session variables

j_bouwers

I am developing a website which has support for members to login

I use mysql for a user-database.
When a user wants to log in, he enters name and password and clicks "login" button, which takes him to login.php
In login.php:

I first do session_start();

Then I check the database to see if the user/password combination exists. if it exists, I set $user_allowed to 1, else I set $user_allowed to 0.
This variable and the username, and a userlevel, taken from the database, is registered with the session using
session_register('user_allowed', 'user_level','user_name');

Then the user is redirected to index.htm (using header ("Location :"index.php").
In index.php, I first do session_start();

Then I check if $user_allowed is 1 and if it is, some data is displayed, and if it is not, the user is redirected back to the login-page.

Should work, right? Well, sometimes it does, sometimes it does not. The problem is that in index.php, after the session_start();, the $user_allowed variable is NOT registered and also the user_name and user_level variables are not registered anymore!

What is wrong? (php version is 4.1.2)

I checked the session_id()'s, they are the same, during a session, so this is not the problem.

Help.

bastien

put

session_start();
session_register('user_allowed', 'user_level','user_name');

at the top of the index.php page as well...you mentioned that you have the session_start() there but I don't thiknk you indicated that you had the session_register() there...

give it a try...

cjliu42

Sometimes it works and sometimes it doesnt? Could you be more specific?

Check to have allowed for sessions variables in your browser,
or try passing the session through the url

header("location:index.html?".sid);

You do not need to register the session again once registered, unless you have unregistered the variables.

j_bouwers

I added session_register(...) in index.php, didn't help.

Sometimes good, sometimes not good means:

It seems that on fast connections (ADSL) there are absolutely no problems, only when the user has a 'slower'connection, like ISDN or a plain modem, OR when the user is on a location far away (Asia, Middle East) (our server is located in The Netherlands), it fails.

Could there be some kind of timeout (?????)

I doublechecked it, the variables are not just set to nothing or 0 or whatever, they just are not registered anymore, I checked with session_is_registered("..");

Hans

bladx

I have also been creating a system somewhat like this.

I have a user log in, and then check the post vars ($POST[]) with the database entry of the user, and makes sure that it is a real user and that the password matches, etc. If the login is a success, then I put the user and password into global $SESSION variables ... is this a bad way to do it by the way, for multiple users?

Anyway, it works fine on my server, and on another server running php 4.2.2, but when I uploaded it to my sourceforge page, which is running php 4.1.2, whenever I log in, it is really flaky and after a little while drops my $_SESSION variables for my user and pass ... and i can't do anything but keep logging in ...

Any ideas? Thanks.

roneill

Could it be that globals are set to off and you need to use $_Session[varname] ?

bladx

No, register_globals are On.

universelittle

i use php 4.2.2, global_register is off.

I tried session_register('username'), it never works for me. but I tried $_SESSION['username], it works well. But the problem is how to register multiple users at the same time if they login almost at the same time??😕

j_bouwers

The php version was updated to 4.2.2, but still the same problems. Slower connections: no good.

the ISP changed the configfile, now register_globals are off, so i had to rebuild the whole site from session_register() etc to $SESSION. After this, it worked fine agian, but for the faster connections. On the slower systems, just like on bladx's SourceForge system, the $SESSION vars are just gone.

It looks like there is some time-out involved.
Any ideas?

Btw afiak, there should be no problem with multiple users logging in at the same time, cause that's just what sessions are. Anyone who connects to a site where a php script does session_start(), is assigned a new session, and the vars are registered solely in that session this only available to that specific user

Hans