session

[adam291086]

This is really getting to me now, it's driving me mad

 

I have a login script that sets a session['username'] once logged in. when i check this session on other pages all works fine as the re direct doesn't kick in. But on one page all i am doing is

<?php 
session_start();
// is the one accessing this page logged in or not?
echo $_session['username'];
if (!isset ($_SESSION['username'])) 
{
// not logged in, move to login page   
echo "<meta http-equiv=\"refresh\" content=\"0;url=http://www.bcyorkshire.co.uk/admin/login.php\">";
}
?>

i get nothing but the page redirecting. The session is definitely being set because i check it on other page and then navigate to the coding above. Any ideas?

 

 

[dezkit]

session_destroy() ??

[adam291086]

i don't use that anywhere

[jonsjava]

how do you call this page? have you verified that the page that calls this page has session_start()?

<?php 
session_start();
// is the one accessing this page logged in or not?
echo $_SESSION['username'];
if (!isset($_SESSION['username'])) 
{
// not logged in, move to login page   
echo "<meta http-equiv=\"refresh\" content=\"0;url=http://www.bcyorkshire.co.uk/admin/login.php\">";
}
?>

[dezkit]

oh, i think you need a "else" statement.

 

<?php 
session_start();
// is the one accessing this page logged in or not?
echo $_SESSION['username'];
if (!isset($_SESSION['username'])) 
{
// not logged in, move to login page   
echo "<meta http-equiv=\"refresh\" content=\"0;url=http://www.bcyorkshire.co.uk/admin/login.php\">";
} else {
echo "Not logged in.";
}
?>

[rhodesa]

Also, try echoing session_id() on the pages and see if it changes for this page. There is a chance you are using a different php configuration for this file compared to the rest, and therefore it will cause it to have a completely different session.

[adam291086]

adding the else statemate did nothing.

 

to call the page by a header('Location: http://www.example.com/');

 

i have tried copying the exact same code for looking at the session from another page that works

[jonsjava]

I guess what I'm wondering: does the page that it's redirected from have session_start()?

[adam291086]

yes ever page has session_start() because i check it for security reasons

[jonsjava]

Ok, there are only 3 ways I can think of that would cause this to happen:

1: the referring page does not have session_start()

2: you have destroyed the session prior to hitting that page

3: the session variable is improperly named.  Until you can say for a fact that you have checked each of these, I'm not sure we can help. Saying that every page has it is just saying "I know I coded it in, so I'm not going to look".  We all miss things. Heck, I miss stuff while helping, and that's embarrassing, but it happens.

[rhodesa]

Ok, there are only 3 ways I can think of that would cause this to happen:

1: the referring page does not have session_start()

2: you have destroyed the session prior to hitting that page

3: the session variable is improperly named.  Until you can say for a fact that you have checked each of these, I'm not sure we can help. Saying that every page has it is just saying "I know I coded it in, so I'm not going to look".  We all miss things. Heck, I miss stuff while helping, and that's embarrassing, but it happens.

 

-Navigating to a page WITHOUT session_start() between pages with them will not destroy the session.

-Did you try echoing the session_id()?

-Do you have full error reporting turned on?

[adam291086]

ok,

 

i have loaded up my login script and copied the session id straight into the page i am referring to it. Still nothing. I have tried echoing out the id but also get nothing. I have error_reporting(E_ALL); and still nothing.

 

It works fine on some pages but not this one

 

 

 

[jonsjava]

could we see the part where you define the sessions? maybe that could help.

[adam291086]

<?php
// we must never forget to start the session
session_start(); 
$errorMessage = '';
  $userId = $_POST['txtUserId'];
   $password = $_POST['txtPassword'];
   
   mysql_real_escape_string($userId);
   mysql_real_escape_string($password);
include '../database/config.php';
// check if the user id and password combination exist in database
$conn;   
$sql = "SELECT user_name
           FROM tbl_auth_user
           WHERE user_name = '$userId' 
                 AND user_password = PASSWORD('$password')";

   $result = mysql_query($sql) 
             or die('Query failed. ' . mysql_error()); 

   if (mysql_num_rows($result) == 1) {
      // the user id and password match, 
      // set the session

      $_SESSION['db_is_logged_in'] = true;



  // adds the username to session
     
   $row = mysql_fetch_assoc($result);
        $_SESSION['username'] = $row['user_name'];


      // after login we move to the main page
      header('Location: main.php');
      exit;
   } else {
      $errorMessage = 'Sorry, wrong user id / password';
   }

   include '../database/closedb.php';


if ($errorMessage != '') {
?>
<p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p>
<?php
}
?>

[jonsjava]

everything looks fine...........

try this:

<?php
session_start();
print_r($_SESSION);
?>

[adam291086]

that just gives me Array()

[BlueSkyIS]

not quite fine...

 

this:

 

  mysql_real_escape_string($userId);
  mysql_real_escape_string($password);

 

should be this:

 

$userID = mysql_real_escape_string($userId);
$password = mysql_real_escape_string($password);

 

and i'm not sure what this is supposed to be doing, but it's not doing anything:

 

$conn;

[PFMaBiSmAd]

Your redirect is using both a hostname (www.) and it has a path (/admin/) if either of these are different from the page you started on and the session cookie domain and session cookie path settings are not set to allow the cookie to work for a different hostname or path, then your session won't carry over to the new page.

 

You would need to show us the url of the page you start on and you need to check the session cookie settings.

[BlueSkyIS]

assuming the settings are default, that wouldn't be the case. i've never seen it the way you've described, so i expect someone would have to intentionally hose the sessions, er, 'change the configuration' to make it act like that. in which case, "anything goes": your configuration is hosed.

[adam291086]

ok, i select the radio button of the event i want to edit/delete, the url of this page is http://www.bcyorkshire.co.uk/admin/event/adminevent.php

 

 

I then click on the button change selected which sends the event id to the modifyevent.php code, url will be http://www.bcyorkshire.co.uk/admin/event/modifyevent.php. In here the scripts finds out what the user wanted to do i.e edit or delete the event. If its edit then header("Location: http://bcyorkshire.co.uk/admin/rte/editeventsrte.php?event=$id"); if its delete just show deleted event on the screen

 

 

[PFMaBiSmAd]

you need to check the session cookie settings.

 

So, what are your settings for session.cookie_path and session.cookie_domain.

[adam291086]

bump

[PFMaBiSmAd]

You set error_reporting, but are display errors on?

 

ini_set ("display_errors", "1");

 

Also, did you check the actual settings for the session cookie? Until you do, you won't know if that is what is causing the problem.

[adam291086]

sorry how do i check the cookie settings? do you mean of my browser?

[adam291086]

just added in the error checking and i get nothing