session id changes on next page

wacook

This shows a session id but when I hyperlink to a new page the session Id changes.

1st page
<?php
session_start();
session_name();
session_register('ValidLogin');
session_register('LastName');
session_register('FirstName');
session_register('VLogin');
session_register('ACRights');
session_register('CSRights');
session_register('CGRights');
session_register('MNTRights');
$id = session_id();
echo("$id is set as session ID \n");
$sname = session_name();
echo("$sname is set as session name \n");
?>

This shows a session id but when I hyperlink to a new page with
the following script on it the session Id changes.

2nd page
<?php
session_start();
$id = session_id();
echo("$id is set as session ID \n");

The id is a different number and if I echo out any variables they are not set. Any suggestions?

JDcrack

try putting this on the second page:

return session_id();
echo session_id();

See what that outputs.
Also, is doesn't seem as though you are passing the variables.
Like in a cookie, or via GET (test.php?SESSID=36475o561100)

For passing it in a cookie, maybe you would want to do somehing like this on page 2

if(isset($_COOKIE["your_sessid_var"])) 
{ 
return $_COOKIE["your_sessid_var"]; 
} 
else 
{ 
session_start();
setcookie("your_sessid_var", session_id(), time() + ((3600 * 24) * 30));
return session_id();
}

wacook

Thanks, I will try this tomorrow.

I was hoping not to use cookies I just need the variables; available the entire time the user is connected to my server.

🆒

JDcrack

Try this:
Create 2 php pages, test.php & test2.php

test.php:
<?
session_start();
$ValidLogin = "Y";
session_register('ValidLogin'); 
echo "<a href=\"test2.php\">$ValidLogin</a>";

?>


test2.php
<?
session_start();
if ($ValidLogin == "Y") {
echo ("Your are logged in <br> variable ValidLogin = $ValidLogin ");
}else {
echo ("Your are NOT logged in <br> variable ValidLogin = $ValidLogin ");
}
?>

This is a more simple version of what you are doing.

But this way you can see how it is passed

Here some helpful links:
http://www.trios.org/php/sessions/
http://www.zend.com/zend/tut/session.php
http://www.zorka.com/index.php/phptutorial/main/event=index/8

wacook

Thanks, I added some code to show the Session Id and also added a 3rd test page. I have a better understanding of how to pass the session along with in my site. See final test code below.

test1.php
<?
session_start();
$ValidLogin = "Y";
session_register('ValidLogin');
$ACRights = "Y";
session_register('ACRights');
echo("$ACRights is set as AC Rights \n");
$id = session_id();
echo("$id is set as session ID \n");

echo "<a href=\"test2.php\">$ValidLogin</a>";

test2.php
<?

session_start();

$id = session_id();
echo("$id is set as session ID \n");
echo("$ACRights is set as AC Rights \n");

if ($ValidLogin == "Y") {
echo ("Your are logged in variable ValidLogin = $ValidLogin ");
}else {
echo ("Your are NOT logged in variable ValidLogin = $ValidLogin ");
}
echo "<a href=\"test3.php\">$ValidLogin to page 3</a>";
?>

test3.php
<?

session_start();

$id = session_id();
echo("$id is set as session ID \n");
echo("$ACRights is set as AC Rights \n");

🙂 🙂

wacook

I need the session variables in an included function. When I run the function the variables are empty. I assume I am loosing the session when I run the function.

code used below
include "/includes/LogoutRedirectACOnly.inc";

LogoutRedirectACOnly();

Function code is below:
<?php
function LogoutRedirectACOnly()
///Check if AC Rights
{//start the function
if ($ACRights != "Yes"){
echo("$ACRights is set as AC Rights in Logout Redirect function \n");
echo("Your not a valid user \n");
} else{
echo("$ACRights is set as AC Rights in Logout Redirect function \n");
} ///end else
}///end the function
?>

JDcrack

Make sure that you are 'including' your functions
after you register the variables

session_start(); 
$ACRights = "Y"; 
session_register('ACRights'); 

echo("<b>$ACRights is set as AC Rights <br/></b>\n"); 
$id = session_id(); 
echo("<b>$id is set as session ID <br/></b>\n"); 

include "/includes/LogoutRedirectACOnly.inc";

wacook

I get the following error when trying that.

