Jump to content

Recommended Posts

I'm looking for any insight as to why I'm losing my session variables.  Below is some code.  I have run several tests and I know that I lose the variables right after I sendredirect(); in the checklogin.php file.  Any help is greatly appreciated.  Thanks in advance!

 

 

checklogin.php

<?@session_start();
ob_start();
include("functions.php");

$email = $_POST['email'];
$p = $_POST['password'];

if($email != "" && $p != ""){
	$pass = md5($p); // encrypt password
	$sql = "select * from users where email = '$email' and password = '$pass'";
	$result = mysql_query($sql) or die(mysql_error());
	$count = mysql_num_rows($result); // count the number of rows that were queried
	if($count == 1){
		$row = mysql_fetch_array($result);
		if($row['active'] == 1){
			$_SESSION['user_id'] = $row['id'];
			$_SESSION['logged_in'] = true;
			sendredirect("test.php");
		}else if($row['active'] == 0){?>
			<center>
			<b>Your membership was not activated.  Please open the confirmation email you received and click on the activation link.  Thank you.</b>
			</center>
		<?}
	}else{?>
		<center>
		<b>Your login could not be authenticated.  <a href="login.php">Click here to login.</a></b>
		</center>
	<?}
}else{?>
	<center>
	<b>Please use your email address and password to login.  <a href="login.php">Click here to login.</a></b>
	</center>
<?}
ob_end_flush();?>

 

 

test.php

<?@session_start();
include("header.php");
if($_SESSION['logged_in'] == false){
	echo "Your session is NOT working in test.php.<br><br>";
	echo $_SESSION['logged_in'];
}else if($_SESSION['logged_in'] == true){
	echo "Your session is working in test.php.<br><br>";
	echo $_SESSION['logged_in'];
}
test();
include("footer.php");?>

 

 

functions.php

<?// start sessions
@session_start();
// Redirect
function sendredirect($location){
	echo "
		<html>\n
		<head>\n
		<meta http-equiv=\"Refresh\" content=\"0;url=".$location."\">\n
		</head>\n";
}
function test(){
	if($_SESSION['logged_in'] == false){
		echo "Your session is NOT working in functions.php.<br><br>";
		echo $_SESSION['logged_in'];
	}else if($_SESSION['logged_in'] == true){
		echo "Your session is working in functions.php.<br><br>";
		echo $_SESSION['logged_in'];
	}
}?>

Link to comment
https://forums.phpfreaks.com/topic/88498-lost-session-variables/
Share on other sites

My guess is that warning and notice messages that would shed some light on why it is not working are not enabled and that the display of all errors are disabled. Add a new-line after each of your first opening php tags <? (I recommend always using a full <?php tag) so that the <? or <?php is on its own line and then add the following two lines after the line with the opening <? pr <?php in each file -

 

ini_set ("display_errors", "1");
error_reporting(E_ALL);

 

I suspect that sessions are not working in your first file.

Lots of errors.

 

 

Notice: A session had already been started - ignoring session_start() in /home/content/t/r/a/tracpr/html/members/functions.php on line 16

 

Line 16 of functions.php:

session_start();

 

 

Notice: Undefined index: logged_in in /home/content/t/r/a/tracpr/html/members/test.php on line 8

Your session is NOT working in test.php.

 

 

Notice: Undefined index: logged_in in /home/content/t/r/a/tracpr/html/members/test.php on line 10

 

Notice: Undefined index: logged_in in /home/content/t/r/a/tracpr/html/members/functions.php on line 343

Your session is NOT working in functions.php.

 

 

Notice: Undefined index: logged_in in /home/content/t/r/a/tracpr/html/members/functions.php on line 345

 

Line 8 in test.php:

if($_SESSION['logged_in'] == false){

 

Line 10 in test.php:

echo $_SESSION['logged_in'];

 

Line 343 in functions.php:

if($_SESSION['logged_in'] == false){

 

Line 345 in functions.php:

echo $_SESSION['logged_in'];

A session_start() belongs at the beginning of each page that is using sessions. It does not belong in your functions.php file that gets included. Remove it from functions.php. This is not causing a problem (except the generation of the error and the extra time it takes to execute and figure out that a session is already started.)

