Cookies and sessions

Deposeni

For some reason, my sessions aren't working correctly - everytime multiple users are using my forum, they end up posting as each other - the session's than get mixed up, and they're logged in as each other!

Heres my code for logging in

<?php
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
session_start();
include("config.php");
?>
<body bgcolor="#696969" text="#ffffff" link="#ffffff" background="menubg.jpg">
<?

$a = new database();
$a->connect();

$quser = mysql_query("SELECT * FROM login WHERE user='".$_POST['user']."' AND pword='".$_POST['pword']."'");
$usern = $row['user'];

if ($row = mysql_fetch_array($quser, MYSQL_ASSOC)) {
	print "User ".$row['user']." has successfully logged in<br>";
	//print "Your session is: ".session_id().".<br>";
	$_SESSION[user] = $row['user'];
	session_register("user");
	$user = $row['user'];
	print "Go <a href=\"index.php\">back</a> to the front page.";
	print "<meta http-equiv=\"refresh\" content=\"1;URL=menu.php\">";
//$add_user = "INSERT INTO login (laston) VALUES ('".date(m/d/Y H:i)."' )";
//$updatetime = "UPDATE login SET laston= '" . date(\"m/d/Y H:i\") . "' WHERE user = '".$_POST['user']."'";
$hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
$updatetime = "UPDATE login SET laston= '".date("m/d/Y H:i")."', lastip= '$hostname'  WHERE user = '".$_POST['user']."'";
mysql_query($updatetime) or die(mysql_error());
		}
	else {
		print "Invalid username or password<br>"; 
		print "<meta http-equiv=\"refresh\" content=\"1;URL=menu.php\">";
		}
?>

Then whenever I call it, I use

$_SESSION['user']

See any problems with this? Its really buggy... And obviously will have problems, once I get multiple people constantly on.

HalfaBee

Do not use session_register!

The line $SESSION[user] ( should be $SESSION['user'] ) does the session_register automatically, check out the manual for $_SESSION.

HalfaBee

Deposeni

Hm... But would that cause the problems I just talked about? And how would I delete the session if I don't use register?

HalfaBee

FROM THE MANUAL

Caution
If you are using $_SESSION (or $HTTP_SESSION_VARS), do not use session_register(), session_is_registered(), and session_unregister().

I don't know what happens, but this is what the manual says.

HalfaBee

Deposeni

Thanks! If anyone know if using session_register would do what I said above, please tell me!

Also: How would I make the sessions save cookies client side?

HalfaBee

The manual says not to use these functions if you you use $_SESSION[] array, SO DONT!

If the client allows the cookies there is not a problem.

HalfaBee

Deposeni

lol, I know I'm just wondering - because its not saving ANY THING on my side - and I have cookies on

Edit: I think I know what the problem is... "phpsesid=##" isn't being added to any of the URLs, and cookies aren't set... I need to figure out how to use cookies because I REALLY don't want to see that annoying "phpsesid=" for every page.

Deposeni

Anyone?

Deposeni

Someone... please...Help! - I need to know how to save sessions into cookies - the php.net doesnt have much doc on it... (Without using the annoying "url.php?phpsesid=?"

HalfaBee

Originally posted by Deposeni
Hm... But would that cause the problems I just talked about? And how would I delete the session if I don't use register?

unset( $_SESSION['variable'] ) to remove session variables.

Use session_destroy() to finish the session.

Check your php.ini in the [session] section for
session.use_cookies = 1
It may have been disabled

HalfaBee

Deposeni

Originally posted by HalfaBee
unset( $_SESSION['variable'] ) to remove session variables.

Use session_destroy() to finish the session.

Check your php.ini in the [session] section for
session.use_cookies = 1
It may have been disabled

HalfaBee

Hmm... It IS set to 1... Strange

I'm just using $_session['user'] = $row['user'], nothing else.

HalfaBee

Its $SESSION[] not $session.

I think case is important here.

HalfaBee

Deposeni

	if ($row = mysql_fetch_array($quser, MYSQL_ASSOC)) {
		print "User ".$row['user']." has successfully logged in<br>";
		//print "Your session is: ".session_id().".<br>";
		$_SESSION['user'] = $row['user'];
		$user = $row['user'];

HalfaBee

Try this and see if it works.

HalfaBee

<?
session_start();
echo "SESSION = ";
print_R( $_SESSION );

$_SESSION['test1']=$_POST['test'];
?>

<form method=POST >
<input name=test >
<input type=submit >
</form>

Deposeni

SESSION = Array ( )

HalfaBee

Did you try it a couple of times with different input?

HalfaBee

Deposeni

SESSION = Array ( [user] => Tetsuo )

Sorry - I copied your code directly - I had to move it to after it defines the actual session

HalfaBee

My code works fine 🙂

If you put the print_r after that line you are only showing what is in the array currently.
The way I posted it, it showed the value passed by the session.

HalfaBee

Deposeni

No No thats not the problem - whenever two or more people are online, the sessions get mixed around... thats why I need to use cookies (Read the original post)

HalfaBee

So are your sessions working?

What you need to do to keep each user seperate is to store the session_id() in your DB and reference everything to that for the seesion.
When the person logs out remove the value.

HalfaBee