Jump to content

Recommended Posts

I am an ASP developer, recently switched over to a LAMP environment. For the most part, switching from ASP to PHP has been fairly simple.

One thing I am curious about is how session variables are handled. In ASP, if I wanted to set a session state, say an administrator priviledge, I could do it as a session variable. Then at the top of each page that needed to be secure, I could check for that session variable and if it didn't exist, I could redirect them to a login page.

Now I am trying to do this in php and I seem to be running into some issues. First, here is the code that I am calling on a secure page to test if the session variable exists:
[quote]if ($_SESSION['user'] !== 'admin')
{
header('Location:./utils/admin_login.php?pg='.$_SERVER['PHP_SELF']);
}[/quote]

This will direct the visitor to a login page, that requires them to log in, validates it against values returned from a database then kick them back to the originating page (hence passing the originating page in the redirect). Next it the code that sets the session variable:
[quote]if ($bitUnErrFlag + $bitPwErrFlag == 0)
    {
          session_start();
          $_SESSION['user']='admin';
          header('Location:..'.$pg);
    }[/quote]

Now, I am not clear if the [b]header('Location:..'.$pg);[/b] is the right way to do it, or whether it is properly concactnated, however when I echo that string, I get [b]Location:../test.php[/b], which is where I want to go.

Now here is the rub... When it redirects me back to test.php. it encountered the initial check:
[quote]if ($_SESSION['user'] !== 'admin')
{
header('Location:./utils/admin_login.php?pg='.$_SERVER['PHP_SELF']);
}[/quote]
When I change the value of $pg so that it will take me to a page without the admin check, it works. When I try to echo $_SESSION['user'] on that page, it is empty. So my question is, why is my session variable not persisting? The code that initiates the session variable is above the doctype in the page, so I am starting the session before the <xhtml> tag.

So I gotta ask, what the heck is going on here? Is there some configuration i need to make in either the php.conf file or the apache2.conf file to allow session variables.
Link to comment
https://forums.phpfreaks.com/topic/28494-resolved-session-variables-help/
Share on other sites

[quote author=KingPhilip link=topic=116328.msg473905#msg473905 date=1164524508]
Make sure to have session_start(); on [b]every[/b] page you use your sessions. This should fix the problem.
[/quote]

Thanks, That resolved the problem. I only used [b]session_start()[/b] on the page where I was setting the session variable. One final question, since this variable is going ot be used across the site, is there any reason not to place [b]session_start()[/b] inside a global utilities include?

Also, what is the timeout on that variable?
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.