Problems with loss on session data

[SmileyWar]

For some reason my session's gets lost randomly, or my scripting is buggy.

 

When i hit refresh it just looses the session, how can i debug this?

 

Here is the login script.

 

<?php

session_start();

include('mysql_connect.php');

include('../functions/encryption.php');

 

$username = $_POST['usernameFormLogin'];

$password = $_POST['passwordFormLogin'];

 

$encryptPassword = encryptStringArray($password);

 

$sql = "SELECT * FROM registeredUsers WHERE username='" . mysql_real_escape_string($username) . "' AND password='" . mysql_real_escape_string($encryptPassword) . "'";

$result = mysql_query($sql);

 

$count = mysql_num_rows($result);

 

if ($count == 1){

$_SESSION['WSuser'] = encryptStringArray($username.'|'.$encryptPassword);

$succesLoginUsername = 'http://cpanel.mysite.com';

}

else {

$errorLoginUsername = '<p>Error Username or Password does not match</p>';

}

 

mysql_close();

 

echo json_encode(array(

'errorLoginUsername'=>''.$errorLoginUsername.'',

'succesLoginUsername'=>''.$succesLoginUsername.'',

));

 

?>

 

Which then redirects to the homepage which has the following code

 

<?php

session_start();

include('_include/catch/mysql_connect.php');

include('_include/functions/encryption.php');

// dycrypt the authentication

$fetchSecure = decryptStringArray($_SESSION['WSuser']);

// digest the authentication

list($WSusername, $WSpassword) = explode("|", $fetchSecure);

// check if user authentication

$sql = "SELECT * FROM registeredUsers WHERE username='" . mysql_real_escape_string($WSusername) . "' AND password='" . mysql_real_escape_string($WSpassword) . "'";

$result = mysql_query($sql);

$row = mysql_fetch_array($result);

$count = mysql_num_rows($result);

if ($count == 1){

$_SESSION['WSvalidUser'] = '1';

}else{$_SESSION['WSvalidUser'] = '0';}

?>

[cpd]

I can't see why it would remove the session data.

 

Have you tried var_dump($_SESSION) to see what it contains?

[SmileyWar]

When i tried to retrieve the session data after that quirky effect, the session['WSvalidUser'] was null, this can only happen if the user is invalid or that the session['WSuser'] is empty.

 

But after i relogged in all session data is there.

 

So as far as i can tell the session is definitely not expired, otherwise session['WSvalidUser'] would be expired too.

 

So it seems that when refreshing something its clearing the session['WSuser']

 

What i will do now is write some other sessions see if they are still there, after it looses WSuser session

 

I'll keep post back soon with the update and if it worked what im planning.

[cpd]

You realise if you execute the page that sets the WSuser it overwrites the variable because you've not put any checks in to test if its already set...

[SmileyWar]

Hiya,

 

Thanks for the reply, indeed there is no check on the login file thanks for pointing that out. Will update that.

 

Regarding the other page it is very very odd, i have now with the help of the session dump, figured out that it shows the sessions, then it's gone, then after a couple of minutes it's there again and so on...

 

I cant understand how that is even possible???

[SmileyWar]

Ill have to get in contact with MT i think there might be a tmp save problem anybody else known of this issue running PHP Version 5.3.13

[cpd]

I doubt its an issue because it works fine for me using that PHP version.

 

Are you sure your not accidently running session_destroy somewhere?

[SmileyWar]

Hiya CPD, thank you for your continued support, i ended up pointing the sessions to the tmp folder in the php.ini file, as it seems it didn't save the sessions correctly.