I'm having a session variable persistence problem, but to make things interesting the problem only seems to occur in Mozilla (1.6). Now, before you remind me to check Mozilla's cookie settings, I have set Mozilla's cookie setting to "Enable all cookies" and have unchecked the "Limit maximum lifetime of cookies" box. So I don't believe this is just a client problem, but I can't imagine how it can be a server side issue either. I'm stumped.
The application in a nutshell:
A trio of simple scripts:
login.php - HTML form for submitting username and password
loginValidation.php - queries the db for username/password, and redirects to login.php if the username/password is not correct. Otherwise sets session variable $_SESSION['login_id'] and redirects the browser to mainMenu.php
mainMenu.php - among other things not relevent here, this script looks to see if the $_SESSION['login_id'] variable is set, and if not it redirects to login.php.
My trouble shooting method:
Because IE remembers the session variable and Mozilla doesn't, I wondered if the session cookie was being set. So I've had loginValidation.php append session data to the mainMenu.php url so I could compare the state of the session when I set it verus the state when the next page loads. The query string data is count($_SESSION) and sesssion_id(). On the main menu page, I compared the previous value of session_id() with the current value. And I got different results on IE and Mozilla:
In IE:
Count: 1
old sesion_id: 33692730a8ccee28443f07b4ad825bb5
new: 33692730a8ccee28443f07b4ad825bb5
The session ID's are the same across the two pages in IE, and the session variable is set.
In Mozilla:
Count: 0
old session_id: fa9850223c0aed84849a012ea5775f2a
new: 815b7c99172d2c580cfc9a50b74137be
The session ID's are different in Mozilla, and the session variable is not set.
The different session ID's seems to indicate to me that Mozilla isn't saving the session cookie, despite the settings. Can anybody tell me what would cause this behavior?
Here are some code samples that I'm using:
// loginValidation.php
session_start()
if (mysql_num_rows($loginResult) == 1)
{
// if one record is returned, then the login is sucessful.
// set the session variable for the user's admin ID.
$login_id = $loginData['ID'];
// re-set the expiration time for 30 minutes from now.
session_set_cookie_params(time() + (60 * 30));
// set the value of the session variable.
$_SESSION['login_id'] = $login_id;
//Send the user to the main menu.
header("location: mainMenu.php?sessionCount=" . count($_SESSION) . "&sesid=" . session_id());
}
else
{
// if 0 records were found, then the login has failed. If more than 1 record was found, the username/password is not valid.
// in either case, send the user back to the login page.
header("location: index.php");
}
// mainMenu.php
session_start();
if (IsSet($_SESSION['login_id']))
{
// re-register the session variable.
session_register('login_id');
session_cache_limiter('nocache');
// re-set the expiration time for 30 minutes from now.
session_set_cookie_params(time() + (60 * 30));
}
else
{
// there is no login, or the login session variable has expired, send 'em home.
//header("location: index.php?errorMsgs=login_expiredLogin");
}
My php version is 4.2.
Thanks in advance for your insights, insults, advice, whatever you can do fo me 🙂
Mike