 

Did the the two lines of error reporting code get added to checklogin.php? Any errors there?

 

If the only redirect to test.php is right after you set $_SESSION['logged_in'] = true; then this should work if sessions are working. Is there any chance that header.php could be unsetting the whole $_SESSION array or unsetting $_SESSION['logged_in'] or that register globals are on and there is another variable (program/get/post/cookie) with the same name 'logged_in'?

I removed session_start() from functions.php.  I have the two lines of error reporting code in all 3 files (checklogin, functions, and test).  I don't believe that the header.php file would be resetting any session variables.  I've included the header file below.

 

<?php
include("functions.php");?>

<head>
<title>Member Management System</title>
<link rel="stylesheet" type="text/css" href="<? echo $stylesheet ?>">
</head>

<table cellspacing="0" cellpadding="3" width="762" align="center" style="border: 2px solid green;">
  <tr><td colspan="2" style="border-bottom: 2px solid green;"><img src="/images/website_header5.jpg" width="756"></td></tr>
  <tr valign="top"><td width="160" align="right" style="border-right: 2px solid green;">
   <a href="/"><img src="/images/website_tab-home.jpg" width="160px" alt="Home" border="0"></a><br>
   <a href="/about/"><img src="/images/website_tab-about.jpg" width="160px" alt="About" border="0"></a><br>
   <a href="/executives/"><img src="/images/website_tab-executives.jpg" width="160px" alt="Executives" border="0"></a><br>
   <a href="/news/"><img src="/images/website_tab-news.jpg" width="160px" alt="News" border="0"></a><br>
   <a href="/resources/"><img src="/images/website_tab-resources.jpg" width="160px" alt="Resources" border="0"></a><br>
   <a href="/services/"><img src="/images/website_tab-services.jpg" width="160px" alt="Services" border="0"></a><br>
   <a href="/events/"><img src="/images/website_tab-events.jpg" width="160px" alt="Events" border="0"></a><br>
   <a href="/links/"><img src="/images/website_tab-links.jpg" width="160px" alt="Links" border="0"></a>
  </td><td width="602">

I tested with the three pieces of code you posted in both IE and FF browsers and it works (bypassing and setting the variables from the database results I don't have available.)

 

This would indicate that your browser is not accepting cookies. Which browser are you testing with and do your have a different browser to try, such as Firefox?

About the only other thing I can think of is if your session cookie path or domain has been specifically set to values that do not match the current path or domain where the php scripts are located. This would cause the session cookie to not match the path/domain of the URL the browser requests and the browser would not send the cookie to the server. You could try the following to see what they are -

 

echo "<pre>";
echo session_get_cookie_params();
echo "</pre>";

 

Also, in FF, check if the session cookie exists - tools/options/privacy-tab/show cookies/select the domain. There should be a cookie with the name  PHPSESSID (assuming you/php are using default values.)

My results are...

 

Array

 

 

Notice: Undefined index: logged_in in /home/content/t/r/a/tracpr/html/members/test.php on line 9

Your session is NOT working in test.php.

 

 

Notice: Undefined index: logged_in in /home/content/t/r/a/tracpr/html/members/test.php on line 11

 

Notice: Undefined index: logged_in in /home/content/t/r/a/tracpr/html/members/functions.php on line 341

Your session is NOT working in functions.php.

 

 

Notice: Undefined index: logged_in in /home/content/t/r/a/tracpr/html/members/functions.php on line 343

 

in FF of course.  It still works in IE7.  Let me know if you have any insight.  Thanks!

Here is a correction to the code I just posted (I never used that before and was not going slow enough to make sure it was correct) -

 

echo "<pre>";
print_r(session_get_cookie_params());
echo "</pre>";

 

Your code did work for me in the latest FF, so I still suspect that a privacy/security setting in your FF is causing this.

The new results...

 

Array

(

    [lifetime] => 0

    [path] => /

    [domain] =>

    [secure] =>

)

 

 

 

 

 

Notice: Undefined index: logged_in in /home/content/t/r/a/tracpr/html/members/test.php on line 9

Your session is NOT working in test.php.

 

 

Notice: Undefined index: logged_in in /home/content/t/r/a/tracpr/html/members/test.php on line 11

 

Notice: Undefined index: logged_in in /home/content/t/r/a/tracpr/html/members/functions.php on line 341

Your session is NOT working in functions.php.

