Sessions

ptbsG_Man

Hi I am having some problems with sessions on Win2000 Adv. Server IIS and php4.

you goto the page from a form on an ASP page (using sessions) and when it goes to the PHP page it gets some vars. from the form and grabs some stuff out of a database and gives them a session name. now when i goto the page the first time all i get is a
ASPSESSIONIDXXXXXXXXX => XXXXXXXXXXXX

in my $_REQUEST[''] dump

now if i hit the back button and do it again it will work and ill have my php session vars. and the ASP sessionid

The only reason i bring up the aspsessionid is cause i think that might be causing the problem but dont know you can test to see what i mean @

http://www.christianmusiciancoalition.org > member login >Username:don & Password:don > Upload My Sample Audio MP3 files

the PHP is not done yet so dont mint the errors just look @ the bottom where i do my Var. dumps

Thank you
Don

sublimatica

Your problem might be in the order that your visitor hits these pages. The login page, and the page immediately afterwards are both ASP-based, which is why you have an ASP session handled.

When you click the link to go to the upload music page, that's the first PHP page that your visitor's browser sees, and it's on the first visit to the page that the cookie is created. However, the cookie isn't sent back from the user's browser until he goes to the next page, and so PHP hasn't received any header information about the cookie.

When you revisit the page, the cookie already exists, and is sent to your server from the browser, which is why PHP can access the sessionid.

To get around this, you could try putting an empty page in between the 'Upload my Sample Audio MP3 files' link and the file management page afterwards. Redirect users to the file management page with a <META HTTP-EQUIV="Refresh".... -type HTML tag but set the cookie at this stage. That way, the session will be established and the cookie will exist by the time the users reaches the file management page.

Does that make sense?

ptbsG_Man

Thanks ill try that but the way i do it is like this
the asp page > the real first php page where it get the values from a access database and assigns the values to the sessions here it is

<?php
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
//get form data
$username = $_POST['strUserName'];
$password = $_POST['strPWord'];
//open DB
$db_connection = new COM("ADODB.Connection");
$db_connstr = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" . realpath("MusiciansDB.mdb") . " ;DefaultDir=" . realpath(".");
$db_connection->open($db_connstr);
//check for username AND password
$rs = $db_connection->execute("SELECT * FROM Web_List2 WHERE UserName='$username' AND PWord='$password'");
//get Vars.
$rs_band = $rs->Fields(B_Name);
// If fail tell and stop
error_reporting(E_ERROR);
if ($rs_band->Value == NULL){
    header("location: unauthorised_user_page.htm");
}
else{
//start the session and asign the Vars.
session_start();
$_SESSION["user"] = "$username";
$_SESSION["pass"] = "$password";
$_SESSION["band"] = "$rs_band->Value";
//close DB
$rs->Close();
$db_connection->Close();
//send them off to a new world
header("location: files.php?login=1");
}
?>

that then goes to the file page,
any ideas why this dose not work?????

sublimatica

Hmmm. I think that your problem might be there because you're not pushing the user to a new page once the session is created. The header("Location:.... command just keeps them on the same page. Your script above sets the cookie but it can't access it yet. Only the next page will be able to access the cookie contents.

Instead of setting the Location for the header line to the page you want to display, make these your penultimate lines:

//send them off to a new world
print "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"0;URL=files.php?login=1\">";

I reckon this'll work, although I admit I haven't checked the syntax for that META tag. 🙂

[Edited to say: Now I have checked it. I did get it wrong! It's now correct.]