PHP $_SESSION variable not presisting accross multiple pages...

[googlehunter]

Greetings,

I am developing a site and using PHP as my primary programming language.  I scripted the login page such that it issues a session variable which indicates that the visitor is logged in.  I am able to traverse many of the pages except a few php pages.  It seems that the previously assigned session variable is not being detected by these later pages.  Can someone please suggest a reason for this oddity? Please visit [url=http://blisstronix.com]http://blisstronix.com[/url] to get a better idea of my dilemma.

use the following login credentials to login. Thanks

username=demo
password=demo

Thank you for your help.

[marcus]

Post the code please

[googlehunter]

login page:

[code]$submitted=$_POST['login'];
if($submitted=="Login >>")

  {

$username=$_POST['username'];
$password=$_POST['password'];



$lookup=mysql_query("select * from customers where username='$username'") or die("cant select password");
$getpass=mysql_fetch_array($lookup);

if($getpass[3]!=$password || empty($username) || empty($password)) {$errors=1; $errormsg="<font color=red><strong>Your Username or Password is incorrect. Please try again or retrieve your login information below. Thank you.</strong></font>";}


if($errors==1){} else{

$_SESSION['customerid']=$getpass[10];
$accessacct=$_GET['accessacct'];
$accessacct2=$_SESSION['accessnum'];
if($accessacct!="" && $accessacct2!="" && $accessacct==$accessacct2) {
header("location:myaccount.php");}

else{header("location:home.php");}

}

[/code]

thanks

[marcus]

do you have session_start(); on your login?

[googlehunter]

yes.

[trq]

And all other pages? You need to call session_start() on each page.

[marcus]

On your login page, I don't see any forms submitting with GET

[marcus]

You could also make your code a bit neater

[code]
$submitted=$_POST['login'];
if($submitted == "Login >>") {

$username=$_POST['username'];
$password=$_POST['password'];

$lookup=mysql_query("select * from `customers` where username='$username'") or die(mysql_error());
$getpass=mysql_fetch_array($lookup);

if($getpass[3]!=$password || empty($username) || empty($password)) {
$errors = 1;
$errormsg = "<font color=red><strong>Your Username or Password is incorrect. Please try again or retrieve your login information below. Thank you.</strong></font>";
}else{
//log user in
$_SESSION['customerid']=$getpass[10];
$accessacct = $_GET['accessacct']; //<where are you using a get?
$_SESSION['accessnum'] = $accessacct;
header("Location: myaccount.php");
}

else{
header("Location: home.php");
};
[/code]

[googlehunter]

use the following login credentials to login.

username=demo
password=demo

I have already included session_start(); on every page.
I scripted the login button in the navigation bar to change to "logout" if $_SESSION['customerid'] is active. You will see that it changes to "login" if you click on a product category on the left side of the page.

[marcus]

It looks like it works to me.

[googlehunter]

$_GET['accessacct'] is transfered from the "my accounts page". That is, when the visitor trys to access their account without logging in, they are redirected to the login page with $accessacct as a get variable. After successfully logging in, the visitor will go back to the "my accounts page" if accessact is present  or he will go to the home page.

[googlehunter]

ok, to minimize confusion. close all of your browsers because the session variables will still be active if you have other pages open, even if it not from [url=http://blisstronix.com]blisstronix.com[/url].  after closing your browsers, goto [url=http://blisstronix.com]blisstronix.com[/url] and use demo for username and password.
after logging in you will see that "login" in the navigation bar changes to "logout" since $_SESSION['customerid'] was initiated in the script above.

Now expand a product category on the menu on the left side of the page. Choose a product listing and you will see that the "logout" button now changes to "login" since $_SESSION['customerid'] is not detected.  When you click on a product link on the left, you are accessing catalog.php and i have session_start(); on that page as well.

Thanks

[marcus]

It stays logout for me

[googlehunter]

hmm thats odd.

let me see something. brb.

[googlehunter]

I think the problem was having other browsers opened while being logged out.

This brings me to another issue:

I open [url=http://blisstronix.com]blisstronix.com[/url] in one broswer window.
I then open another browser window and goto another website like [url=http://google.com]google.com
[/url].
I then login and add items to my cart which are stored in a session variable at [url=http://blisstronix.com]blisstronix.com[/url].
I close the window that has [url=http://blisstronix.com]blisstronix.com[/url] active. Now I only have the window displaying [url=http://google.com]google.com
[/url].
With google page still opened.  I open another browser window and go back to [url=http://blisstronix.com]blisstronix.com[/url].
When I click on "my cart" in the navigation bar it shows me cart items that I had added previously.  when I close the [url=http://blisstronix.com]blisstronix.com[/url] browser before, it should have deleted the cart session right? I am concluding that since I had another browser open, session variables are not destroyed when a visitor closes their browsers while at [url=http://blisstronix.com]blisstronix.com[/url].  how do i solve this problem?