sessioning questions, please help...

Anon

hi, I am currently creating a virtual store and I am having some problems with sessions. First the user should login first. The login screen contains this code:

<?php
session_unset('SessionEmail');
session_unset('LoggedIn');
session_unset('SessionCart');
session_start();
session_destroy();
?>
-> this is to destroy any current sessions that may be active...

after the user logs in, he/she will be presented with a list of the categories of our shop's products, there is a code:

session_start();
session_register('SessionEmail');
session_register('LoggedIn');
session_register('SessionCart'); 
$LoggedIn = false;
$SessionEmail = "";
$SessionCart = array();

if (!$LoggedIn)
{
if ($Email and $Password)
{
$db = mysql_connect("", "a0009162", "symmetry1");
$result1 = mysql_db_query("a0009162", "SELECT FirstName, Email FROM Customers WHERE Email = '$Email' AND Password='$Password'");
if ($myrow = mysql_fetch_array($result1))
{
$SessionEmail = $myrow["Email"];
$LoggedIn = true;
}
}
}
-> the $LoggedIn variable is a flag to tell if the user is logged in or not. a user can click on the category to see more details about the products under that category. However, when the user does click on them, the session variables automatically reset themselves. Meaning all the session variables I've registered default to empty again. Why is this so? I tried it locally at my hard drive running Apache, mysql, and PHP4 there was no problem. However when I transfered files to our server (Prohosting.com) the problem becomes active. Please help.

badman

hi
1. first of all check which version of php is present on the server.Is it same as yours locally?

are you starting the session in the page where you are displaying the details of the products in taht category?

you have to put session_start() at the start of every page where you want the already registered session variables. In my opinion(guess really!) you have forgotten to do this..

also try this
if (!$PHPSESSID)
{
session_register('my_variable');
}
else if(!$my_variabl')
session_register('my_variable');

for all the session variables you have registered.

hope it helps..

fseesink

This may or may not be related, but IF your PHP scripts are being hosted on a Windows system running IIS, then the issue could be related to a bug which exists in many releases of the PHP engine for Windows. For details, see the original posting at

http://www.php.net/bugs.php?id=5493

and the subsequent posting, after the bug reappeared, at

http://www.php.net/bugs.php?id=8989

This bug was resolved in the Windows CGI version in v4.0.2, but reappeared in 4.0.4. The last release that worked properly with sessions was 4.0.3pl1 (which I currently use for this very reason).

The problem you describe sounds very similar to what I've posted. If you can, read PHP bug #8989, create the four scripts listed, and see if you get the same result. If so, PLEASE post to that problem, as I am having a heck of a time getting anyone to resolve this issue, and if they saw more people posting, they might take it more seriously.

The only way to know what kind of system is hosting your site, if you don't already know for sure, is to create a simple script. I always have a simple file called VERSION.PHP in which I have quite simply

<?php
phpinfo();
?>

This should tell you everything you need to know about what kind of host your site runs on, what version of PHP they have, etc.

Please note if this is NOT a Windows system, I can't honestly speak about the problem.

Regarding your code, at the very top, it is wise to FIRST execute session_start(), as session_unset() does not cause a session to initiate, at least as explained in the PHP manual, 4th paragraph from the top, here:

http://www.php.net/manual/en/ref.session.php

Also note, according to the same manual, session_unset() doesn't take any parameters. It frees all session variables. Details here:

http://www.php.net/manual/en/function.session-unset.php

Another question: How is your webhosting site configured PHP-wise? That is, do they have the following items correctly configured:

Do they have session.save_path properly set to a location where session files can be saved?
Are you counting on sessions via cookies, in which case, is the host configured with session.use_cookies = 1?
If you're going with passing the session ID (SID) via URLs, is the host configured with session.use_trans_sid = 1, and was the engine compiled with the flag --enable-trans-sid?

All of this can be determined by creating a PHP file like the example above, and looking at what the engine tells you.

That's the best I can offer if you're on a non-Windows system I'm afraid.

Anon

It's working already, I did forget to put session_start(); in every page, hehehe, thanks for the help!