random logouts

[envexlabs]

Hey,

 

I've got an amember problem, and i thought maybe someone here could help me seeing as the support over at amember is excruciating.

 

For some reason i'm getting logged out randomly when surfing my site.

 

I only use amember to deal with payments, signups and logins. I've used session_start() at the top of each page, and each page has the correct session variables.

 

Anyone have any idea?

 

Thanks,

 

envex

 

[marcus]

Code pl0x.

[darkfreaks]

^ second that

[Orio]

Make sure that it doesn't happen in a specific page, or after a specific time or a a specific idle time.

 

Orio.

[envexlabs]

Hey,

 

It doesn't happen on specific pages, and it usually happens shortly after i've logged in.

 

The login.php code is:

 

include('./config.inc.php');
$t = & new_smarty();
$_product_id = array('ONLY_LOGIN');

if (isset($_REQUEST['amember_redirect_url']))
    $_SESSION['amember_redirect_url'] = $_REQUEST['amember_redirect_url'];

function rcmp_begin_date($a, $b){
    return strcmp($b['begin_date'], $a['begin_date']);
}

include($config['plugins_dir']['protect'] . '/php_include/check.inc.php');
$payments = & $db->get_user_payments(intval($_SESSION['_amember_id']), 1);
usort($payments, 'rcmp_begin_date');

$now = date('Y-m-d');
$urls = array();
foreach ($payments as $k=>$v){
    if (($v['expire_date'] >= $now) && ($v['begin_date'] <= $now)) {
        $p = get_product($v['product_id']);
        $url = $p->config['url'];
        if (strlen($url)){
            $urls[] = $url;
        }
    }
}

if ($_SESSION['amember_redirect_url']) {
        $redirect = $_SESSION['amember_redirect_url'];
        unset($_SESSION['amember_redirect_url']);
} elseif (count(array_unique($urls)) == 1){
    if (in_array('htpasswd_secure', $plugins['protect'])){
        $member_login_pw = 
        htpasswd_secure_get_login($_SESSION['_amember_user']['login']).
        ':'.
        htpasswd_secure_get_passwd($_SESSION['_amember_user']['pass']);
        $redirect = add_password_to_url($urls[0], $member_login_pw);
    } else {
        if ($config['display_member_pw_urls']) {
             $member_login_pw = 
             $_SESSION['_amember_user']['login'].
             ':'.
             $_SESSION['_amember_user']['pass'];
             $redirect = add_password_to_url($urls[0], $member_login_pw);
        } else {
            $redirect = add_password_to_url($urls[0]);
        }
    }
} else {
    $redirect = "/index.php";
}
#print_r($urls);
html_redirect("$redirect", 0, 'Redirect', _LOGIN_REDIRECT);

[Orio]

Take a look at the value of the session.cookie_lifetime directive in your php.ini

If it's not zero, change it to zero and it may solve your problem.

 

Orio.

[envexlabs]

It is set to 0.

[Orio]

And what about session.gc_maxlifetime?

 

Orio.

[envexlabs]

k,

 

quick offset question.

 

In media temple's php.ini file, if it's not listed, does it revert to the default value?

 

Or should i still add it for good measure?

 

 

[btherl]

Unlisted will use the default value.  But you can set it if you want, it won't hurt.

 

If you make a simple session page which does nothing at all and refresh it a few times, does that work?  This is just to verify that sessions are in fact working properly.  After that, you can get to looking at why your code in particular isn't working with sessions.  The problem may be hidden in an include() somewhere, or in one of those functions you call.

[envexlabs]

Hey,

 

I figured it out, i had recently created 2 php files which dealt with uploading and cropping images, i forgot to add session_start() to them.

 

i know, i'm an idiot

[envexlabs]

Well,

 

it seems i spoke way to soon

 

i'm still randomly getting logged out, every page has session_start().

 

When i get logged out, if i hit refresh, i'm magically logged back in.

 

Any help is greatly appreciated!

 

Thanks,

 

envex

[btherl]

Ok, that simplifies things.  Your scripts are buggy   Add some code at the top of each script that dumps the session data straight after session_start().  I'm sure that you will see pages with session data but which think that you are not logged in.