php sessions destroyed instantly

[freedominator]

it seems that sessions work when i set them for an instant, and then they are destroyed
here is my phpinfo page, can anyone see the problem?
i dont have access to the phpini file
can u check my cookie settings and tell me if i can use those instead?
http://cksgrill.net/phpinfo.php

here is the top part of the code which is the relevent part

<!DOCTYPE html>
<script src="/javascript/header.js"></script>
<?

session_start();
ob_start();
session_set_cookie_params(3000); 
ini_set('session.gc_maxlifetime', 6 * 60 * 60);
$session_expiration = time() + 3600 * 24 * 2;
if((($_POST['name'])and($_POST['password']))or(($_POST['name']!="")and($_POST['password']!="")))
{
	$_SESSION['name']=$_POST['name'];
	$_SESSION['password']=$_POST['password'];
	echo $_SESSION['name'];
	echo $_POST['name'];
	echo $_SESSION['password'];
	echo $_POST['password'];
}


// redifine variables for different server
require_once "mysqlconfig.php";  
require_once "textprep.php";  

// connect to database
global $connection;
$connection = mysql_connect(DB_SERVER,DB_USER,DB_PASS); 
if (!$connection)
{
	die("Database connection failed: " . mysql_error());
}

// select database
$db_select = mysql_select_db(DB_NAME,$connection);
if (!$db_select)
{
	die("Database selection failed: " . mysql_error());
}

//check if logged in
$result = mysql_query("SELECT * FROM admin");
if (!$result)
{
	die("Database query failed: " . mysql_error());
}

// get table names as mysql feedback
$i=0;
while ($row = mysql_fetch_array($result)) 
{
	$name[$i]=$row['name'];
	$password[$i]=$row['password'];
	$rank[$i]=$row['rank'];
	
	//echo "\$name[$i]=".$row['name'];
	//echo "\$password[$i]=".$row['password'];
	//echo "\$rank[$i]=".$row['rank'];
	
	$i++;
}

//check if logged in
$log=false;
for($j=0;$j<$i;$j++)
{
	//echo "<p>(".$name[$j]."==".$_SESSION['name'].")and(".$password[$j]."==".$_SESSION['password'].")</p>";
	if(($name[$j]==$_SESSION['name'])and($password[$j]==$_SESSION['password']))
	{
		$log=true;
		echo logged." ".$log;
	}
}
if($log==true)
{

[xProteuSx]

I'm kind of going to take a shot in the dark here, because I have to go right away, but I came up against this issue when I first started with sessions:

 

If you want to use session variables on ANY PAGE, you have to use session_start(); on that page.  So, you probably have a single page where all of these variables are created and set, but if you want to use those variables on another page, you have to simply include the session_start(); code at the top of that page.  This will make all session variables available to any of the code on that page.

 

Hoping that solves your problem.  Cheers. 

[freedominator]

I'm kind of going to take a shot in the dark here, because I have to go right away, but I came up against this issue when I first started with sessions:

 

If you want to use session variables on ANY PAGE, you have to use session_start(); on that page.  So, you probably have a single page where all of these variables are created and set, but if you want to use those variables on another page, you have to simply include the session_start(); code at the top of that page.  This will make all session variables available to any of the code on that page.

 

Hoping that solves your problem.  Cheers. th

the same page is being used to test if the session is still active

[objnoob]

You should be establishing session settings before starting the session. Also, how do you know the session is being destroyed?

[freedominator]

You should be establishing session settings before starting the session. Also, how do you know the session is being destroyed?

the same page is used to log in and check if the user is logged in

if the user is logged in, $log is true and the administration page loads

if the use is not logged in, he is prompted to log in

when testing this, i can log in and use the administration page

but if i try to refresh the administration page, the session is gone and i am prompted to log in again

[objnoob]

Doesn't mean the session is destroyed. You have sloppy logic in your code.

You're storing a password in the session?  Why?

 

You're not even starting a session. You can't start one after you've sent output to the browser when using cookie.

