Jump to content


Photo

Session Data Loss


  • Please log in to reply
18 replies to this topic

#1 akrytus

akrytus
  • Members
  • PipPipPip
  • Advanced Member
  • 70 posts

Posted 31 July 2006 - 06:53 PM

I have a user log in and the page redirected to a secure web page.  If the user clicks off that page or it is refreshed the session variables are lost, and requires the user to log back in.  This is extremely innconvient.  Why am I loosing the session data and how do I prevent it from happening?

#2 ryanlwh

ryanlwh
  • Staff Alumni
  • Advanced Member
  • 511 posts

Posted 31 July 2006 - 06:59 PM

check the sessions section in your php.ini. what are the settings? also, register globals can mess up sessions. make sure it's turned off. another possible cause is the session path isn't writable.
Please use EDIT * 100...
Please use
or [php] * 1000...

PLEASE READ THE POSTED SOLUTIONS CAREFULLY * 1000000...

#3 akrytus

akrytus
  • Members
  • PipPipPip
  • Advanced Member
  • 70 posts

Posted 31 July 2006 - 07:16 PM

What kind of settings am I looking for in the ini? It works to open of the first redirected page, but after that is when I loose the data!  My server is being hosted by someone esle using cpanel, do I even have the ability to change the ini, becuase I couldnt find it anywhere?

#4 ryanlwh

ryanlwh
  • Staff Alumni
  • Advanced Member
  • 511 posts

Posted 31 July 2006 - 07:33 PM

create a page with the following code
<?php
echo phpinfo();
?>

Then visit this page. You should be able to see the configs. Look into "Sessions". There will be session timeouts, store path, etc.

You may not be able to change the ini directly, but most hosts allow you to either change some values using .htaccess, or create your own ini override. you can most likely change the settings at runtime using set_ini too.
Please use EDIT * 100...
Please use
or [php] * 1000...

PLEASE READ THE POSTED SOLUTIONS CAREFULLY * 1000000...

#5 nethnet

nethnet
  • Members
  • PipPipPip
  • Advanced Member
  • 284 posts
  • LocationPhiladelphia, PA, USA

Posted 31 July 2006 - 07:35 PM

Are you initializing sessions on each page?  If not, you will lose your data.
"Creativity is allowing yourself to make mistakes. Art is knowing which ones to keep."  --Scott Adams

Current project: nethnet.com

#6 ryanlwh

ryanlwh
  • Staff Alumni
  • Advanced Member
  • 511 posts

Posted 31 July 2006 - 07:37 PM

Are you initializing sessions on each page?  If not, you will lose your data.

ah yes. you have to call session_start() on each page.
Please use EDIT * 100...
Please use
or [php] * 1000...

PLEASE READ THE POSTED SOLUTIONS CAREFULLY * 1000000...

#7 akrytus

akrytus
  • Members
  • PipPipPip
  • Advanced Member
  • 70 posts

Posted 31 July 2006 - 07:44 PM

Ok, I have only created 1 secure page, and yes I have session_start first thing on top.  If I click off that page, then come back, I loose the session data, even on a simple refresh I loose it!  


Here is my php.ini file, please review for any problems:

Session Support  enabled  
Registered save handlers  files user sqlite  
Registered serializer handlers  php php_binary  


session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 4 4
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path no value no value
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid 0 0


#8 ryanlwh

ryanlwh
  • Staff Alumni
  • Advanced Member
  • 511 posts

Posted 31 July 2006 - 07:51 PM

do you redirect the user to a different domain? do you have session_start on the page where the sessions are set too? can you also check register_globals in php.ini? does it not work on a specific browser only?

your session config doesn't seem to have problem. the only thing is that the lifetime is 0, meaning that the session will be deleted upon closing the browser, but it shouldn't affect refreshes. also, i konw IE sometimes have issue with the domain. have you tried it on firefox?
Please use EDIT * 100...
Please use
or [php] * 1000...

PLEASE READ THE POSTED SOLUTIONS CAREFULLY * 1000000...

#9 akrytus

akrytus
  • Members
  • PipPipPip
  • Advanced Member
  • 70 posts

Posted 31 July 2006 - 08:05 PM

do you redirect the user to a different domain?

Nope.

do you have session_start on the page where the sessions are set too?

Yep!

can you also check register_globals in php.ini?

register_globals Off Off


does it not work on a specific browser only?

have you tried it on firefox?

