Jump to content

Session Data Loss


akrytus

Recommended Posts

I have a user log in and the page redirected to a secure web page.  If the user clicks off that page or it is refreshed the session variables are lost, and requires the user to log back in.  This is extremely innconvient.  Why am I loosing the session data and how do I prevent it from happening?
Link to comment
Share on other sites

What kind of settings am I looking for in the ini? It works to open of the first redirected page, but after that is when I loose the data!  My server is being hosted by someone esle using cpanel, do I even have the ability to change the ini, becuase I couldnt find it anywhere?
Link to comment
Share on other sites

create a page with the following code
[code]<?php
echo phpinfo();
?>[/code]

Then visit this page. You should be able to see the configs. Look into "Sessions". There will be session timeouts, store path, etc.

You may not be able to change the ini directly, but most hosts allow you to either change some values using .htaccess, or create your own ini override. you can most likely change the settings at runtime using set_ini too.
Link to comment
Share on other sites

Ok, I have only created 1 secure page, and yes I have session_start first thing on top.  If I click off that page, then come back, I loose the session data, even on a simple refresh I loose it!  


Here is my php.ini file, please review for any problems:

Session Support  enabled  
Registered save handlers  files user sqlite  
Registered serializer handlers  php php_binary  


session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 4 4
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path no value no value
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid 0 0
Link to comment
Share on other sites

do you redirect the user to a different domain? do you have session_start on the page where the sessions are set too? can you also check register_globals in php.ini? does it not work on a specific browser only?

your session config doesn't seem to have problem. the only thing is that the lifetime is 0, meaning that the session will be deleted upon closing the browser, but it shouldn't affect refreshes. also, i konw IE sometimes have issue with the domain. have you tried it on firefox?
Link to comment
Share on other sites

[quote]do you redirect the user to a different domain?[/quote]
Nope.

[quote]do you have session_start on the page where the sessions are set too?[/quote]
Yep!

[quote]can you also check register_globals in php.ini?[/quote]
register_globals Off Off


[quote]does it not work on a specific browser only?
[/quote][quote]have you tried it on firefox?[/quote]
Havnt tried it on another broswer.  Would you like to try?

www.nocrs.net
login:test
pw: test
Link to comment
Share on other sites

I tried using your site but none of the pages loaded.  When you click a link to go to a new page, that new page must also have session_start() before the header is sent.  Any page you want sessions to be active on, you need session_start() before the header is sent.  Please double check to make sure you have called this function on all of your pages in question, not just the page that sets the session variables.
Link to comment
Share on other sites

I have, there only 2 pages in question. 

nocrs.net/index.php - sets the session
nocrs.net/Dealer/dealer.php - php protected page

Both have session_start at the very top before anything else.

If you perform a refresh on the delear.php it will lose the session data.

Here is the data from that page:
[code]
<? session_start();
if(!isset($_SESSION['login'])) {  // Not Logged In  ?>
<meta http-equiv="Refresh" content="0; url=http://nocrs.net/invalid.htm">

<? }
else{  // Continue with the page
?>[/code]

Any other suggestions? 

[quote]I tried using your site but none of the pages loaded.[/quote]
Not sure why?  Havent seen any problems!
Link to comment
Share on other sites

[quote author=akrytus link=topic=102472.msg406754#msg406754 date=1154378292]
Makes sense, so I have to contact my hosting service and have them change the domain to .nocrs.net instead of www.nocrs.net?

Does that mean that the password is being sent without encryption?
[/quote]
what i meant is use ssession_set_cookie_params before session_start, or change the php.ini settings
[code]session_set_cookie_params (0,'/','.nocrs.net');[/code]
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.