<!DOCTYPE html>                                            <!-- IS OUTPUT BEFORE SESSION START -->
<script src="/javascript/header.js"></script>              <!-- IS OUTPUT BEFORE SESSION START -->
<?

session_start();

[freedominator]

thats not true

nevermind ill ask somewhere else

[freedominator]

im 99.99% sure the problem is with php.ini or my host, i just need ur help to know what to ask him to change. please check my php.ini http://cksgrill.net/phpinfo.php

[Ch0cu3r]

thats not true

nevermind ill ask somewhere else

No objnoob is right.

 

The session_start() function cannot be called after any type of output. This is because this functions sets multiple HTTP headers for the session to work.

 

All you need to do is start the session on line one of your script, so it is called before output.

[jcbones]

thats not true

nevermind ill ask somewhere else

That is funny right there.  I don't know what is wrong, but I know it isn't what you are telling me... ? LOL.

 

Depending on your version of PHP, session will return a true/false when called.  That can always be checked to see if it failed or not.

[freedominator]

k i tried putting the shit at the top and the session is still destroyed after 1 page load

i told u it would make no difference

idk y u insist on something that is false

<?

session_start();

ob_start();
//session_set_cookie_params(3000); 
ini_set('session.gc_maxlifetime', 6 * 60 * 60);
echo "<!DOCTYPE html>";
echo "<script src=\"/javascript/header.js\"></script>";
$session_expiration = time() + 3600 * 24 * 2;

[MDCode]

What a great way to get help on a free help forum. I'd like to refer you to http://us1.php.net/session_start specifically this line:

Note:

To use cookie-based sessions, session_start() must be called before outputing anything to the browser.

[Ch0cu3r]

When you say the session has died what do you mean by this? What is you method for checking the state of the session?

 

Also it is more efficient to compare the users username/password in the mysql query, rather than getting all the results and comparing the username/password with PHP.

$username = mysql_real_escape_string($_POST['username']); // sanitize the username before using it in queries
$password = $_POST['password']; // should really be encrypting the users password (such as md5, sha1 etc)

//check if logged in
// only get records where the username and password match
$result = mysql_query("SELECT * FROM admin WHERE username='$username' AND password='$password'");
if (!$result)
{
    die("Database query failed: " . mysql_error());
}
// check the query returned any results
elseif(mysql_num_rows($result))
{
    // get the result
    $row = mysql_fetch_assoc($result);

    // save users data to session here
    $_SESSION['username'] = $row['username'];
    $_SESSION['rank'] = $row['rank'];

    $log = true;
}

[MargateSteve]

k i tried putting the shit at the top and the session is still destroyed after 1 page loadi told u it would make no differenceidk y u insist on something that is false

With responses like this to someone giving genuine and correct advice, don't expect further help to come flooding in.

 

However, as a fellow novice who had similar issues when first using sessions I will make a few suggestions.

 

1. Do not use short opening php tags. Always use <?php.

 

2. Are you 100% certain there is no output before session_start()? This includes whitespace and physical line breaks. All of my session pages start <?php session_start(); on the very first line with no space before the tag.

 

3. Google the problem first. Issues with session_start() have been ask hundreds of times over various forums.

 

4. Don't dismiss suggestions before you try them. 99% of the time the guys on here are spot on. If they suggest something that does not work, the chances are that it is the way you have implemented it. I know that was the case with me a few times.

 

5. You get out what you put in. If you ask a question clearly, in full words not text speak, give clear examples of what is wrong and speak to people with a bit more respect when they are trying to help, then you will get the solution.

[jcbones]

 

<?php
session_set_cookie_params(3000);  //according to the manual:
/*
 * Set cookie parameters defined in the php.ini file.
 * The effect of this function only lasts for the duration of the script.
 * Thus, you need to call session_set_cookie_params() for every request and BEFORE session_start() is called.
 */
if(session_start()) {
    echo 'Session has started with these params:<pre>' . print_r($_SESSION,true) . '</pre>';//if you see this on the page, then the session has not been destroyed.
}
//ob_start(); //this is almost never NEEDED, but is instead a bandaid.
//ini_set('session.gc_maxlifetime', 6 * 60 * 60); //you have already set the lifetime of the cookie by session_set_cookie_params()
$session_expiration = time() + 3600 * 24 * 2; //you are not even using this variable anywhere in the posted script (which isn't complete).