[SOLVED] Session variables being deleted

[andi_unger]

Hello All,

 

I have three php files, index.php, login.php and site.php. Index.php includes site.php or login.php depending on whether the user is logged in or not, respectively.

 

At the very top of my index.php file, I have the line <?php session_start(); ?>, then what follows is that I check whether $_SESSION['auth'] == "true" and if it is, I include site.php if its not, I first of all check whether POST variables "username" and "password" have been set and whether they are correct (by looking up a mysql database). If these are correct, I set $_SESSION['auth'] to "true" and I include site.php. Otherwise, I just include login.php.

 

All login.php contains is a html form for submiting a username and a password and admin.php contains a html form only.

Both forms have this tag: <form method="POST" action="<?php echo $_SERVER['PHP_SELF']?>">

 

Now, the funny thing that happens is that, upon entering the correct username and password, site.php is included and what I see is the site for logged in users. The problem is that, if I hit the "submit" button button in site.php, I see the login page, which means that the session variables are cleared.

 

To debug the problem further, I added this line to the top of both index.php and site.php:  print_r($_SESSION);

 

The interesting thing is that, when I'm logged in, two arrays are printed as follows:

Array

(

 

)

 

and

 

Array

(

    [auth] => true

)

 

I tried doing the following: I created a folder main with only one file index.php containing the lines <?php session_start(); header("Location: "http://www.example.com/site"), so now the original index.php and site.php and I did not put session_start at the top of these two files. The idea is that when I go to www.example.com/main, a session is started and I'm redirected to www.example.com/site. However, I know get an error that the variable _SESSION is unknown, which means that the session is being destroyed.

 

Can someone please help me out? This problem is bugging me. Why isn't the session data persistent?

 

I'm using php5 and my php.ini contains the following lines:

cgi.fix_pathinfo=1

session.save_path=/home/user/tmp

 

and basically nothing else to with sessions or POST data.

 

Cheers,

Andreas

 

 

[ignace]

Post your code so we can examine the problem.

[andi_unger]

Problem solved.

 

In site.php, I had two forms. One for submitting an email address, and a logout button. The logout form was something like this:

 

<form method="POST" action="<?php session_destroy() ?>">

    <input name="logout" type="submit" value="Logout" />

</form>

 

Now the funny thing was that when I successfully logged in, if I refreshed the page, I was automatically logged out. Even without hitting the "logout" button.

 

So, I changed the logout form to this:

 

<form method="POST" action="<?php echo $_SERVER['PHP_SELF'] ?>">

  <input name="logout" type="submit" value="Logout" />

</form>

 

Now, in index.php I check whether the logout form has been submitted, and if it has, I called session_destroy().

 

It works as far as I can tell.

[PFMaBiSmAd]

The action="..." attribute must be a URL.

 

The php code you attempted to put in it -

 

action="<?php session_destroy() ?>"

 

was executed when the page was requested/refreshed because all the php code on the page is executed at the time the page is requested. You cannot "call" php code from the browser. The browser can only request URL's of web pages.