akrytus Posted July 31, 2006 Share Posted July 31, 2006 I have a user log in and the page redirected to a secure web page. If the user clicks off that page or it is refreshed the session variables are lost, and requires the user to log back in. This is extremely innconvient. Why am I loosing the session data and how do I prevent it from happening? Quote Link to comment Share on other sites More sharing options...
ryanlwh Posted July 31, 2006 Share Posted July 31, 2006 check the sessions section in your php.ini. what are the settings? also, register globals can mess up sessions. make sure it's turned off. another possible cause is the session path isn't writable. Quote Link to comment Share on other sites More sharing options...
akrytus Posted July 31, 2006 Author Share Posted July 31, 2006 What kind of settings am I looking for in the ini? It works to open of the first redirected page, but after that is when I loose the data! My server is being hosted by someone esle using cpanel, do I even have the ability to change the ini, becuase I couldnt find it anywhere? Quote Link to comment Share on other sites More sharing options...
ryanlwh Posted July 31, 2006 Share Posted July 31, 2006 create a page with the following code[code]<?phpecho phpinfo();?>[/code]Then visit this page. You should be able to see the configs. Look into "Sessions". There will be session timeouts, store path, etc.You may not be able to change the ini directly, but most hosts allow you to either change some values using .htaccess, or create your own ini override. you can most likely change the settings at runtime using set_ini too. Quote Link to comment Share on other sites More sharing options...
nethnet Posted July 31, 2006 Share Posted July 31, 2006 Are you initializing sessions on each page? If not, you will lose your data. Quote Link to comment Share on other sites More sharing options...
ryanlwh Posted July 31, 2006 Share Posted July 31, 2006 [quote author=nethnet link=topic=102472.msg406698#msg406698 date=1154374538]Are you initializing sessions on each page? If not, you will lose your data.[/quote]ah yes. you have to call session_start() on each page. Quote Link to comment Share on other sites More sharing options...
akrytus Posted July 31, 2006 Author Share Posted July 31, 2006 Ok, I have only created 1 secure page, and yes I have session_start first thing on top. If I click off that page, then come back, I loose the session data, even on a simple refresh I loose it! Here is my php.ini file, please review for any problems:Session Support enabled Registered save handlers files user sqlite Registered serializer handlers php php_binary session.auto_start Off Off session.bug_compat_42 On On session.bug_compat_warn On On session.cache_expire 180 180 session.cache_limiter nocache nocache session.cookie_domain no value no value session.cookie_lifetime 0 0 session.cookie_path / / session.cookie_secure Off Off session.entropy_file no value no value session.entropy_length 0 0 session.gc_divisor 100 100 session.gc_maxlifetime 1440 1440 session.gc_probability 1 1 session.hash_bits_per_character 4 4 session.hash_function 0 0 session.name PHPSESSID PHPSESSID session.referer_check no value no value session.save_handler files files session.save_path no value no value session.serialize_handler php php session.use_cookies On On session.use_only_cookies Off Off session.use_trans_sid 0 0 Quote Link to comment Share on other sites More sharing options...
ryanlwh Posted July 31, 2006 Share Posted July 31, 2006 do you redirect the user to a different domain? do you have session_start on the page where the sessions are set too? can you also check register_globals in php.ini? does it not work on a specific browser only?your session config doesn't seem to have problem. the only thing is that the lifetime is 0, meaning that the session will be deleted upon closing the browser, but it shouldn't affect refreshes. also, i konw IE sometimes have issue with the domain. have you tried it on firefox? Quote Link to comment Share on other sites More sharing options...
akrytus Posted July 31, 2006 Author Share Posted July 31, 2006 [quote]do you redirect the user to a different domain?[/quote]Nope.[quote]do you have session_start on the page where the sessions are set too?[/quote]Yep![quote]can you also check register_globals in php.ini?[/quote]register_globals Off Off [quote]does it not work on a specific browser only?[/quote][quote]have you tried it on firefox?[/quote]Havnt tried it on another broswer. Would you like to try?www.nocrs.netlogin:testpw: test Quote Link to comment Share on other sites More sharing options...
ryanlwh Posted July 31, 2006 Share Posted July 31, 2006 try setting your domain path to ".nocrs.net". you probably redirects them to nocrs.net but the previous page is www.nocrs.net when the session is set. in this case, the session would only work with www.nocrs.net. Quote Link to comment Share on other sites More sharing options...
ryanlwh Posted July 31, 2006 Share Posted July 31, 2006 also, when i tried https on the index page, it says 403 forbidden... Quote Link to comment Share on other sites More sharing options...
akrytus Posted July 31, 2006 Author Share Posted July 31, 2006 Makes sense, so I have to contact my hosting service and have them change the domain to .nocrs.net instead of www.nocrs.net?Does that mean that the password is being sent without encryption? Quote Link to comment Share on other sites More sharing options...
akrytus Posted July 31, 2006 Author Share Posted July 31, 2006 But if you start on nocrs.net to begin with then shouldnt the session work for the redirection? Becuase it doesnt! Quote Link to comment Share on other sites More sharing options...
nethnet Posted July 31, 2006 Share Posted July 31, 2006 I tried using your site but none of the pages loaded. When you click a link to go to a new page, that new page must also have session_start() before the header is sent. Any page you want sessions to be active on, you need session_start() before the header is sent. Please double check to make sure you have called this function on all of your pages in question, not just the page that sets the session variables. Quote Link to comment Share on other sites More sharing options...
akrytus Posted July 31, 2006 Author Share Posted July 31, 2006 I have, there only 2 pages in question. nocrs.net/index.php - sets the sessionnocrs.net/Dealer/dealer.php - php protected pageBoth have session_start at the very top before anything else.If you perform a refresh on the delear.php it will lose the session data.Here is the data from that page:[code]<? session_start();if(!isset($_SESSION['login'])) { // Not Logged In ?> <meta http-equiv="Refresh" content="0; url=http://nocrs.net/invalid.htm"><? }else{ // Continue with the page?>[/code]Any other suggestions? [quote]I tried using your site but none of the pages loaded.[/quote]Not sure why? Havent seen any problems! Quote Link to comment Share on other sites More sharing options...
ryanlwh Posted July 31, 2006 Share Posted July 31, 2006 [quote author=akrytus link=topic=102472.msg406754#msg406754 date=1154378292]Makes sense, so I have to contact my hosting service and have them change the domain to .nocrs.net instead of www.nocrs.net?Does that mean that the password is being sent without encryption?[/quote]what i meant is use ssession_set_cookie_params before session_start, or change the php.ini settings [code]session_set_cookie_params (0,'/','.nocrs.net');[/code] Quote Link to comment Share on other sites More sharing options...
Drumminxx Posted July 31, 2006 Share Posted July 31, 2006 in your php.ini file you showsession.save_path no value no valueyou need to set the save path or the session does not get created Quote Link to comment Share on other sites More sharing options...
ryanlwh Posted July 31, 2006 Share Posted July 31, 2006 the save path defaults to /tmp Quote Link to comment Share on other sites More sharing options...
akrytus Posted August 4, 2006 Author Share Posted August 4, 2006 I added the cookie command before the session_start, but this did not help. I am still loosing the session data. Any other suggestions? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.