[SOLVED] Sessions keep on getting lost

[marksie1988]

Hi,

 

i am having an issue with my PM system and the login system of my website, when i go into the pm system and send a new message it will send the message but then the session gets lost and it logs the user out why is this happening?

 

the site is http://www.hyenaandmonkey.com

 

test accout username and password = hyenatest

 

if you need anything else let me know

[jonsjava]

gotta see some code to give you an answer. Best guess is you have a logged-in checker, and you don't have session_start at the top of a page, so when it checks the user, it sees them as not logged in, and redirects them to logout, or something like that.

[marksie1988]

yes i thought the same as you but when i checked the page for the pm system it does have the session file included into the script here is the code that i have for the pm system that creates the new message

 

<?php
include("../../login/include/session.php");
session_start();
?>
<h2>New Message BETA 0.5</h2><br>
<?php
    echo "<a href=\"?folder=inbox\">Inbox</a> |\n";
    echo "<a href=\"?folder=outbox\">Outbox</a></p> |\n";
    echo "<a href=\"?action=send\">New Message</a>\n";

?> 
<?php

// Process the message once it has been sent

if (isset($_POST['newMessage'])) {
  // Escape and prepare our variables for insertion into the database
  // This is also where you would run any sort of editing, such as BBCode parsing
  $to   = mysql_real_escape_string($_POST['to']);
  $from = $_SESSION['username'];
  $sub  = mysql_real_escape_string($_POST['subject']);
  $msg  = mysql_real_escape_string($_POST['message']);
    
  $userauth = mysql_query("SELECT * FROM users WHERE username = '$to'");

  // Handle all your specific error checking here
  if (empty($to) || empty($sub) || empty($msg)) {
    $error = "<p>You must select a recipient and provide a subject and message.</p>";
  }
  elseif(mysql_num_rows($userauth) == 0){
  $error = "<p>You must enter a valid username.</p>";
  }
   else {
   
    $sql1 = "INSERT INTO pm_outbox (`to`, `from`, `time_sent`, `subject`, `message`) VALUES ('$to', '$from', UNIX_TIMESTAMP(), '$sub', '$msg')";
    mysql_query($sql1);
// Notice carefully how we only have to provide the five values we previously discussed
    $sql = "INSERT INTO pm_inbox (`to`, `from`, `time_sent`, `subject`, `message`) VALUES ('$to', '$from', UNIX_TIMESTAMP(), '$sub', '$msg')";
    if (!mysql_query($sql)) {
      $error = "<p>Could not send message!</p>\n";
    } else {
      $message1 = "<p>Message sent successfully!</p>\n";
    }

  }
}

echo isset($error) ? $error : '';
echo isset($message) ? $message1 : '';
echo "<form name=\"newMessage\" action=\"\" method=\"post\">\n";
echo "To:<br />\n";
echo "<input type='text' onkeyup='validateUsername(this.value)' name='to' size='30' value='' /> <span id='response_span'></span><br />";
echo "<br>Subject:<br />\n";
echo "<input type=\"text\" name=\"subject\" value=\"" . (isset($error) ? $_POST['subject'] : '') . "\" maxlength=\"50\" />\n";
echo "<br>Message:<br>\n";
echo "<textarea name=\"message\" cols=\"24\" rows=\"5\">" . (isset($error) ? $_POST['message'] : '') . "</textarea>\n";
echo "<input type=\"submit\" name=\"newMessage\" value=\"Send\" />\n";
echo "</form>\n";
?>
</div>

<?php include('../../inc/footer.php'); ?>

</body>
</html>

 

is there any software or a firefox plugin that i can track what is happening to the cookie

[revraz]

It's probably getting lost, if you switch from www.site.com to just site.com.  So look at the URLs carefully.

And put session_start(); first.

[BlueSkyIS]

is there really space before your <?php tag? if so, i would expect a headers already sent error when you try session_start();

[marksie1988]

It's probably getting lost, if you switch from www.site.com to just site.com.  So look at the URLs carefully.

And put session_start(); first.

 

the session_start(); isnt actually needed as this is set via the sessions.php file that is included i just added that to see if it made a indifference and it didn't

 

there is no whitespace in my code i made sure this had gone.

 

also if it was an issue with the session_start wouldnt it blow the session away on all of my pages? surely it is something within the code above that causes this to happen as no other page does it like this one does

[jonsjava]

I'm at a loss. All I can think of now is that you may have misspelled something in one of your files.  Past that, if every other page keeps the session, and you have your session started when you do the check, I'm completely at a loss (And repeating myself, to boot!)

[marksie1988]

I'm at a loss. All I can think of now is that you may have misspelled something in one of your files.  Past that, if every other page keeps the session, and you have your session started when you do the check, I'm completely at a loss (And repeating myself, to boot!)

 

yea it has been driving me crazy so im just going through my code and striping it down as much as i can to find the bit that is causing this!!

[marksie1988]

ok then i think i have found out what was causing this !!!!

 

it was simply some javascript that i was using to tell a user if the username they entered was valid or not!!