Jump to content

php sessions destroyed instantly


freedominator

Recommended Posts

it seems that sessions work when i set them for an instant, and then they are destroyed :(
here is my phpinfo page, can anyone see the problem?
i dont have access to the phpini file :(
can u check my cookie settings and tell me if i can use those instead?
http://cksgrill.net/phpinfo.php

here is the top part of the code which is the relevent part

<!DOCTYPE html>
<script src="/javascript/header.js"></script>
<?

session_start();
ob_start();
session_set_cookie_params(3000); 
ini_set('session.gc_maxlifetime', 6 * 60 * 60);
$session_expiration = time() + 3600 * 24 * 2;
if((($_POST['name'])and($_POST['password']))or(($_POST['name']!="")and($_POST['password']!="")))
{
	$_SESSION['name']=$_POST['name'];
	$_SESSION['password']=$_POST['password'];
	echo $_SESSION['name'];
	echo $_POST['name'];
	echo $_SESSION['password'];
	echo $_POST['password'];
}


// redifine variables for different server
require_once "mysqlconfig.php";  
require_once "textprep.php";  

// connect to database
global $connection;
$connection = mysql_connect(DB_SERVER,DB_USER,DB_PASS); 
if (!$connection)
{
	die("Database connection failed: " . mysql_error());
}

// select database
$db_select = mysql_select_db(DB_NAME,$connection);
if (!$db_select)
{
	die("Database selection failed: " . mysql_error());
}

//check if logged in
$result = mysql_query("SELECT * FROM admin");
if (!$result)
{
	die("Database query failed: " . mysql_error());
}

// get table names as mysql feedback
$i=0;
while ($row = mysql_fetch_array($result)) 
{
	$name[$i]=$row['name'];
	$password[$i]=$row['password'];
	$rank[$i]=$row['rank'];
	
	//echo "\$name[$i]=".$row['name'];
	//echo "\$password[$i]=".$row['password'];
	//echo "\$rank[$i]=".$row['rank'];
	
	$i++;
}

//check if logged in
$log=false;
for($j=0;$j<$i;$j++)
{
	//echo "<p>(".$name[$j]."==".$_SESSION['name'].")and(".$password[$j]."==".$_SESSION['password'].")</p>";
	if(($name[$j]==$_SESSION['name'])and($password[$j]==$_SESSION['password']))
	{
		$log=true;
		echo logged." ".$log;
	}
}
if($log==true)
{

Link to comment
Share on other sites

I'm kind of going to take a shot in the dark here, because I have to go right away, but I came up against this issue when I first started with sessions:

 

If you want to use session variables on ANY PAGE, you have to use session_start(); on that page.  So, you probably have a single page where all of these variables are created and set, but if you want to use those variables on another page, you have to simply include the session_start(); code at the top of that page.  This will make all session variables available to any of the code on that page.

 

Hoping that solves your problem.  Cheers. 

Link to comment
Share on other sites

I'm kind of going to take a shot in the dark here, because I have to go right away, but I came up against this issue when I first started with sessions:

 

If you want to use session variables on ANY PAGE, you have to use session_start(); on that page.  So, you probably have a single page where all of these variables are created and set, but if you want to use those variables on another page, you have to simply include the session_start(); code at the top of that page.  This will make all session variables available to any of the code on that page.

 

Hoping that solves your problem.  Cheers. th

the same page is being used to test if the session is still active

Link to comment
Share on other sites

You should be establishing session settings before starting the session. Also, how do you know the session is being destroyed?

the same page is used to log in and check if the user is logged in

if the user is logged in, $log is true and the administration page loads

if the use is not logged in, he is prompted to log in

when testing this, i can log in and use the administration page

but if i try to refresh the administration page, the session is gone and i am prompted to log in again

Link to comment
Share on other sites

Doesn't mean the session is destroyed. You have sloppy logic in your code.

You're storing a password in the session?  Why?

 

You're not even starting a session. You can't start one after you've sent output to the browser when using cookie.

