Jump to content

Session data appears to be getting lost

jwhite68

By jwhite68
in PHP Coding Help

 Share

Recommended Posts

jwhite68 Regular Member

jwhite68

Posted
Posted

I have seen many articles posted on lost session data, and also checked through the FAQ on sessions available on this website - sadly to no avail.

 

The essence of my problem is this.

 

1. I login to my website with user/password. [on index2.php]

2. I select any option, which effectively re-calls index2.php with some additional parameters, to control whats displayed next.  Immediately at this point, it logs out the user.

 

It is logging out the user because after checking $_SESSION['LoginStatus'] == '1' - it finds that its not 1, and therefore displays login section again and a related message.

 

The website is being run on a shared host environment, which I thought might be a factor, as some people think that session data could be lost due to PHP being compiled with FastCGI instead of ISAPI.

 

Here is a segment of code at the start of index2.php which sets the session data initially:

 

<?php
ini_set("session.gc_maxlifetime", 3000);
ini_set("session.use_cookies", 1);
ini_set("session.use_trans_sid", 0);
session_start();

include("include/reg_variables.php");
include("dbconnect.php");

include("arrays/propdetails.php");
include("arrays/countries.php");
include("arrays/regions.php");
include("arrays/services.php");
include("include/functions.php");
include("web_config.php");

if ($_SESSION['LoginStatus'] != '1')
{
    if ($act == 'login') include("include/login.php");
}


$ow = $_SESSION['UserId'];
$id = $_REQUEST['id'];

 

And here is the login.php:

 

<?php
if($act=="login")
{
$dbq = "SELECT * FROM users WHERE username='$username' AND active='1' LIMIT 1";
$res = mysql_query($dbq) or die(mysql_error());
$obj = mysql_fetch_assoc($res);
$mdpass = $obj['password'];

if ($mdpass==md5($password))
{
	//setcookie("UserId", $obj['id'], time()+3600);
	//$_COOKIE['userid'] = $obj['id'];

	$_SESSION['logged'] = 1; 
	$_SESSION['ow'] = $obj['id'];
	$_SESSION['firstname'] = $obj['firstname'];
	$_SESSION['familyname'] = $obj['familyname'];
	$_SESSION['email'] = $obj['email'];

	$_SESSION['LoginStatus'] = 1; 
	$_SESSION['UserId'] = $obj['id'];
	$_SESSION['UserFirstName'] = $obj['firstname'];
	$_SESSION['UserFamilyName'] = $obj['familyname'];
	$_SESSION['UserEmail'] = $obj['email'];
}
}


if($act=="logout")
{
//setcookie ("UserId", "", time() - 3600);
    //session_unregister('logged');
//$_SESSION['logged'] = '';
$_SESSION['LoginStatus'] = '';
    session_destroy();
    session_unset();
header("Location: ".$domain."index2.php");
exit();
}
?>

The second set of $_SESSION are the active ones, as the first set (with 'logged', 'ow' etc) were changed, as part of the troubleshooting for this problem.

 

The problem occurs in both IE6 and FF2 consistently.

 

index2.php has no direct header/location calls in it, apart from the one included from login.php when a users logs out.

 

I have already changed the session save_path to a different directory on my webspace, and just running out of ideas.

 

Anyone got any suggestions?

 

Link to comment
https://forums.phpfreaks.com/topic/52456-session-data-appears-to-be-getting-lost/
Share on other sites
jwhite68 Regular Member

jwhite68

Posted
  • Author
Posted

Hi Kathas.

 

Updated the code tags - thanks.

 

The login.php is actually the full login.php file and is responsible for setting $_SESSION['LoginStatus'] = 1.  As I said, index2.php is being re-called, and when it checks this variable, its no longer set to 1.

 

The index2.php file is really too large to post here.

jwhite68 Regular Member

jwhite68

Posted
  • Author
Posted

I see that the server directory storing sessions, has 2 session files in it, even though I have only started ONE session. [And I am sure this isnt from a previous session as I deleted all the session files manually on the server as part of the test].

 

I have reason to believe that because index2.php is re-called with different arguments in the URL, that its calling session_start() again [as it should], and session_start is failing to resume the session and is instead creating a new session.  Its therefore lost the details about the user being logged in.

