Sessions I'm Sick of Them (Please Help Me)

[dual_alliance]

When it comes to sessions l can't get them to work and it is SO frustrating.  I have tried many login script's and once l click any link it logs me out (in IE), l can't use sessions on localhost for some strange reason but l have SMF installed and working fine and another login script which l tried works in firefox but not IE.

How can l make it so sessions work?  Should l use cookies?  I no a session is sortof a cookie as well but l have seen people use cookies and sessions together.  If so can someone please give me an example of a login script using cookies + sessions or just one of the 2, because l am really getting frustrated.

Thankyou,

dual_alliance

[Ninjakreborn]

cookies and sessions, by default are used together.  You don't have to do anything, php does everything for you. 
the first thing, above EVERY page that uses sessions simply have session_start();
at the top with no white space, or nothing above it, keep any echo's a ways away from it or you get header errors.
As far as sesisons to setup a session
$_SESSION['variable'] = "whatever";
that session is set, if it's logging you out then you have to set the session maxlifetime high enough so it doesn't automatically close when the browser shuts down, or also doesn't cut them off in the middle of something either.

[dual_alliance]

I have that on every new page and it doesn't work.  (thats why l'm so fustrated)

[SharkBait]

Show the code that is giving you trouble?

Are you running a web server (like apache) locally on your own machine or is it hosted else where?

[code]
<?php

$_POST['username'] = "SharkBait"  // pretend this was retrieved from a form
$PASS = "myPass";

if(isset($_POST['submit'])) {
  // Check if user submitted a form
  if(!empty($_POST['username'])) {
    $username = $_POST['username'];
  }
  // Check Password
  if($_POST['password'] == $PASS) {
      // passwords match create sessions

      $_SESSION['username'] = $username;
    } else {
      // Password does not match
    }
}
?>
[/code]

Check for a session
[code]
<?php

if(isset($_SESSION['username'])) {
  echo "Hi {$_SESSION['username']}";
} else {
  echo "Session is not set, I don't know who you are";
}
?>
[/code]

[dual_alliance]

Hi SharkBait,

Thats very similar to what l have so I will post the codes l have tried (on localhost and a webhost):

[b]First Code[/b]
<br />
[b]process_login.php[/b]
[code=php:0]<?php

session_start();

header("Cache-control: private");

// Get MySQL Database information






include('db.php');

// Make variables from the form



$Username = $_POST['userName'];



$Password = $_POST['passWord'];

// Remove HTML (if any)

$Username = strip_tags("$Username");

$Password = strip_tags("$Password");

// Connect to server and select database.

mysql_connect("$dbHost", "$dbUserName", "$dbPassWord")or die("Cannot connect to server!");

mysql_select_db("$dbName")or die("Cannot select Database!");

// Does the user exist?



$sql_user_check = "SELECT * FROM users WHERE username=\"$Username\" ";



$result_name_check = mysql_query($sql_user_check);



$usersfound = mysql_num_rows($result_name_check);

// If the user doesn't exist, create error



if ($usersfound < 1) {



$error = "User $Username not found.";

// If the user does exist, continue with processing

}else{

// Check if the passwords match

$sql_pass_get = "SELECT * FROM users WHERE username=\"$Username\" ";

$user_info = mysql_fetch_array(mysql_query($sql_pass_get));

$encryptpass = $user_info['password'];

// If it doesn't match, note that and end
 
if ($encryptpass != md5($Password)) {

// If it does match, let in and pass on info to session variables

}else{

$_SESSION['userid'] = $user_info['userid'];
     
$_SESSION['username'] = $user_info['username'];
     
$_SESSION['password'] = $user_info['password'];

}

}

if (!$_SESSION['username']) {

die ("Invalid password.  Try again.");

}else{

include('admin2.php');

}

?>[/code]
<br />
[b]another page (linked from admin2.php)[/b]
[code=php:0]<?php

session_start();
header("Cache-control: private");
if (!isset($_SESSION['username'])) {
    echo "You aren't logged in.";
    include("index.php");
    exit();
}else{

// rest of code....

