Unpredictable session behaviour

[matpass]

I'm having problems trying to create a restricted access area of my website using Sessions. I thought I had it cracked until i stumbled upon this problem which is driving me to despair;

 

The user logs on via a form on login.html.

Submitting the form runs the validation script on validate.php which queries a mysql database.

If the submitted details correspond with that in the database a session is started and the user is redirected to the restricted page.

 

This is where the problems begin. The restricted page opens fine but then the session exhibits totally random behaviour. If you keep refreshing the restricted page you get different results each time; sometimes it will display the expected page and then other times it will seemingly lose the session variable and hence access to the restricted content. There's seemingly no pattern.

 

I've reduced my code as much as I can in order to troubleshoot. I don't know whether it's my code that's the problem or how the php.ini is set up on my host's server.

 

login.html

 

<body>

    <form action="validate.php" method="post">

    <label for="userid">ID</label>

    <input type="text" name="userid" id="userid" />

    <br />

    <label for="password">Password</label>

    <input type="password" name="password" id="password" />

    <br />

    <input type="submit" name="submit" value="Submit" />

  </form>

</body>

 

validate.php

 

<?php

/* get the incoming ID and password hash */

$user = $_POST["userid"];

$pass = $_POST["password"];

 

/* establish a connection with the database */

$server = mysql_connect("somehost", "someuser",

            "somepword");

  if (!$server) die(mysql_error());

  mysql_select_db("somedb");

   

  /* SQL statement to query the database */

  $query = "SELECT * FROM dudeUsers WHERE username = '$user'

          AND password = '$pass'";

 

  /* query the database */

  $result = mysql_query($query);

 

  /* Allow access if a matching record was found, else deny access. */

  if (mysql_fetch_row($result)) {

    /* access granted */

    session_start();

    $_SESSION["access"] = "granted";

    header("Location: http://www.thedudeabides.co.uk/client/testagain/page1.php");

  } else {

    /* access denied ? redirect back to login */

    header("Location: http://www.thedudeabides.co.uk/client/testagain/login.html");

  }

  mysql_close($server); 

  ?>

 

page1.php

 

<?php

  session_start();

  if ($_SESSION["access"] == "granted") {

  /* access granted. Echo session variable. */

echo "WORKING!! ";

print_r($_SESSION);

} else {

/* access denied ? redirect back to login */

    echo "NOT WORKING!! ";

print_r($_SESSION);

  }

  ?>

 

Links as follows:

 

login.php: http://www.thedudeabides.co.uk/client/testagain/login.html

page1.php: http://www.thedudeabides.co.uk/client/testagain/page1.php

php.ini: http://www.thedudeabides.co.uk/phpInfo.php

 

Login username: admin

Login password: admin

Host: Easyspace

Browser: Firefox 2.0

 

I'd be so grateful if someone could help me out as after a couple of weeks of trying to sort this out I've hit a complete brick wall.

 

Thanks

 

 

 

 

[matpass]

*bump*

[matpass]

*bump*