More fun with Sessions and Users

Kor_Ikron

Hello there.

I am having a problem with a site I'm working on. The authentication works wonderfully and all is good. It logs in fine, it remembers people fine, but as soon as they venture away from the site, either to other sites or close the browser it frequently just forgets their session and asks them to log in again.

It calls for includes/class_session.inc and then the function it looks at is function session_check(). These are the contents of class_session.inc:

<?php

ini_set("session.cookie_lifetime", "86400");

class session {

	var $session_username;
	var $session_security_id;
	var $session_account_details;

	function session_start($login_username) {

		global $sql;	

		$this->session_username = security_cleaner($login_username, 64);
		$this->session_security_id = md5((microtime()*1234567) . $this->session_username);

		$sql->db_update("user_accounts", "security_id = '". $this->session_security_id. "', ip_address = '". $_SERVER["REMOTE_ADDR"] ."', last_login = '". time() ."'", "username = '". $this->session_username ."'");
		$account_query = $sql->db_select("user_accounts", "username = '". $this->session_username ."'");
		$this->session_account_details = $sql->db_fetch($account_query);

		$_SESSION["username"] = $this->session_username;
		$_SESSION["security_id"] = $this->session_security_id;
	}

	function session_close() {

		global $sql;

		$sql->db_update("user_accounts", "security_id = ''", "username = '". $this->session_username ."' OR security = '". $this->session_security_id ."'");

		unset($_SESSION["username"]);
		unset($_SESSION["security_id"]);
	}

	function session_check() {

		global $sql;

		$this->session_username = $_SESSION["username"];
		$this->session_security_id = $_SESSION["security_id"];

		if (empty($this->session_username) || empty($this->session_security_id)) {
			$this->session_close();
			return FALSE;
		}

		$account_query = $sql->db_select("user_accounts", "username = '". $this->session_username ."'");
		$this->session_account_details = $sql->db_fetch($account_query);

		if ($this->session_account_details["security_id"] != $this->session_security_id) {
			$this->session_close();
			return FALSE;
		}

		if ($this->session_account_details["ip_address"] != $_SERVER["REMOTE_ADDR"]) {
			$this->session_close();
			return FALSE;
		}

		return TRUE;
	}

	function account_details() {

		if ($this->session_check()) {					
			return $this->session_account_details;
		} else {
			return FALSE;
		}
	}

	function is_administrator() {

		if ($this->session_account_details["privilege_level"] == 2) {
			return TRUE;
		} else {
			return FALSE;
		}
	}
}
?>

Can someone help? Thanks.

Shrike

A php.ini default setting for sessions is to end them when the browser is closed. When do you call session_start()? I note that you set the cookie lifetime at the top of the class, but if this is after calling session_start() then it will have no effect.

Kor_Ikron

Thank you so much.

Is there any way you can think of to fix this problem? Thank you.