confused by SESSIONS

ratbaggy

I'm getting really confused. I created a reasonably simple login script that retrieves logins from an array and redirects correct logins to relevant directories/pages, which contain PHP pages that check session variables for logged info and member number (I used $SESSION to set variables). On my localhost the log in is successful and the variables are passed, however, on my hosted server the variables aren't getting passed at all. Although I do know a session is started. I checked this with a login check file (as below) on both local and host:

<?php 
session_start();
echo session_id();
echo "Sessions: <pre>";
print_r($_SESSION);
echo "</pre>";
?>

I for the life of me can't work it out. I looked at the hosted phpinfo compared to local info and it was the same as far as I could tell. Yes I have contacted the host, however they don't provide PHP support and keep telling me the problem is with my code (on the loginScript), but it works on my localhost!!

Maybe...could somebody post a simple login script using SESSIONS(no database) that I can use to test if it's my code?

If you know a fix or another solution please enlighten me.

Cheers in advance.

ratbaggy

$post = 20 views and not one reply.

😕

HalfaBee

How a bout posting your code.
Maybe there is a simple mistake.

Normally if you do $_SESSION['loggedin']='yesy';
it gets passed to the next script.

What version of PHP is your host using?

HalfaBee

dalecosp

So, what is the content of the SESSION array when you do print_r()? And no error messages? What about in the web log? It may be that they're logging messages instead of allowing the parser to output them to the browser.

I assume this is a virt-hosted deal...what's the session cookie path, and do you have permissions on that dir? Does it even exist?

And HalfaBee's got a good idea. If they're using an old -V of PHP, you might have to use $HTTP_SESSION_VARS... but surely not, as that was introduced in v4.0...and you'd have surely noticed.... 🙂

ratbaggy

I have on my 4.3.2 localhost
Yes dalecosp it is a virt-host setup. They run 4.3.1.

and heeeeere's the code

loginScript.php

<?php 
$local_Username = $_POST['username']; 
$local_Password = $_POST['password']; 

$failedPage = "failed.php";
//$urlPrefix = "http://www.google.com.au/";

session_start();  # must do this on each page a $_SESSION var is needed/used

$user[] = array("user1", "pass1", "temp/index.php");
$user[] = array("user2", "pass2", "temp/index.php");
$user[] = array("user3", "pass3", "temp/index.php");

$members = count($user);

for($i=0;$i<$members; $i++){
	if(($local_Username==$user[$i][0])&&($local_Password==$user[$i][1])){
		$_SESSION['loggedin'] = 1;   # assign a logged in status to this var
		$_SESSION['member'] = $i;    # assign the user's number to this var
		$successPage = $user[$i][2];
		header("Location: $successPage");  # send this user to his successPage 
	}
}
if ($_SESSION['loggedin']!==1) {
	header("Location: $failedPage");  # send the user to the failedPage
}
?>

And here is where the problem is (as far as I can anrrow down, remember I am a newb :p) This is from the index.php file in the relevant folder.

<?PHP
	session_start();
	if ($_SESSION['member']!==1){ # if the member number is not equal to the relevant user number then
		header("Location: ../login.php"); # send 'em back to login page
	}else{ # otherwise process HTML
?>

Hope this helps you help me 🙂

Cheers

what's the session cookie path, and do you have permissions on that dir? Does it even exist?

That's what I thought to. I have contacted the host, but as usual the techs aren't working today. 🙂

BTW can you explain that web log, loggin messages, parser thing in simpler terms? Is there a way around it?

HalfaBee

I am pretty sure the Location: header needs the full URL.

HalfaBee
From the PHP manual

Note: HTTP/1.1 requires an absolute URI as argument to Location: including the scheme, hostname and absolute path, but some clients accept relative URIs. You can usually use $SERVER['HTTP_HOST'], $SERVER['PHP_SELF'] and dirname() to make an absolute URI from a relative one yourself:

ratbaggy

HalfaBee: cool. thanks. I have changed them to full URLs

My confusion continues to grow...now the first time you enter a correct user/pass combo it redirects back to the login page. then when you enter another user/pass combo (same or diff) it logs in.

To me = The first time through the variables are not being created.??!

Aaaaarrrgh!
🙂

EDIT

YAY! Fixed it.
I started the session on the login page. Didn't realise this needed to be done. Thanks to all who chipped in.

$ratbaggy = 😃

HalfaBee

Not really sure what your problem is, but remember that the member id will be 0 to 2 not 1-3

HalfaBee

ratbaggy

Yeah, didn't forget thet Halfabee.

I started the session on the login page. Didn't realise this needed to be done. Thanks to all who chipped in.

Is it usually done that way?

HalfaBee

If it works thats fine 🙂

Remember to do session_destroy() when you are finished.

HalfaBee

ratbaggy

OK. Why's that? Should that just be for log out or immediately after log in is successful - i.e. on relevant index.php page

dalecosp

Upon log out... 🙂