[Resolved] strange thing with session and session vars

smapdi

I'm really perplexed here. I'm starting a session on one page, checking username/password and redirecting to another page using GET. I'm putting the session id into the GET URl.
I removed most of the MySQL code in order to focus on the session issue.

<?php
session_start();
$id = session_id('PHPSESSID');

if ($qres[0] == $thepass && (strcmp($qres[0],$thepass)==0))
{
session_write_close();
header ("Location: test.php?id=$id");
}
?>

On the test page the id in the URL doesn't match the session cookie. I'm using a similar method on another site with positive results, hosted on the same server.

<?php
session_start();
?>

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>

<body>
<?php
echo $_GET['id'];
echo "=======";
echo $_COOKIE['PHPSESSID'];
?>
</body>
</html>

The previous code produces the following results.

ecd5710b3bf978450f8ec1ba87e89ec3=======
Notice: Undefined index: PHPSESSID in test.php on line 15

The cookie is there but somehow undefined. Now if I put phpinfo(); on the line after session_start(); then the cookie id and GET id match.
I've done this before with success and can't figure this one out. Thanks in advance for any help.

Installer

Try this:

$id = 'PHPSESSID'; 
session_id($id);
session_start();
// etc.

rehfeld

i think your confusing the session_id w/ the session_name

currently, your trying to set the session id litterally to PHPSESSID, which isnt very unique.....

session_start();

$id = session_id();

please read the manual
http://php.net/session_id

Installer

Using "$id = session_id('PHPSESSID');" will result in $id being equal to the old session id. Doing it that way will also result in a cookie named "PHPSESSID" (or whatever the session name is) with a value of "PHPSESSID". At any rate "session_id()" must be called before "session_start()" to set the id (as must "session_name(), to set the name).

And yes, the manual.

smapdi

OK, I learned more about sessions but my question is still this. Why does the value of $id on test.php not equal the session ID.
What I understand happens when this page loads is this:

On session_start() a cookie is automatically created named PHPSESSID (the default name) with a long string of characters. This cookie expires at the end of the session. (this is what's actually happening)
So in the code below the session starts, the cookie is created, $id is set to session ID which should equal the value of the cookie value just created.
On the following page, test.php, "id" in the URL should still equal the cookie value but it doesn't. I'm getting a new value for the session id.

<?php
session_start();
$id = session_id();

header ("Location: test.php?id=$id");
?>

I'm not trying to set a specific session id or name. I want to pull the value that's automatically created and pass it along in the URL.

and yes I read the manual and other resources but still don't get this issue

smapdi

problem solved, thanks to a user comment in the documentation on php.net
there was no problem with the code, the problem was this...

soreman at abv dot bg
11-Apr-2003 04:26
If you experience problems on Microsoft Information Server (IIS) when setting a cookie via PHP and when PHP is running as a CGI binary it is not setting the cookie. After spending many hours on what the problem is here is what happens:

When you invoke setcookie and redirect to another page you will not have your cookie set, because it seems that IIS doesn't set the cookie unless you actually send some contents to the browser. Therefore if you want to set a cookie and then redirect to another page you will have to do the redirection via JavaScript and/or HTML if you want your script to work on IIS.

Instead of redirecting using PHP's header, I escaped out of PHP and redirected with javscript. Worked fine right away.