adam291086 Posted May 16, 2008 Share Posted May 16, 2008 This is really getting to me now, it's driving me mad I have a login script that sets a session['username'] once logged in. when i check this session on other pages all works fine as the re direct doesn't kick in. But on one page all i am doing is <?php session_start(); // is the one accessing this page logged in or not? echo $_session['username']; if (!isset ($_SESSION['username'])) { // not logged in, move to login page echo "<meta http-equiv=\"refresh\" content=\"0;url=http://www.bcyorkshire.co.uk/admin/login.php\">"; } ?> i get nothing but the page redirecting. The session is definitely being set because i check it on other page and then navigate to the coding above. Any ideas? Quote Link to comment Share on other sites More sharing options...
dezkit Posted May 16, 2008 Share Posted May 16, 2008 session_destroy() ?? Quote Link to comment Share on other sites More sharing options...
adam291086 Posted May 16, 2008 Author Share Posted May 16, 2008 i don't use that anywhere Quote Link to comment Share on other sites More sharing options...
jonsjava Posted May 16, 2008 Share Posted May 16, 2008 how do you call this page? have you verified that the page that calls this page has session_start()? <?php session_start(); // is the one accessing this page logged in or not? echo $_SESSION['username']; if (!isset($_SESSION['username'])) { // not logged in, move to login page echo "<meta http-equiv=\"refresh\" content=\"0;url=http://www.bcyorkshire.co.uk/admin/login.php\">"; } ?> Quote Link to comment Share on other sites More sharing options...
dezkit Posted May 16, 2008 Share Posted May 16, 2008 oh, i think you need a "else" statement. <?php session_start(); // is the one accessing this page logged in or not? echo $_SESSION['username']; if (!isset($_SESSION['username'])) { // not logged in, move to login page echo "<meta http-equiv=\"refresh\" content=\"0;url=http://www.bcyorkshire.co.uk/admin/login.php\">"; } else { echo "Not logged in."; } ?> Quote Link to comment Share on other sites More sharing options...
rhodesa Posted May 16, 2008 Share Posted May 16, 2008 Also, try echoing session_id() on the pages and see if it changes for this page. There is a chance you are using a different php configuration for this file compared to the rest, and therefore it will cause it to have a completely different session. Quote Link to comment Share on other sites More sharing options...
adam291086 Posted May 16, 2008 Author Share Posted May 16, 2008 adding the else statemate did nothing. to call the page by a header('Location: http://www.example.com/'); i have tried copying the exact same code for looking at the session from another page that works Quote Link to comment Share on other sites More sharing options...
jonsjava Posted May 16, 2008 Share Posted May 16, 2008 I guess what I'm wondering: does the page that it's redirected from have session_start()? Quote Link to comment Share on other sites More sharing options...
adam291086 Posted May 16, 2008 Author Share Posted May 16, 2008 yes ever page has session_start() because i check it for security reasons Quote Link to comment Share on other sites More sharing options...
jonsjava Posted May 16, 2008 Share Posted May 16, 2008 Ok, there are only 3 ways I can think of that would cause this to happen: 1: the referring page does not have session_start() 2: you have destroyed the session prior to hitting that page 3: the session variable is improperly named. Until you can say for a fact that you have checked each of these, I'm not sure we can help. Saying that every page has it is just saying "I know I coded it in, so I'm not going to look". We all miss things. Heck, I miss stuff while helping, and that's embarrassing, but it happens. Quote Link to comment Share on other sites More sharing options...
rhodesa Posted May 16, 2008 Share Posted May 16, 2008 Ok, there are only 3 ways I can think of that would cause this to happen: 1: the referring page does not have session_start() 2: you have destroyed the session prior to hitting that page 3: the session variable is improperly named. Until you can say for a fact that you have checked each of these, I'm not sure we can help. Saying that every page has it is just saying "I know I coded it in, so I'm not going to look". We all miss things. Heck, I miss stuff while helping, and that's embarrassing, but it happens. -Navigating to a page WITHOUT session_start() between pages with them will not destroy the session. -Did you try echoing the session_id()? -Do you have full error reporting turned on? Quote Link to comment Share on other sites More sharing options...
