Jump to content

Inconsistent Sessions


Go to solution Solved by mac_gyver,

Recommended Posts

Maybe I am going about this the wrong way, so any advice on how to do this BETTER would be greatly appreciated.

 

So when a sales person logs in the code is simply:

<?php
if($_SESSION['SalesCRMA'] !== "Admin" && $_SESSION['SalesCRMA'] !== "Owner" && $_SESSION['SalesCRMA'] !== "Moderator" && $_SESSION['SalesCRMA'] !== "Sales"){
    header('Location: http://www.mysite.com/logout.php');
}
?>

I send them to the logout.php because it clears any cookies that have to do with the website.

 

I have an ADMIN button at the top that only shows up if an actual admin logged in.  On all the Admin pages I have similar code:

<?php
if($_SESSION['SalesCRMA'] !== "Admin" && $_SESSION['SalesCRMA'] !== "Owner" && $_SESSION['SalesCRMA'] !== "Moderator"){
    header('Location: http://www.mysite.com/logout.php');
}
?>

For some reason, when I click the ADMIN button (which just goes to admin.php), I get sent back to the login screen.  However, the 2nd time I click on the ADMIN button, everything works fine for the entire day until the next morning when I have to log in twice again.

 

What is causing this to occur?

 

BTW, admin.php is in a sub folder if that makes any difference.

Edited by TapeGun007
Link to comment
https://forums.phpfreaks.com/topic/300877-inconsistent-sessions/
Share on other sites

I don't think so.  The login page is completely separate from all other pages.  Once you login, it redirects to a page called crm.php and you can go to ANY of the pages just fine (calendar, leads, whatever), but once you click on the Admin page, it redirects to the login page again.  After logging in again... then there are no issues with any of the admin pages.

 

Is there some sort of error checking code I can insert to see what is going on?

  • Solution

this is a sign that the host-name/sub-domain part of the url (the www. vs no www.) is inconstant and is changing due to the redirects and your session cookie setting for the domain isn't set to match all variations of your domain name. the php.net documentation tells you how to set it so that it does, but your code should also be consistent in the variation of your domain name that is being used.

 

you also need a exit; statement after the header() redirect to prevent your code on the protected page from running while the browser is requesting the target url in the redirect. this could also be the cause of unusual session operation, if the rest of your code on the page is clearing or modifying the session variables.

 

lacking a real permission system, you need to use in_array() to test if a value is or is not one of several possible choices. your code would end up looking like - 

// define the user types that are admins -
$admin_types = array("Admin","Owner","Moderator");


// test if the current user is not an admin type
if(!in_array($_SESSION['SalesCRMA'],$admin_types)
{
    header('Location: http://www.mysite.com/logout.php');
    exit;
}
Edited by mac_gyver

Try dumping the $_SESSION in the Admin page where it fails the login check. Apparently something is different between the two page loads and what's in (or not) the session may explain that.

 

If your session data isn't too complex then you can

error_log(json_encode($_SESSION));
Or to the screen, but then the header redirect won't work (which would be fine for this).

mac_gyver, that was it.

 

In the index.php page, once a person logged in and everything checked out, I redirected to crm.php instead of http://www.mysite.com/crm.php.  Once I changed to the full URL, everything now works fine.  I had also put in the exit; command before testing to see if that was part of the issue or not, but whatever the case it does work.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.