Problems with HTTP_SESSION_VARS

Anon

Hi all,

As advised from php.net, I have decided to make my user login system more secure using $HTTP_SESSION_VARS and $HTTP_COOKIE_VARS

Basically, if a user logs in they have a choice to remember them, so the next time they visit the site, it pulls their details.

Now, the cookie is set fine, i get a value from $HTTP_COOKIE_VARS["live_member_key"]; and i call a function called do_login() (see below).

The problem is that when the user goes to the page on the re-visit(i.e. closes browser, reopens it), the HTTP_SESSION_VARS appear to be blank, but when the page is refreshed, they work!

code:
at the top of the index.php page:
<?php
session_start();
session_register("live_member_key");
session_register("live_name");
include "includes.php";
do_login();
?>

the do_login function:

function do_login() {
global $HTTP_COOKIE_VARS;
if ($HTTP_COOKIE_VARS["live_member_key"]) {
$live_member_key=$HTTP_COOKIE_VARS["live_member_key"];
$live_name=$HTTP_COOKIE_VARS["live_name"];
}
}

Can anyone see what I am doing wrong? it's late I know, but i just can't see it!

Kevin

Anon

Closing a browser will zap any session cookies sent by PHPs builtin session support.

delamitri

Setting a cookie using setcookie with a max timeout won't be zapped.

setcookie ("key", $val, time()+999999999);

in fact the cookie isn't zapped for definate as the cookie vars are readable, it's the transferring the varsover to a session and displaying using $HTTP_SESSION_VARS afterwards thats the problem.

Kevin