is a session name required? (Is it?) Why is setcookie required when all I want to do is start a session? (Is it?) I don't use this step if it's a single-domain type of setup.

I'm editing the Woocommerce e-mail files, and have got a session working. When it's echoed on the e-mail it appears as expected - "1 Day Health & Safety Awareness Chelmsford". However the if statement is not working. This is shown below, can anyone tell me where I'm going wrong? if (strpos($_SESSION['ahsname'], 'safety awareness') !== false) { // This is what I want to happen, the session should (and does) contain the string shown above //include( get_template_directory() . '/instructions/chelmsford-hsa-ahs.html'); echo "YES"; }else{ // This should not happen but it does! echo "NO "; echo $_SESSION['ahsname']; // the session is echoed with the bit I'm checking for included as mentioned above }

Hi all ! I have an index file which begins as <?php error_reporting(E_ALL); define('INCLUDE_CHECK',true); require_once 'fran_load.php'; session_start(); // works fine with session_start() //sess_start(); // was working fine earlier but is now problematic header("Content-Security-Policy-Report-Only: default-src 'self' img-src 'self' data: https://www.google.com/ https://ajax.googleapis.com/ https://www.gstatic.com/ http://localhost/xampp/franchisee/; report-uri http://localhost/xampp/franchisee/reports/reportcspviolation.php"); // mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); $mysqliDriver = new mysqli_driver(); $mysqliDriver->report_mode = MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT; $timezone = "Asia/Calcutta"; if(function_exists('date_default_timezone_set')) date_default_timezone_set($timezone); // set_exception_handler('exception_handler'); . . . and an email activation request page.verifymail.php which begins as <?php error_reporting(E_ALL); session_start(); header("Content-Security-Policy-Report-Only content=default-src 'self' https://www.google.com/recaptcha/ https://ajax.googleapis.com/ajax/libs/jquery/1.3.2/"); define('INCLUDE_CHECK',true); require_once 'fran_load.php'; /* echo "<pre>"; echo $_SESSION['user_token']; echo "</pre>"; exit(); */ $message = ''; $terminate = false; . . . sess_start() is function sess_start() { $session_name = 'sec_session_id'; // Set a custom session name $secure = false; // Set to true if using https. $httponly = true; // This stops javascript being able to access the session id. ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies. $cookieParams = session_get_cookie_params(); // Gets current cookies params. session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); // 0, /, ''. session_name($session_name); // Sets the session name to the one set above. session_start(); // Start the php session } Earlier all seemed to work well, but suddenly there is an issue. On submitting the form with action = "verifymail.php" which sends from the index.php to verifymail.php, i find that the $_SESSION variable is blank, thereby not maintaining the session on that page. I am setting some session variables in the form before it is submitted. I commented out sess_start() on index.php and simply used session_start() and all seems to work fine. I would like to use sess_start, since I am setting the cookie timeout and other values therein, if I can. Please can someone suggest why this is happening and how it can be overcome to use sess_start(). Thanks all.

Hi, The 'admin' section of my website stopped working a couple of months ago and I'm just trying to fix it - I was getting an error about Session_Register being deprecated and I'm now trying to knife and fork my way around it with results from various google searches. I'm an advanced SQL user but only occasionally dabble with PHP so any help would be appreciated. So, basic set up, login page checks credentials against the DB, a session cookie is set and you're let into the admin area - my script is looping me back to the login page as my !isset is true.....because I can't figure out how to set it with the new functions! This is the login include..... <?php $host="database.lcn.com"; // Host name $username="blahblah"; // Mysql username $password="blahblah"; // Mysql password $db_name="blahblah_db"; // Database name $tbl_name="users"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from form $myusername=$_POST['username']; $mypassword= md5($_POST['pass']); // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM users WHERE is_obv = '1' and username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" $_SESSION['username'] = $myusername; $_SESSION['pass'] = $mypassword; header("location:../admin"); } else { header("location:http://www.web.co.uk/ooops"); } ?> and this is the 'login_success' include that I include on each protected page.... <? session_start(); if(!isset($_SESSION['username'])){ header("location:http://www.web.co.uk/login"); } ?> Darren