Yes is set as AC Rights prior to function after register

Notice: Undefined variable: ACRights in c:\program files\apache group\apache\htdocs\ame\test\warren\php_pcrlogin.php on line 40

This is the code run to get the error:
$ACRights="Yes";//defined variable prior to function...
session_register('ACRights');///registerd variable prior to function..
echo("$ACRights is set as AC Rights prior to function after register \n");

LogoutRedirectACOnly(); ///call function

wacook

Still no good answer for this

fandelem

Please note that this will not work if the client has cookies disabled, as you are not url-rewriting (attaching the session id to your url string) nor trying to pick up the session on each page.

Something like this would be fine:

I have three main functions for url-rewriting I will always use:

function print_form_action($url)
{
// tags on SID if present  

// returns something like.. action="/index.php?sid=ASA129387AKLJS"
  global $HTTP_GET_VARS, $HTTP_POST_VARS;
  if ( isset($HTTP_GET_VARS['sid']) )
    $sid = $HTTP_GET_VARS['sid'];
  else if ( isset($HTTP_POST_VARS['sid']) )
    $sid = $HTTP_POST_VARS['sid'];
  else
    unset($sid);

  $action = "action=\"";  

  $action .= $url;
  if ( isset($sid) )
   $action .= "?sid=" . $sid;

  $action .= "\"";

  return $action;

}

function print_link($base_url, $query_string, 
    $link_text, $extras = "")
{
global $HTTP_GET_VARS, $HTTP_POST_VARS;

// syntax to call: echo print_link($base_user_url,'admin=edit_content','Admin Area')

  if ( isset($HTTP_GET_VARS['sid']) )
    $sid = $HTTP_GET_VARS['sid'];
  else if ( isset($HTTP_POST_VARS['sid']) )
    $sid = $HTTP_POST_VARS['sid'];
  else
    unset($sid);

  $link = "<a href=\"";
  $link .= $base_url;
  if ( isset($sid) )
     $link .= "?sid=" . $sid;
  if ($query_string) { 
// make sure they want to go somewhere past main script
    if ( strpos($link,"?") != true )
       $link .= '?';
    else
       $link .= "&";
  }
  $link .= $query_string;

  $link .= "\" $extras>$link_text</a>";

  return $link;

}
function redirect($ref, $value, $home, $msg = "") {
global $HTTP_GET_VARS, $HTTP_POST_VARS;

  if ( isset($HTTP_GET_VARS['sid']) )
    $sid = $HTTP_GET_VARS['sid'];
  else if ( isset($HTTP_POST_VARS['sid']) )
    $sid = $HTTP_POST_VARS['sid'];
  else
    unset($sid);

// syntax to call: redirect('refreshtime','where to go past 
//beginning (optional)',$home)
// example to redirect to index.php?admin=edit_content: redirect
//('3','admin=edit_content',$home)
         flush();
         $url = $home;
         if ( isset($sid) && strlen($sid) > 2 )
           $url .= "?sid=" . $sid;
         if ($value) { 
// make sure they want to go somewhere past main script
           if ( strpos($url,"?") != true )
             $url .= '?';
           else
             $url .= "&";
           $url .= $value;
         }

     echo "
     <html>
     <head>
     <meta HTTP-EQUIV=\"refresh\" CONTENT=\"$ref;URL=$url\">
     </head>
     <body>
     $msg
     </body>
     </html>
     ";
     flush();
}

And at the top of EVERY page, I have this:

if ( isset($HTTP_GET_VARS['sid']) )
{
  $sid = $HTTP_GET_VARS['sid'];
  session_id($sid);
  session_start();
}
else if ( isset($HTTP_POST_VARS['sid']) )
{
  $sid = $HTTP_POST_VARS['sid'];
  session_id($sid);
  session_start();
}

This will ensure that you are compliant with people who do not use cookies.

cheers,