milesk Posted May 29, 2012 Share Posted May 29, 2012 This is my second issue on the second night in a row and as you folk kindly helped me last night I thought somebody might explain what may be happening. I am still working on the login issue using cookies. I have been relying on $_SESSION[user][user] not being set. When index.php is first called the array is not set but it in turn redirects to system/login and I was finding that the session array was populated with a user - in fact my user. Now that this point no cookies are in play nor had the login page been displayed. At the top of index.php there is a common include. Now I started logging whether the array was populated from the bottom and it was populated all the way up. Now the first thing in the include is session_start() and it seems to be that that is populating the array with my user record. I can't see where the data is coming from and any help will be appreciated. Quote Link to comment Share on other sites More sharing options...
trq Posted May 29, 2012 Share Posted May 29, 2012 Post some relevant code. Quote Link to comment Share on other sites More sharing options...
milesk Posted May 29, 2012 Author Share Posted May 29, 2012 Problem is at the moment I don't know what is relevant code. The top of the include which is at the top on index.php is <?php session_start(); define( 'ACTIONS_ROOT', APP_ROOT. 'actions/' ); Now I check the user array in $_SESSION immediately before session_start() and then immediately after. It isset was false before and true after. In checking the id of the user record it was my id. Does session_start() execute the session class? The only thing in the _contruct() of that class that refers to the user array is if (!isset($_SESSION['user'])) $_SESSION['user'] = array(); I will look at it further tomorrow as it is late here. Quote Link to comment Share on other sites More sharing options...
trq Posted May 29, 2012 Share Posted May 29, 2012 Now I check the user array in $_SESSION immediately before session_start() and then immediately after. It isset was false before and true after. You cannot use the $_SESSION array until calling session_start(). Does session_start() execute the session class? What session class? But no, it can't. Quote Link to comment Share on other sites More sharing options...
milesk Posted May 29, 2012 Author Share Posted May 29, 2012 I didn't do the original development and I have just picked it up to assist a friend. Now I don't know how things usually work but in this case index.php has the common include first with the session_start() at the top. Now each time a redirect is called index.php is called and so session_start() is executed. Now the check that I was referring to was the second time through the loop. My check was done immediately before the redirect before index.php was called. The user array was empty. I found it was not empty in index.php on the second call and I then narrowed it to session_start() the second time through index.php. Is it normally done like this as it seems strange to me but I used to a web environment where you don't necessarily what has gone on before? So if session_start() doesn't fire say a session class what could it fire to get this data? I have restarted the server this morning so I will see if the session user array still gets loaded with this data. Quote Link to comment Share on other sites More sharing options...
milesk Posted May 30, 2012 Author Share Posted May 30, 2012 Somehow my session details are being changed on redirect. This is the code at the top if index.php. <?php define( 'APP_ROOT' , dirname(__FILE__) . '/' ); define( 'LIB_ROOT', APP_ROOT. 'lib/' ); include( LIB_ROOT . 'custom/functions.inc.php' ); logMe('S1: '.$_SESSION['ReqUri']); $bf = isset($_SESSION['user']['user']); session_start(); logMe('S2: '.$_SESSION['ReqUri']); if(!$bf && isset($_SESSION['user']['user'])) $_SESSION['user'] = array(); Ignore the first 3 lines after the php tag as they were moved so that I could log details. Now these are the log results. These are couple of lines further down just before the first redirect. logMe('Index-urlset: '.$_SESSION['ReqUri']); redirect('system/login'); } Now this is the log result Index-urlset: homepage S1: S2: favicon.ico The first line shows the value before the redirect. The session variable is null before the start, although this may not be a trustworthy result. However the session variable have been reset to favicon.ico and I have no idea where that came from. Nothing in the code references favicon. The eastphp icon happens to be easyphp_favicon.ico. Last night I was pointing out the session user array was being populated at the same point by my user record. Now you will see that I checked the array for the before the start and then reset it after if a user was added. This works and my test further through the app now succeeds. So the session_start is adding a user record and changing a session variable. While I fudged my way around the former the latter is harder to circumvent. In this case I tried cookies by the cookie is not available on the first page login page. It appears ok on the second but by that stage it has favicon.ico in it. http://www.phpfreaks.com/forums/Smileys/nrg_alpha/shrug.gif Quote Link to comment Share on other sites More sharing options...
Drummin Posted May 30, 2012 Share Posted May 30, 2012 Not really following your current issue, but as already pointed out, you need to have session_start() before accessing/using any session info. session_start(); logMe('S1: '.$_SESSION['ReqUri']); $bf = isset($_SESSION['user']['user']); logMe('S2: '.$_SESSION['ReqUri']); if(!$bf && isset($_SESSION['user']['user'])) $_SESSION['user'] = array(); Quote Link to comment Share on other sites More sharing options...
milesk Posted May 30, 2012 Author Share Posted May 30, 2012 I didn't realize that redirect was a user function as below function redirect($route, $args = null) { $url = url($route, $args); header( 'Location: '. $url ); die(); } Well I followed the session variable through there as it is ok up to the die(). So somewhere on or after the die the user session array is populated and the session variable is lot. Quote Link to comment Share on other sites More sharing options...
milesk Posted May 30, 2012 Author Share Posted May 30, 2012 I think that I discovered that the session data works the same as cookies in that you have to redirect to a page before the data is visible. The session data (at least with easyphp) is stored in a tmp directory - check your session.save_path in your ini. You can easily view that data so you need to be careful what is saved in you session. As I have said was that my session variables were not saving and at this point I was getting to the login page. Well I logged in and as logging in In created a session variable and was redirected to the homepage. I checked the saved session data and I could see that variable. I went to several pages and the session data I added remained. Now I logged out and from memory and the code clears the session data but after logging out I can still see my data in the save data and maybe that is were it gets it at the start of the next session. I'm still not sure of the difference but when logging in I was in php and had not got to the browser when I created the variable. On the one that worked I was in the login page and when I submitted it ran php code that logged in and created my variable and went to the homepage. So both went from php and redirected to the browser but when logging in I had never been to a page. Does anybody know the conditions? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.