adam291086 Posted May 16, 2008 Author Share Posted May 16, 2008 ok, i have loaded up my login script and copied the session id straight into the page i am referring to it. Still nothing. I have tried echoing out the id but also get nothing. I have error_reporting(E_ALL); and still nothing. It works fine on some pages but not this one Quote Link to comment Share on other sites More sharing options...
jonsjava Posted May 16, 2008 Share Posted May 16, 2008 could we see the part where you define the sessions? maybe that could help. Quote Link to comment Share on other sites More sharing options...
adam291086 Posted May 16, 2008 Author Share Posted May 16, 2008 <?php // we must never forget to start the session session_start(); $errorMessage = ''; $userId = $_POST['txtUserId']; $password = $_POST['txtPassword']; mysql_real_escape_string($userId); mysql_real_escape_string($password); include '../database/config.php'; // check if the user id and password combination exist in database $conn; $sql = "SELECT user_name FROM tbl_auth_user WHERE user_name = '$userId' AND user_password = PASSWORD('$password')"; $result = mysql_query($sql) or die('Query failed. ' . mysql_error()); if (mysql_num_rows($result) == 1) { // the user id and password match, // set the session $_SESSION['db_is_logged_in'] = true; // adds the username to session $row = mysql_fetch_assoc($result); $_SESSION['username'] = $row['user_name']; // after login we move to the main page header('Location: main.php'); exit; } else { $errorMessage = 'Sorry, wrong user id / password'; } include '../database/closedb.php'; if ($errorMessage != '') { ?> <p align="center"><strong><font color="#990000"><?php echo $errorMessage; ?></font></strong></p> <?php } ?> Quote Link to comment Share on other sites More sharing options...
jonsjava Posted May 16, 2008 Share Posted May 16, 2008 everything looks fine........... try this: <?php session_start(); print_r($_SESSION); ?> Quote Link to comment Share on other sites More sharing options...
adam291086 Posted May 16, 2008 Author Share Posted May 16, 2008 that just gives me Array() Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted May 16, 2008 Share Posted May 16, 2008 not quite fine... this: mysql_real_escape_string($userId); mysql_real_escape_string($password); should be this: $userID = mysql_real_escape_string($userId); $password = mysql_real_escape_string($password); and i'm not sure what this is supposed to be doing, but it's not doing anything: $conn; Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted May 16, 2008 Share Posted May 16, 2008 Your redirect is using both a hostname (www.) and it has a path (/admin/) if either of these are different from the page you started on and the session cookie domain and session cookie path settings are not set to allow the cookie to work for a different hostname or path, then your session won't carry over to the new page. You would need to show us the url of the page you start on and you need to check the session cookie settings. Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted May 16, 2008 Share Posted May 16, 2008 assuming the settings are default, that wouldn't be the case. i've never seen it the way you've described, so i expect someone would have to intentionally hose the sessions, er, 'change the configuration' to make it act like that. in which case, "anything goes": your configuration is hosed. Quote Link to comment Share on other sites More sharing options...
adam291086 Posted May 16, 2008 Author Share Posted May 16, 2008 ok, i select the radio button of the event i want to edit/delete, the url of this page is http://www.bcyorkshire.co.uk/admin/event/adminevent.php I then click on the button change selected which sends the event id to the modifyevent.php code, url will be http://www.bcyorkshire.co.uk/admin/event/modifyevent.php. In here the scripts finds out what the user wanted to do i.e edit or delete the event. If its edit then header("Location: http://bcyorkshire.co.uk/admin/rte/editeventsrte.php?event=$id"); if its delete just show deleted event on the screen Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted May 16, 2008 Share Posted May 16, 2008 you need to check the session cookie settings. So, what are your settings for session.cookie_path and session.cookie_domain. Quote Link to comment Share on other sites More sharing options...
adam291086 Posted May 17, 2008 Author Share Posted May 17, 2008 bump Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted May 17, 2008 Share Posted May 17, 2008 You set error_reporting, but are display errors on? ini_set ("display_errors", "1"); Also, did you check the actual settings for the session cookie? Until you do, you won't know if that is what is causing the problem. Quote Link to comment Share on other sites More sharing options...
adam291086 Posted May 17, 2008 Author Share Posted May 17, 2008 sorry how do i check the cookie settings? do you mean of my browser? Quote Link to comment Share on other sites More sharing options...
adam291086 Posted May 17, 2008 Author Share Posted May 17, 2008 just added in the error checking and i get nothing Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.