[Resolved] php session problem

raazzzin

Hey Guys,

I've been struggling with this a bit. I create a session via session_start() when users come to my homepage. For testing, I echo out the Session ID and I see a unique ID has been set. The user then logs in thru the homepage, I register various session variables and the homepage refreshes w/ a "logged in" user view. The echoed Session ID remains the same at this point. I then click a link to go to another page within my website, and the echoed Session ID changes and I've lost all my session information. The user then has to relogin afterwhich the problem never resurfaces in that browser instance.

It seems as if the Session ID being echoed when I initially visit the homepage in a new browser is from a stored cookie or something, but upon moving to another page, the session ID changes. Why when I login on the homepage and refresh the homepage, the Session ID stays the same.

In php.ini, I have the Session ID auto passing variable set. I also have use cookies enabled.

Any help will be appreciated?

Thanks.

Raj

stolzyboy

post some code so someone can help you a little easier

raazzzin

ok, let me post some sample code (here are the relevant snippets)

<?
session_start();
echo "sessionid".session_id();

if ($login)
{
// validate username and password

session_register("s_user_name");
session_register("s_password");

$GLOBALS['s_user_name'] = $username;
$GLOBALS['s_password'] = $password;
}
?>

<form method="post" action="<?echo $PHP_SELF;?>">
<tr>
<td>Username</td>
<td>
<input type="text" name="username"></input>
</td>
</tr>
<tr>
<td>Password</td>
<td>
<input type="password" name="password"></input>
</td>
</tr>
<tr>
<td>
<input type="submit" name="login" value="login"></input>
</td>
</tr>
<tr>
<td>
<a href="anotherpage.php">Link to Another Page</a>
</td>
</tr>
</form>

Ok, so a user comes to the homepage in a new browser instance, upon arrival, a session ID is echoed out:

sessionid13151a4bd7886078fc16d432f462c094

Now the user logs in and hits the login submit button. The page refreshes and the following user id is echoed out:

sessionid13151a4bd7886078fc16d432f462c094

Everything is ok so far, session information is stored. Now the user clicks to "anotherpage.php". This page looks like:

<?
session_start();
echo "sessionid".session_id();
?>

<tr>
<td>Some Random Content</td>
</tr>

Well, the session ID echoed out when this page loads is:

sessionidc4b481d1aded1cab9d69df3745518ad7

And I have lost all my session information. If I then go to the homepage, this new session ID remains the same. If I login again, the new session ID remains the same and if I click the "anotherpage.php" link, the new session ID remains the same -- meaning it works.

Do you know why I lose my session information when I link to another page in a new browser instance or the first login at this site within a browser instance.

Here are some relevant settings:

session.auto_start = 1
session.use_cookies = 1
session.cookie_lifetime = 0
session.use_trans_sid = 1

Why do I have a session ID when I first visit the site before I login, is that session ID coming from a cookie?

Thanks, any help will be appreciated.

Raj

stolzyboy

it would be a lot easier if you only start a session upon the user logging in, then you can just set the session that way

this would be after they submit the login form

<?
session_start();
$SESSION['username'] = $POST['name_from_form_for_username'];
$SESSION['password'] = $POST['name_from_form_for_password'];
?>

then every other where user needs to be logged in, simply start with

<?
session_start();
?>

it's as simple as that, no need to mess with session id

raazzzin

I have tried that. I put session_start() in the login function. However, I still lose my session information when i go to another page, if this is the first login in a browser instance. Also, a session id is still outputted upon visiting the homepage before I even call session_start() in a new browser window.

I think it's something related to a PHP setting.

Raj

drawmack

umm what about http://us2.php.net/manual/en/function.session-write-close.php

stolzyboy

i don't see anywhere where you are using $_SESSION, use that like i showed you instead of the old session_register way, and don't use them together

raazzzin

Ok, going to address both people here.

To stolzyboy:

I change the code so I register sessions like such:

$SESSION['s_user_name'] = $POST['username'];
$SESSION['s_password'] = $POST['password'];

I also moved the session_start function to the login function.

Now, I'm unable to retrieve any of my session variables. Can I not reference a session variable by $s_user_name? Is there a special way to reference it if you register session variables in the above manner.

To drawmack:

Calling session_write_close() if a session id exists at the top does solve the problem:

if (session_id())
{
session_write_close();
}

session_start();

However, the session url rewrite on all the links in the page does not get ran, I guess this is noted in the last comment in the session_write_close method description at the PHP site:

http://us2.php.net/manual/en/function.session-write-close.php

Any ideas, how to work around that problem.

Thanks.

Raj

stolzyboy

access it with

$_SESSION['s_user_name']

raazzzin

Ok, I tried that, still no luck, I still lose the session information when I go to another page when it's the first login in a browser instance.

Do you think it's related to something w/ the version of PHP I'm using. I'm using 4.2.2

Raj

stolzyboy

not likely, can you do this for me and tell me if it works

session_test_one.php with ONLY the following in it

<? 
session_start(); 
$_SESSION['var_one'] = "This is var_one"; 
$_SESSION['var_two'] = "This is var_two"; 

echo "<a href=\"session_test_two.php\">click</a>"; 
?>

then session_test_two.php with ONLY this:

<? 
session_start(); 
echo $_SESSION['var_one'] . "<br>"; 
echo $_SESSION['var_two']; 
?>

now if this simple test doesn't work, then we'll have to look elsewhere for the problem

raazzzin

Hey Guys,

I've realized what the problem is, the code was fine, it was actually in the testing. I'm running / developing this website on my laptop so to view it I type:

http://localhost

Well, I have a variable that represents the base URL of the site, I had that set to http://mobileraj. So what happened was anytime I clicked a link etc, I'd get taken to http://mobileraj. session_start() creates a new session id when the domain changes since it doesn't know that http://mobileraj resolves to the same webpage as http://localhost.

Sorry, stupid bug. Thanks for all your help.

Raj