 

Can anyone suggest any reasons why calling session_start() again would NOT resume the session?

 

Thanks, Jon.

hiker Newbie

hiker

Posted
Posted

i came here to post a similar problem, so let me tack on here-- maybe we can get both solutions!

 

in my case, i'm apparently not getting a session established, although session_start() returns true.  nothing seems to be being written to \tmp -it's chmoded to '777' so that should not be a problem.. there are no error messages being returned.  the SID does not appear to be there and does not show as a 'get'... session.use_trans_id  is set 'off'....

 

my login is on the index page and starts with this:

<?php
session_start();

if($cmd == "logout"){$_SESSION=array();session_destroy();$cmd="";}

?>

 

the form action is:

<form action="login.php?SID=<?php echo SID; ?>" method="post">

 

all that seems to be working (except no SID), and it runs the login.php script-- here is the important part of that:

<?php

session_start();

$user_name = $_POST['user_name'];
$user_pass = $_POST['user_pass'];

if (!empty($_POST['submit'])){
include("conf.php");
$dbh=mysql_connect("localhost", "$user", "$pass") or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db ("amsterda_hotels");
if(empty($_POST['lostpass'])){
	$sql = "SELECT fname,lname,id FROM users WHERE user_name='$user_name' AND user_pass='$user_pass'";
	$result = mysql_query($sql) or die('error making query');
	$rows = mysql_num_rows($result);
	$zap = mysql_error();

	if($rows>0){
		$are = mysql_fetch_array($result);
		$_SESSION['USERNAME']= $user_name;
		$_SESSION['LOGGEDIN']= TRUE;
		$_SESSION['USER_ID'] = $are['id'];
		session_write_close();
		mysql_free_result($result);
		header("Location:hotels_add.php?SID=".SID);
		exit;
	}else{
		$msg = "Record Not Found!".$zap;
	}
}else{ ... more code, but the above runs and the redirect happens

 

i have an 'admin' section and pages for 'everybody' here is the code for the 'admin' page which seems to have no effect-- i can view the page no matter how i log in:

 

<?php
session_start();

if(($_SESSION['USERNAME']!="admin") && !$_SESSION['LOGGEDIN']){header("Location:hotels_add.php?msg=access denied&SID=".SID);exit();}

?>

 

and here is the code on the 'everybody' pages:

<?php

session_start();

if(empty($_SESSION['USERNAME']) && !$_SESSION['LOGGEDIN']){header("Location:index.php?msg=you are not logged in&SID=".SID);exit();}

?>

 

this is supposed to be simple and i'm losing my mind over it!! any ideas? wild suggestions??

 

TIA

jwhite68 Regular Member

jwhite68

Posted
  • Author
Posted

Returning to the original problem at the beginning of this post.

 

I have outputted the contents of session_id(), and see that when I get logged out, and display the session_id its a new id - suggesting that session_start() is really creating a new session instead of resuming the previous one.

 

Any ideas?

kathas Newbie

kathas

Posted
Posted

hi why don't you try this to see if it works...?

 

<?php
session_start();
if (isset($_SESSION['test'])
{
echo $_SESSION['test'];
}
else
{
$_SESSION['test'] = "Session works";
}
?>

 

if this works then the problem lies in your script somewhere. Else it could be configuration problem or something like this...

jwhite68 Regular Member

jwhite68

Posted
  • Author
Posted

Running this script on its own, displays 'Session works' after I refresh the page.

 

The reason I was doubting that it was a script problem was because occasionally it works, but most of the time gives the problem I described (where I am logged out).

 

Since session_start does get executed a 2nd time in my script, I need to understand why it would create a new session instead of using one that was previosuly created.

jwhite68 Regular Member

jwhite68

Posted
  • Author
Posted

I seem to have found the solution, as I tested 3 times and it was working:

 

I added the following code in my index2.php file:

 

ini_set('session.cookie_domain','.yourdomain.com');

 

Of course, I could also have edited the php.ini file to set the cookie_domain too.

Its possible that some browsers have a problem when the cookie_domain is just left empty.

Setting in php.ini would be the better 'full' solution I think.

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.