sessions - all good except on XP/N6 (reposted from newbie section)

jonchakra5

Hi folks.

I'm reporting this to the coding forum. originally posted to the newbies by mistake. I was searching through posts on sessions and hit "new thread" and didn't check which forum I was in. Hope this does not cause trouble!

I've got a tough one here. I've got a sessions based login up and running. It is working for me and for my partner, but not for the client.

The client is running WinXP/N6. She is also on the east cost and we on the west. The host is pair.com and they have a standard setup of PHP save the session.use_trans_sid setting which is "1". Seems to me that should save the situation if her cookies where off though.

Earlier I had the whole thing in cookies, and she had the same trouble.

HELP!

Any thoughts?


session_start();


function login (
	$ses_employer_logged_in,
	$ses_employer_user_id,
	$ses_jobseeker_logged_in,
	$ses_jobseeker_user_id
	) {

// initialize	

$employer_logged_in = FALSE;
$employer_user_id = FALSE;
$jobseeker_logged_in = FALSE;
$jobseeker_user_id = FALSE;

if($ses_employer_logged_in){
	$employer_logged_in = $ses_employer_logged_in;
	$employer_user_id = $ses_employer_user_id;
}
if($ses_jobseeker_logged_in){
	$jobseeker_logged_in = $ses_jobseeker_logged_in;
	$jobseeker_user_id = $ses_jobseeker_user_id;
}

// get input
$email = trim($_POST["email"]);
$password = trim($_POST["password"]);

// check for incomplete info
if($email == "" || $password == "") {
	$message =  '<p align="center">Please complete both fields.</p>';
}
else { // check complete info

	//which form is being used
	$employer = FALSE;
	$jobseeker = FALSE;
	$which_login = trim($_POST["which_login"]);		
	if($which_login == "employer" ){
		$employer = TRUE;
	}
	if($which_login == "jobseeker" ){
		$jobseeker = TRUE;
	}	

	//check login
	if($employer){

		$sql = "SELECT id,name FROM clients WHERE email='$email' AND password='$password'";
		$query = mysql_query($sql);
		$login_success = mysql_num_rows($query);
		$row = mysql_fetch_array($query);
		$employer_user_id = $row["id"];
		$name = $row["name"];
		if($login_success > 0) {

			$employer_logged_in = TRUE;

			$message = '<p>&nbsp;</p>';
			$message .= '<p align="center">Successful Login for <strong>'.$name.'</strong>!</p>';
			$message .= '<p align="center">Enter the <a href="http://www.virtualspa.com/employers.php">Employers Job Center</a> or <br />';
			$message .= '<a href="employers_edit_company.php">edit your company listing</a> in the Resource Center.</p>';
		}
		else {
			$message = '<p align="center">Unsuccessful login, please try again.</p>';
		}
	}
	if($jobseeker){
		$sql = "SELECT id,title,first_name,last_name FROM seekers WHERE email='$email' AND password='$password'";
		$query = mysql_query($sql);
		$login_success = mysql_num_rows($query);
		$row = mysql_fetch_array($query);
		$jobseeker_user_id = $row["id"];
		$first_name = $row["first_name"];
		$last_name = $row["last_name"];
		$name = $first_name.' '.$last_name;
		if($login_success > 0) {

			$jobseeker_logged_in = TRUE;

			$message = '<p>&nbsp;</p>';
			$message .= '<p align="center">Successful Login for <strong>'.$name.'</strong>!</p>';
			$message .= '<p align="center">Enter the <a href="jobseekers.php">Jobseekers Job Center</a>.</p>';
		}
		else {
			$message = '<p align="center">Unsuccessful login, please try again.</p>';
		}
	}
}

// populate login results array
$login_result_array = array(
	"employer_logged_in" => $employer_logged_in,
	"employer_user_id" => $employer_user_id,
	"jobseeker_logged_in" => $jobseeker_logged_in,
	"jobseeker_user_id" =>  $jobseeker_user_id,
	"message" =>  $message
);
return $login_result_array;

}

if($_POST["submit"] == "Login") {

$login_result_array = login(
	$ses_employer_logged_in,
	$ses_employer_user_id,
	$ses_jobseeker_logged_in,
	$ses_jobseeker_user_id
	);

// set session vars

session_register("ses_employer_logged_in");
$ses_employer_logged_in = $login_result_array["employer_logged_in"];

session_register("ses_employer_user_id");
$ses_employer_user_id = $login_result_array["employer_user_id"];

session_register("ses_jobseeker_logged_in");
$ses_jobseeker_logged_in = $login_result_array["jobseeker_logged_in"];

session_register("ses_jobseeker_user_id");
$ses_jobseeker_user_id = $login_result_array["jobseeker_user_id"];

$login_tracker_array = array(
	"employer_logged_in" => $login_result_array["employer_logged_in"],
	"employer_user_id" => $login_result_array["employer_user_id"],
	"jobseeker_logged_in" =>  $login_result_array["jobseeker_logged_in"],
	"jobseeker_user_id" =>  $login_result_array["jobseeker_user_id"],
	"message" =>  $login_result_array["message"]
);	

}else{

$login_tracker_array = array(
	"employer_logged_in" => $ses_employer_logged_in,
	"employer_user_id" => $ses_employer_user_id,
	"jobseeker_logged_in" =>  $ses_jobseeker_logged_in,
	"jobseeker_user_id" =>  $ses_jobseeker_user_id
);	
}

jonchakra5

Some additional info:

First, any type of feedback is welcome!!

I am now using relative links (employers.php) that seem to pass the PHPSESSID just fine. It seems to be cookie=off proof.

Basic Question: Can (same site) one person have sessions work fine and another have them failing if they are both using modern browsers, trans id on and relative links???

Also, each protected page uses something like:


<?php
$employer_logged_in = $login_tracker_array["employer_logged_in"];
?>		
<?php if($employer_logged_in) { ?>


protected page info


<?php } ?>