[SOLVED] Session Variables

[ldsmike88]

I have a website that has been in operation for several months. All of a sudden I have been getting complaints from members saying they can't do anything when they sign in because it says they aren't logged in. My only guess is the session varriables are not getting registered. But when I test them they seem to be working. I don't know why everyone else is reporting this problem. This is the script I use to register the variables:

 

	session_register('username');
$_SESSION['username'] = $members['username'];
session_register('password');
$_SESSION['password'] = $members['password'];
session_register('firstName');
$_SESSION['firstName'] = $members['firstName'];
session_register('lastName');
$_SESSION['lastName'] = $members['lastName'];
session_register('accountType');
$_SESSION['accountType'] = $members['accountType'];

 

To check if they are signed in on certain pages I use this script:

 

if($_SESSION['username'] != ''){
//Allow access
} else {
echo 'You must login.';
}

 

Does anyone know what is wrong? Thanks!

 

Michael

[Jessica]

session_register is deprecated, you don't need those lines anyway.

 

You have session_start() at the top of every page?

[ldsmike88]

I made a test page to see if they were registered and I forgot to put session_start() but I added it later and it works. I am using a template I made in dreamweaver so every page has session_start().

[wildteen88]

You don;t really need to use sessions_register() to register a session. $_SESSION['sessionName'] = 'someValue'; will do fine. session_register is depreciated and should only be used when register_globals is enabled.

 

Also use use isset($_SESSION['username']) instead of $_SESSION['username'] != ''

 

Ask your users to make sure they have cookies enable too as sessions rely on cookies.

[ldsmike88]

What? Sessions rely on cookies?

[wildteen88]

What? Sessions rely on cookies?

Yes. When you use sessions_start it creates a cookie called PHPSESSID which stores the sessions id. This id is unique and is links to a file stored on the server which contains the sessions information. The file starts with sess_ and then  has the session id directly after it.

 

If the user doesnt have cookies enabled PHP wont be able to use the same sessions each time as the PHPSESSID cookie wont be set on the clients machine and thus they can't login to your site or whatever.

[ldsmike88]

I read on php.net about somehow you can put the session id in the url so you don't have to use cookies. Is that easy to do and is it worth it or should I just instruct my users to enable cookies?

[Liquid Fire]

you can put do that but i would just recommend making sure your user have cookie enabled, most poeple do anyways.

[wildteen88]

You can put the sessions in the url but for every url on your site they will need to be like this:

"echo '<a href="path/to/page.php?=PHPSESSID=' . session_id() . '">My link</a>';

 

Or just enable the session.trans_sid in the php.ini or in a .htaccess file and it'll do it automatically for you. But this can cause security issues with session hijacking.

 

 

[ldsmike88]

I ended up making a page to show everyone how to enable cookies if they run into the problem. Thanks everyone!