Jump to content

[SOLVED] Session Variables


ldsmike88

Recommended Posts

I have a website that has been in operation for several months. All of a sudden I have been getting complaints from members saying they can't do anything when they sign in because it says they aren't logged in. My only guess is the session varriables are not getting registered. But when I test them they seem to be working. I don't know why everyone else is reporting this problem. This is the script I use to register the variables:

 

	session_register('username');
$_SESSION['username'] = $members['username'];
session_register('password');
$_SESSION['password'] = $members['password'];
session_register('firstName');
$_SESSION['firstName'] = $members['firstName'];
session_register('lastName');
$_SESSION['lastName'] = $members['lastName'];
session_register('accountType');
$_SESSION['accountType'] = $members['accountType'];

 

To check if they are signed in on certain pages I use this script:

 

if($_SESSION['username'] != ''){
//Allow access
} else {
echo 'You must login.';
}

 

Does anyone know what is wrong? Thanks!

 

Michael

Link to comment
https://forums.phpfreaks.com/topic/36927-solved-session-variables/
Share on other sites

You don;t really need to use sessions_register() to register a session. $_SESSION['sessionName'] = 'someValue'; will do fine. session_register is depreciated and should only be used when register_globals is enabled.

 

Also use use isset($_SESSION['username']) instead of $_SESSION['username'] != ''

 

Ask your users to make sure they have cookies enable too as sessions rely on cookies.

What? Sessions rely on cookies?

Yes. When you use sessions_start it creates a cookie called PHPSESSID which stores the sessions id. This id is unique and is links to a file stored on the server which contains the sessions information. The file starts with sess_ and then  has the session id directly after it.

 

If the user doesnt have cookies enabled PHP wont be able to use the same sessions each time as the PHPSESSID cookie wont be set on the clients machine and thus they can't login to your site or whatever.

You can put the sessions in the url but for every url on your site they will need to be like this:

"echo '<a href="path/to/page.php?=PHPSESSID=' . session_id() . '">My link</a>';

 

Or just enable the session.trans_sid in the php.ini or in a .htaccess file and it'll do it automatically for you. But this can cause security issues with session hijacking.

 

 

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.