[Resolved] session problem on first page view

smapdi

I have a login screen that gathers a username and password. This passes those variables to a php file (usercheck.php) that verifies the info and, if correct, starts a session with session_start() and sets $SESSION['product'] with a value that's pulled out of a database. The final thing this page does is redirect to another page (salesinfo.php) that's populated with info from a database based on the value of $SESSION['product'].

This page (salesinfo.php) has session_start() on the top of the page and sets $product = $_SESSION['product'] later on in the page. This variable is used in a query to select certain products from the database.

Everything works fine except on the very first login, after opening the browser, I get an error that says there's an "undefined index: product" on the line that has $product = $_SESSION['product'].

If I hit the browser back button and reenter the username/password then the product is passed and the page is populated with the correct data.

I can't figure out why $_SESSION['product'] doesn't get passed when you first open the browser and login.

Thanks in advance.

paulnaj

Hi smapdi,

This is a just an idea ... not definite at all ... but could it something to do with the fact that $_SESSION['product'] is being decalred and a re-direct (using the header() function) is happening on the same page (usercheck.php).

Maybe the $_SESSION variable doesn't actually get a chance to be created on the server before the re-direct occurs!

I know that header('Location: ...') won't work if any headers have already been sent and I think sessions use headers, so it's a possibility.

You could actually check to see if this is the problem just by declaring ...

$_SESSION['product'] = '';

... on the 'login' page.

It's not a solution though, because I suppose that you actually want to set the value of $_SESSION['product'] on usercheck.php as well.

And if you still get the 'undefined index: product' error on the salesinfo.php page, we'll have to think again!!

Paul :queasy:

smapdi

Paul,

I think you may be right. I wanted to set $_SESSION['product'] earlier but I can't until the database is opened and the username/password is checked. By this time it's probably too late to do so.

I tried setting a cookie too until I realized they work the same as session variables. Instead I passed the product through the URL and retrieved it with $_GET. I didn't want to make it visible even though it's not extremely sensitive info but I'm gonna have to.

Now I need to find a way to prevent direct access to pages or access to other pages by those who know enough to change the product in the URL.

If you get any other ideas let me know.

paulnaj

You could just do it two steps.

For example ...

On your usercheck.php page, set the session variable as you have done already. Then display a message saying 'Successful login - click here to continue' and link to the salesinfo.php page.

The 'product' will be stored in the session this time and although it entails an extra click for the user, it saves you putting in the URL.

smapdi

that's a good idea

I'm gonna work with that one

thanks