Havnt tried it on another broswer.  Would you like to try?

www.nocrs.net
login:test
pw: test

#10 ryanlwh

ryanlwh
  • Staff Alumni
  • Advanced Member
  • 511 posts

Posted 31 July 2006 - 08:34 PM

try setting your domain path to ".nocrs.net". you probably redirects them to nocrs.net but the previous page is www.nocrs.net when the session is set. in this case, the session would only work with www.nocrs.net.
Please use EDIT * 100...
Please use
or [php] * 1000...

PLEASE READ THE POSTED SOLUTIONS CAREFULLY * 1000000...

#11 ryanlwh

ryanlwh
  • Staff Alumni
  • Advanced Member
  • 511 posts

Posted 31 July 2006 - 08:37 PM

also, when i tried https on the index page, it says 403 forbidden...
Please use EDIT * 100...
Please use
or [php] * 1000...

PLEASE READ THE POSTED SOLUTIONS CAREFULLY * 1000000...

#12 akrytus

akrytus
  • Members
  • PipPipPip
  • Advanced Member
  • 70 posts

Posted 31 July 2006 - 08:38 PM

Makes sense, so I have to contact my hosting service and have them change the domain to .nocrs.net instead of www.nocrs.net?

Does that mean that the password is being sent without encryption?

#13 akrytus

akrytus
  • Members
  • PipPipPip
  • Advanced Member
  • 70 posts

Posted 31 July 2006 - 08:40 PM

But if you start on nocrs.net to begin with then shouldnt the session work for the redirection?  Becuase it doesnt!

#14 nethnet

nethnet
  • Members
  • PipPipPip
  • Advanced Member
  • 284 posts
  • LocationPhiladelphia, PA, USA

Posted 31 July 2006 - 08:43 PM

I tried using your site but none of the pages loaded.  When you click a link to go to a new page, that new page must also have session_start() before the header is sent.  Any page you want sessions to be active on, you need session_start() before the header is sent.  Please double check to make sure you have called this function on all of your pages in question, not just the page that sets the session variables.
"Creativity is allowing yourself to make mistakes. Art is knowing which ones to keep."  --Scott Adams

Current project: nethnet.com

#15 akrytus

akrytus
  • Members
  • PipPipPip
  • Advanced Member
  • 70 posts

Posted 31 July 2006 - 08:49 PM

I have, there only 2 pages in question. 

nocrs.net/index.php - sets the session
nocrs.net/Dealer/dealer.php - php protected page

Both have session_start at the very top before anything else.

If you perform a refresh on the delear.php it will lose the session data.

Here is the data from that page:
<? session_start();
if(!isset($_SESSION['login'])) {   // Not Logged In  ?>
	<meta http-equiv="Refresh" content="0; url=http://nocrs.net/invalid.htm">

<? }
else{  // Continue with the page
?>

Any other suggestions? 

I tried using your site but none of the pages loaded.

Not sure why?  Havent seen any problems!

#16 ryanlwh

ryanlwh
  • Staff Alumni
  • Advanced Member
  • 511 posts

Posted 31 July 2006 - 08:53 PM

Makes sense, so I have to contact my hosting service and have them change the domain to .nocrs.net instead of www.nocrs.net?

Does that mean that the password is being sent without encryption?

what i meant is use ssession_set_cookie_params before session_start, or change the php.ini settings
session_set_cookie_params (0,'/','.nocrs.net');

Please use EDIT * 100...
Please use
or [php] * 1000...

PLEASE READ THE POSTED SOLUTIONS CAREFULLY * 1000000...

#17 Drumminxx

Drumminxx
  • Members
  • PipPipPip
  • Advanced Member
  • 92 posts
  • LocationUSA

Posted 31 July 2006 - 08:56 PM

in your php.ini file you show

session.save_path no value no value

you need to set the save path or the session does not get created
:: gucci.com ::
:: blockbuster.com ::

--------------------

#18 ryanlwh

ryanlwh
  • Staff Alumni
  • Advanced Member
  • 511 posts

Posted 31 July 2006 - 09:56 PM

the save path defaults to /tmp
Please use EDIT * 100...
Please use
or [php] * 1000...

PLEASE READ THE POSTED SOLUTIONS CAREFULLY * 1000000...

#19 akrytus

akrytus
  • Members
  • PipPipPip
  • Advanced Member
  • 70 posts

Posted 04 August 2006 - 04:53 PM

I added the cookie command before the session_start, but this did not help.  I am still loosing the session data.  Any other suggestions?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users