Jump to content

[SOLVED] Problem with sessions

Nick_Ninja

By Nick_Ninja
in PHP Coding Help

 Share

Recommended Posts

Nick_Ninja Newbie

Nick_Ninja

Posted
Posted

My code was forgetting sessions as soon as the script ended. Thinking that php.ini was to blame I changed it from

[ Session ]
; Handler used to store/retrieve data.
session.save_handler = files

; Argument passed to save_handler.  In the case of files, this is the path
; where data files are stored. Note: Windows users have to change this
; variable in order to use PHP's session functions.
;
; As of PHP 4.0.1, you can define the path as:
;
;       session.save_path = "N;/path"

New session configuration

; Argument passed to save_handler.  In the case of files, this is the path
; where data files are stored. Note: Windows users have to change this
; variable in order to use PHP's session functions.
;
; As of PHP 4.0.1, you can define the path as:
;
session.save_path = "0;/var/www-session"

 

 

Code to blame:

login.php

<?php
if(isset($_SESSION)) {
header('Location: base.php');
exit();
} elseif(isset($_POST['submit'])) {
# form submitted
if(isset($_POST['username']) && isset($_POST['password'])) {
	# both exist
	include "pwcheck.php";
	if(pwcheck($_POST['username'], md5($_POST['password']))) {
		# login correct
		session_start();
		$_SESSION['username'] = $_POST['username'];
		$_SESSION = array();
		if(isset($_SESSION)) {
			header('Location: base.php');
		} else {
			echo 'session failed';
		}
	} else {
		# login incorrect
		print "<font color=red>Wrong Login.</font>";
		show_password_form();
	}
} else {
	print "Form problem";
	show_password_form();
}
} else {
show_password_form();
}
function show_password_form() {
$title = "Login";
include "header.php";
?>
<h1>Login</h1>
<div class = box>
<form method = POST>
<b>Username: </b><input type = text name = username><br />
<b>Password: </b><input type = password name = password><br />
<input type = submit name = submit value = Login><br />
<a href = "register.php">Register</a>
</div>
<?php
include "footer.php";
}
?>

This worked fine. The password/username is accepted, the session is started, the user is redirected.

Then the session is forgotten, and the user is redirected back to the login page.

Excerpt from base.php:

 

include "redirect.php"; #BUG HERE - redirects to login even if logged in
# the user is logged in if the script gets to this point.

 

redirect.php

<?php
if(isset($_SESSION)) {
#user is logged in
} else {
header('Location: login.php');
exit();
}
?>

Link to comment
https://forums.phpfreaks.com/topic/109418-solved-problem-with-sessions/
Share on other sites
Nick_Ninja Newbie

Nick_Ninja

Posted
  • Author
Posted

I don't see any call to session_start() within redirect.php

??? Why would redirect.php start the session? The session signifies that the user is logged in.

...or login.php.  At the very beginning you are checking for the session array but there's no session_start() before that to let your script know there could be.

A. Yes, there IS a call to session_start()

if(pwcheck($_POST['username'], md5($_POST['password']))) {
		# login correct
		session_start(); # <-------- RIGHT HERE
		$_SESSION['username'] = $_POST['username'];

B. The script is checking to see if the user is logged in. If they are (ie. the session is started) there's no point in logging in again.

.josh Advanced Member

.josh

Posted
Posted

session_start() has to be the FIRST line of code of every page you want to use Sessions on.

I was under the impression that it only has to be before headers are sent

 

You are right. But, you need to put it before you make calls to session variables, which you don't seem to be doing, hence the previous posts.

Nick_Ninja Newbie

Nick_Ninja

Posted
  • Author
Posted

Since you have

 

if(isset($_SESSION)) {

 

as your first line, how can you check it if you haven't started it?

 

Umm... Correct me if I am wrong, but my impression is that isset() does not cause errors with the session. I will try turning on the highest level on error reporting.

 

error_reporting(E_ALL);

 

Edit: Didn't show anything.

.josh Advanced Member

.josh

Posted
Posted

I don't think you're understanding the point.  The point is, you cannot use session variables unless php knows there are session variables.  your condition works perfectly fine from PHP's point of view; you won't be getting any errors thrown at you. 

 

The problem is that it's not working as you expect, because unless you tell PHP that there are session variables in play (by putting session_start() BEFORE using them), it's going to always evaluate that condition as FALSE, because as far as PHP is concerned, it doesn't exist, because you didn't tell PHP that there are session variables. 

 

You did indeed use session_start() later on in your script for your other variables, but that doesn't do squat for you trying to use them BEFORE you used it. 

 

I don't really understand what you don't get about that...PHP cannot access session variables unless it knows there's a session.  It knows there's a session because you put session_start() before trying to use session variables.  I really don't know how else to put that. 

revraz Member

revraz

Posted
Posted

It won't cause an error, but your IF statement won't work either because the session isn't started.  So everything under that IF won't even be ran.

 

So why not just add the session_start() at the top?  Or would you rather go back and forth about it.

jonsjava Member

jonsjava

Posted
Posted

you have an infinite loop going on.  Hm... *trying to remember how he fixed that problem when he did that to himself*

This version of the code makes more sense (well, to me....*sigh, need to get more sleep*)

<?php
session_start();
if(isset($_SESSION)) {
header('Location: base.php');
exit();
} 
elseif(isset($_POST['submit'])) {
# form submitted
if(isset($_POST['username']) && isset($_POST['password'])) {
	# both exist
	include "pwcheck.php";
	if(pwcheck($_POST['username'], md5($_POST['password']))) {
		# login correct
		$_SESSION['username'] = $_POST['username'];
		$_SESSION = array();
	}
	if(isset($_SESSION)) {
		header('Location: base.php');
	} 
	else {
		echo 'session failed';
	}
} 
else {
	# login incorrect
	print "<font color=red>Wrong Login.</font>";
	show_password_form();
}
} 
else {
print "Form problem";
show_password_form();
}
function show_password_form() {
$title = "Login";
include "header.php";
?>
<h1>Login</h1>
<div class = box>
<form method = POST>
<b>Username: </b><input type = text name = username><br />
<b>Password: </b><input type = password name = password><br />
<input type = submit name = submit value = Login><br />
<a href = "register.php">Register</a>
</div>
<?php
include "footer.php";
}
?>

  • 2 weeks later...
Nick_Ninja Newbie

Nick_Ninja

Posted
  • Author
Posted

Been away from boards for a while.

 

I tested the script again, and then I looked in the www-session folder I made for saving sessions. As expected, the session script creates the session file. It's empty. There isn't even binary data in it.

 

@DarkWater:

 

EDIT WHILE WRITING POST:

AAAUGALKDSJF! www-data has access to CREATE files in www-session, but not to WRITE them.

AAAUGALKDSJF (number two)! I'm clearing session data by assigning an array to it in login.php.

It works fine now, except for this minor problem I'm having with mysql... but that's a different thread (provided I cannot figure it out)

 

Thanks for the contributions of the people in this thread!

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.