Jump to content

if (isset($_SESSION['un']) && isset($_SESSION['pw'])


Go to solution Solved by gizmola,

Recommended Posts

Looking for some help with what Im assuming is a session variable. As you can tell, Im not a coder. I have software that checks to see if the user is signed in as an administrator, if they are, then a message should appear. Here is the code:

if (isset($_SESSION['un'])  && isset($_SESSION['pw']) && $adminFreeListing ) { 
							  ?>
<td><font color="#FF0000">
Admin - Is this a free listing?
</font>
</td>
<td><input name="free" type="radio" value="N" 
<?php 
if (!isset($_POST['free']) OR $_POST['free'] == 'N') {
echo " checked";
}
?>
>
No 
<input type="radio" name="free" value="Y"
<?php 
if ( $_POST['free'] == 'Y') {
echo " checked";
}
?>



It works about 50% of the time and Im not sure why. It guessing it might have something to do with multiple copies of the same software (used for different sites) and or the use of subdirectories example.example.com and example1.example.com. Those are just guesses on my part. So my question is how can I make it work all the time. Is there a different method I might be able to use? Im not sure if this is enough information to lend me a hand, regardless, thanks for looking at it.

Link to comment
https://forums.phpfreaks.com/topic/295376-if-isset_sessionun-isset_sessionpw/
Share on other sites

Well this is simple code.  Those 3 variables must be set for this block of code to execute.  Otherwise it will be skipped.

 

If any of those 3 variables are not set (and the last variable must exist AND be set to TRUE) then things won't work.

 

Why might that be the case?  Well, this indicates that it's part of a bigger system.  So obviously if there's login occurring, your session setup is important.  If you are not sharing sessions across your domain  'example.com' then that could explain the problem.  

 

You can try this:  

 

Edit your server php.ini and alter this parameter: session.cookie_domain

 

 

session.cookie_domain = '.example.com'

 

If the problem goes away you know that was the issue.

Yes, http://php.net/manual/en/function.session-set-cookie-params.php can be issued in the code.  The problem is that you will need this call to occur just before the session_start() call.

 

Hopefully your system has that occur in a shared class, function or included file where you can make the change and have it seen throughout the scripts.

 

You might already have surmised that sessions depend on cookies, and this is really a mechanism of how cookies work and the built in protections.

 

You can do some investigation in advance of trying this, by looking at your cookies and seeing what the specific cookie(s) are that are being pushed from your server to determine if this might be the problem or not.

  • Like 1

Really appreciate you spending the time. Like I said in my earlier post there are two subdomains in which an administrator can sign in. example.example.com and example1.example.com. The [dot] example being the same domain. if they come in on example1.example.com it seems to work consistently, if they come in on example.example.com, it only works 50% of the time. I can see the cookies and those domains and subs are listed as the cookies. Is there a way to have it validate with just the domain, ie., example.com?

 

at the top of the page is:

<?php
session_start();
define('example_DIRECTORY',true);
include("../inc/common.php");

thanks again!

  • Solution

Yes, then it appears that you have proved the supposition.

 

Try the set_session_cookie_params function as I advised previously.  It needs to go right before the session_start().

 

Something like this should work:

 

// Set the new params based on the existing ones
$currentCookieParams = session_get_cookie_params(); 
session_set_cookie_params( 
    $currentCookieParams["lifetime"], 
    $currentCookieParams["path"], 
    '.example.com', 
    $currentCookieParams["secure"], 
    $currentCookieParams["httponly"] 
); 

session_start();
define('example_DIRECTORY',true);
include("../inc/common.php");
 

Just to restate -- this only works if this same code is being called everywhere that session_start() is being called.  If this is literally included at the top of a number of different scripts, it needs to be added to everyone of those scripts.  Hopefully that is not the case, and you only have to add the code in one place.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.