Jump to content

Not seeing the $_SESSION['username'] 1st time round

freelance84

By freelance84
in PHP Coding Help

 Share

Recommended Posts

freelance84 Advanced Member

freelance84

Posted
Posted

Ok I really don't get whats going on here.

 

When a user logs in their details are passed to the authenticate.php, if the password and username...etc is all ok the script then runs through the following lines:

session_start();
	$_SESSION['ID']		  = $row[0];
	$_SESSION['username'] = $row[1];
	$_SESSION['type']     = $row[3];
	$_SESSION['email']    = $row[4];
	$_SESSION['forename'] = $row[5];
	$_SESSION['surname']  = $row[6];
	$_SESSION['ip'] 	  = $unique;
	$_SESSION['current_year'] = ' - 09/10';

	if ($row[3] == '1')
		{
			header("location:http://www.mysite.net/adw.php");
			exit();
		}
	elseif ($row[3] == '2')
		{
			header("location:http://www.mysite.net/sct.php");
			exit();
		}
	elseif ($row[3] == '3')
	       {
			header("location:http://www.mysite.net/mct.php");
			exit();
		}

 

If a user type 3 has logged in, they then go to the relevant page...mct.php, this page checks the session variables before loading:

<?php
session_start();
if (isset($_SESSION['username']))
{
$u_ID = $_SESSION['ID'];
$u_name = $_SESSION['username'];
$u_type = $_SESSION['type'];
$u_forename = $_SESSION['forename'];
$u_surname = $_SESSION['surname'];
if($u_type == 3 or $u_type == 1)
{
                content of the page
}
else echo "Sorry something has gone wrong with your user type.  
Please <a href=index.php>click here</a> to log in again.";
}
else {header("location:http://www.mysite.net?no session username");}
?>

 

 

There is a problem.

 

If I clear all the histories of my browser, close the browser, restart and log in, I go to the correct page and it loads.

 

If I am logged in, but then I close the browser. When I come back to login, after logging in ...mct.php doesn't see the $_SESSION['username'] and then goes straight to the bottom of the page which is a header() back to http://www.mysite.net?no session username.

The wierd thing is here however is that if I then press back in the browser after this, it loads mct.php fine. This indicates that the $_SESSION['username'] was set ok to start with by the authenticate.php

 

If I am logged into the site but then press "log out", this directs to logout.php, destroys all session data...etc and goes back to the login page. If I try to login again after logging out everything is fine. I can even restart the browser and log back in fine.

 

 

Any ideas here would be very much appreciated, i'm completely stumped, i've through everything several times and can't understand why this is happening. It really annoying!

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

It sounds like you are switching back and forth between urls that have and don't have www. in them and you have not setup the session.cookie_domain setting to match all variations of your domain and/or you have some header() redirects that don't have an exit statement after them and your code that is being executed on a page after the header() redirect is modifying the session variables.

Link to comment
Share on other sites
freelance84 Advanced Member

freelance84

Posted
  • Author
Posted

After assuming the problem had been solved, I found today it had not.

 

Upon re-reading the post by PFMaBiSmAd again I realised there might be a problem with not entering the www. before my domain name.

 

I therefore tested this and indeed the SESSIONS were not being created from the index.php If i did not put www. before the domain.

 

I therefore put the following code at the top:

// Using HTTP_HOST to make sure www. is there
$domain = $_SERVER['HTTP_HOST'];
$domain_1st_4 = substr_replace($domain,"",+4);
if($domain_1st_4 != 'www.')
{
		header("location:http://www.mysite.net");
		exit();
}

 

I think I have truly fixed the problem now.

 

Is the code above the most efficient way?

Link to comment
Share on other sites
freelance84 Advanced Member

freelance84

Posted
  • Author
Posted

ah, I didn't realise you could achieve the same thing within .htaccess

 

I've also just looked further into session.cookie_domain, did'nt realise it was a php.ini setting (i thought it was a cookie to write)

 

Is there a most efficient way or is it 6 and two 3's?

 

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

If you will never have any other sub-domains, using the redirect method (either in a .htaccess file or in your script) would be the best route because all your URL's will end up consistently with a www. on them. If you will end up needing this to work using sub-domains, you would need to set up the session.cookie_domain setting.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.