 

 

Notice: Undefined index: logged_in in /home/content/t/r/a/tracpr/html/members/functions.php on line 343

 

This is in FF still... if you want I can post the results in IE7.  Thanks!

Those are the default settings for the cookie and they would allow the cookie to be set by the session_start() and sent back by the browser.

 

Are you doing any .htaccess url rewriting that affects the host/domain or path portion of the URL?

 

Also, have you checking in FF if the session cookie has been sent and exists. This would pin down if the cookie is being sent to the browser or not.

 

Add the following and see what if anything is set -

 

echo "<pre>";
print_r($_COOKIE);
print_r($_SESSION);
echo "</pre>";

Well my default browser is FF (b/c I use Linux).  I don't have any security enabled that would cause that sort of problem (at least that I'm aware of).  I added these lines and came up with the following...

 

Array

(

    [lifetime] => 0

    [path] => /

    [domain] =>

    [secure] =>

)

Array

(

)

Array

(

)

 

 

 

 

 

Notice: Undefined index: logged_in in /home/content/t/r/a/tracpr/html/members/test.php on line 11

Your session is NOT working in test.php.

 

 

Notice: Undefined index: logged_in in /home/content/t/r/a/tracpr/html/members/test.php on line 13

 

Notice: Undefined index: logged_in in /home/content/t/r/a/tracpr/html/members/functions.php on line 341

Your session is NOT working in functions.php.

 

 

Notice: Undefined index: logged_in in /home/content/t/r/a/tracpr/html/members/functions.php on line 343

 

I tried on another computer with Windows and it worked fine in IE, but not FF.  So it's across both operating systems and I've tried on other machines previously.

 

Are you doing any .htaccess url rewriting that affects the host/domain or path portion of the URL?

 

I'm not doing any .htaccess work here.  The URL remains the same everywhere (with the exception of the php file).

 

Also, have you checking in FF if the session cookie has been sent and exists. This would pin down if the cookie is being sent to the browser or not.

 

I have two cookies stored for the URL.  Their contents are different (which is what looks to be an MD5 string).  Both cookies are named PHPSESSID.

 

Let me know if you have anything else.  I'm pretty stumped.

Since you have cookies named PHPSESSID (and your session cookie lifetime is zero), it appears that the session_start() is sending the session cookie to the browser (the reason why there are two is the checklogin.php page is starting a session and the test.php page is starting another session) but that the browser is not sending the session cookie from the first session to the server when the page is redirected to test.php.

 

The only reasons a browser would not send a cookie to the server when it requests a page are - the protocol is different (http/https), the domain does not match (domaina.com/otherdomain.com), the host name (www/nothing) does not match the host setting of the cookie, or the path (domain.com/somepath) does not match the path setting of the cookie (since the cookie path setting is / all paths should match now.)

 

My guess is that the meta redirect for your browser is doing something like adding a www. at the start of the url in the redirect.

 

Some things to try, use an absolute redirect (specify the full url - http://www.yourdomain.com/yourpath/yourfile), switch to using a header("Location....) redirect, or change the session cookie domain to be .yourdomain.com (with the leading dot) so that the cookie matches www.yourdomain.com and yourdomain.com.

I always use sendredirect("http://www.domain.com/mypath/mypage.php");  The only thing that changes is the page name (the domain and path is the same).  The sendredirect() function is above in functions.php.  Is there something I should change?  Should I use header() instead?  I don't know how to change the session cookie domain to be different.  I appreciate all of your help... it's been extremely helpful!

 

Your posted code does not do what you just stated. It simply has sendredirect("test.php"); If you are in fact doing something like "http://www...../test.php", but the other pages are reached without the www., then this is changing the hostname and the session cookie won't match using the current session cookie settings.

 

Short story - there are 100's of thousands of servers using sessions with many different browsers. Your code does work with one browser that you tried but not another. The posted code worked for me with both FF and IE. Something you are specifically doing is preventing it from working in FF. If your posted code is not what you are actually doing, it is not possible to help you further using the current information provided.

 

For information on setting session cookie parameters - http://php.net/session

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.