}

?>[/code]

[b]Outcome: Doesn't Work![/b]
<br />
[b]Second Code[/b]
<br />
[b]login.php[/b][code=php:0]<?php

// check username and password POST vars exists first, before continuing
if(isset($_POST['username']) && isset($_POST['password']))
{
    session_start();

@mysql_connect('localhost', 'root', '') or die ('Cannot connect');
@mysql_select_db('cokusers');

    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string($_POST['password']);
    $passwords = md5($password);

    $sql = "SELECT * FROM `users` WHERE `username` ='$username' AND `password` ='$passwords'";
    $result = mysql_query($sql) or die(mysql_error());

    // returns numbers of matches found.
    $users = mysql_num_rows($result);

    // if there was 1 result returned, user has successfully logged in
    if ($users == 1)
    {
        $row = mysql_fetch_assoc($result);

        $_SESSION['userid'] = $row['id'];
        $_SESSION['username'] = $row['username'];

        header("Redirect=5; URL=logged_in.php");

        echo "You are logged in! You\'ll be automatically redirected in 5 secounds. ";
        echo 'Or click <a href="logged_in.php">here</a> if you are impatient';
    }
    // user was not logged in, username/password combo incorrect
    else
    {
        echo 'Your Password and/or Username are incorrect<br />Please try agin<br /><br /><a href="index.php">Here</a>';
    }
}
else
{
    die("You have either come to this page in error or you did not fill in the login form!");
}

?>[/code]
<br />
[b]The page it links to[/b]
[code=php:0]<?php
session_start();
if(isset(!$_SESSION['username'])){//if there is nothing in the session
echo 'you are not logged in';
exit;//quit the page so they cant view anything else
}else{

// Rest of code etc.......

}

?>[/code]
<br />
[b]Outcome: Doesn't Work![/b]
<br />
I hope you can see now why l am frustrated with sessions ;D.  Your help is very much appreciated.

[SharkBait]

What happens if you
[code=php:0]
print_f($_SESSION);
[/code]

After you've tried setting the session?

Notice you also have this near the bottom:
[code=php:0]
if(isset(!$_SESSION['username']))) { //ifthere is nothing in seession

// Id change it to this:
if (!isset($_SESSION['username'])) {
[/code]

[akitchin]

no one has bothered to mention that sessions are a SERVER-SIDE issue.  they will not work differently in IE and firefox unless you have different cookie settings in one or the other; even then, it's hard to produce differences.

[dual_alliance]

[quote author=SharkBait link=topic=103762.msg413509#msg413509 date=1155250131]
What happens if you
[code=php:0]
print_f($_SESSION);
[/code]

After you've tried setting the session?

Notice you also have this near the bottom:
[code=php:0]
if(isset(!$_SESSION['username']))) { //ifthere is nothing in seession

// Id change it to this:
if (!isset($_SESSION['username'])) {
[/code]
[/quote]

Nothing changed still the same problem.  akitchin l will try a different free host and tell you what happens

[dual_alliance]

Well a word of advice do not use php01.net to host free php websites.  And the otherone l tried it works in firefox but not IE.  Can any of you guys/girls refer me to a free host that you know works with sessions in IE?

(I am only using a free host now because l trying to make an online game and well l dont want to pay serverpowered.com's large fee's until its completed lol).

Thanks,

dual_alliance

[mainewoods]

I think this statement is wrong:
[code]$sql_user_check = "SELECT * FROM users WHERE username=\"$Username\" ";[/code]
-your usage of double quotes around $Username is wrong.  sql only allows the usage of single quotes in that usage. In fact I believe that should be generating a mysql error because of invalid syntax.

[dual_alliance]

Well l'm using the second code to test it out on hosts so l might leave it.  But thanks for point it out l will remember to edit it if ever l use it.