<!DOCTYPE html>                                            <!-- IS OUTPUT BEFORE SESSION START -->
<script src="/javascript/header.js"></script>              <!-- IS OUTPUT BEFORE SESSION START -->
<?

session_start();
Link to comment
Share on other sites

thats not true

nevermind ill ask somewhere else

No objnoob is right.

 

The session_start() function cannot be called after any type of output. This is because this functions sets multiple HTTP headers for the session to work.

 

All you need to do is start the session on line one of your script, so it is called before output.

Link to comment
Share on other sites

thats not true

nevermind ill ask somewhere else

That is funny right there.  I don't know what is wrong, but I know it isn't what you are telling me... ? LOL.

 

Depending on your version of PHP, session will return a true/false when called.  That can always be checked to see if it failed or not.

Link to comment
Share on other sites

k i tried putting the shit at the top and the session is still destroyed after 1 page load

i told u it would make no difference

idk y u insist on something that is false

<?

session_start();

ob_start();
//session_set_cookie_params(3000); 
ini_set('session.gc_maxlifetime', 6 * 60 * 60);
echo "<!DOCTYPE html>";
echo "<script src=\"/javascript/header.js\"></script>";
$session_expiration = time() + 3600 * 24 * 2;

Link to comment
Share on other sites

When you say the session has died what do you mean by this? What is you method for checking the state of the session?

 

Also it is more efficient to compare the users username/password in the mysql query, rather than getting all the results and comparing the username/password with PHP.

$username = mysql_real_escape_string($_POST['username']); // sanitize the username before using it in queries
$password = $_POST['password']; // should really be encrypting the users password (such as md5, sha1 etc)

//check if logged in
// only get records where the username and password match
$result = mysql_query("SELECT * FROM admin WHERE username='$username' AND password='$password'");
if (!$result)
{
    die("Database query failed: " . mysql_error());
}
// check the query returned any results
elseif(mysql_num_rows($result))
{
    // get the result
    $row = mysql_fetch_assoc($result);

    // save users data to session here
    $_SESSION['username'] = $row['username'];
    $_SESSION['rank'] = $row['rank'];

    $log = true;
}
Link to comment
Share on other sites

k i tried putting the shit at the top and the session is still destroyed after 1 page loadi told u it would make no differenceidk y u insist on something that is false

With responses like this to someone giving genuine and correct advice, don't expect further help to come flooding in.

 

However, as a fellow novice who had similar issues when first using sessions I will make a few suggestions.

 

1. Do not use short opening php tags. Always use <?php.

 

2. Are you 100% certain there is no output before session_start()? This includes whitespace and physical line breaks. All of my session pages start <?php session_start(); on the very first line with no space before the tag.

 

3. Google the problem first. Issues with session_start() have been ask hundreds of times over various forums.

 

4. Don't dismiss suggestions before you try them. 99% of the time the guys on here are spot on. If they suggest something that does not work, the chances are that it is the way you have implemented it. I know that was the case with me a few times.

 

5. You get out what you put in. If you ask a question clearly, in full words not text speak, give clear examples of what is wrong and speak to people with a bit more respect when they are trying to help, then you will get the solution.

Link to comment
Share on other sites

 

<?php
session_set_cookie_params(3000);  //according to the manual:
/*
 * Set cookie parameters defined in the php.ini file.
 * The effect of this function only lasts for the duration of the script.
 * Thus, you need to call session_set_cookie_params() for every request and BEFORE session_start() is called.
 */
if(session_start()) {
    echo 'Session has started with these params:<pre>' . print_r($_SESSION,true) . '</pre>';//if you see this on the page, then the session has not been destroyed.
}
//ob_start(); //this is almost never NEEDED, but is instead a bandaid.
//ini_set('session.gc_maxlifetime', 6 * 60 * 60); //you have already set the lifetime of the cookie by session_set_cookie_params()
$session_expiration = time() + 3600 * 24 * 2; //you are not even using this variable anywhere in the posted script (which isn't complete).
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.