[Resolved] Losing Session

BrentNorin

Ok I have sessions running. I'm using username and pass as my session names. Now on all other pages we're doing good. I come to a page that calls for $username, and gets nothing at first so sets it to nothing. This cancels my session! Here take a look:

<?php
 session_start();
 if (!isset($_SESSION['username']) || !isset($_SESSION['pass'])) {
  header("Location: http://brent.controlled-insanity.com/login.php");
  exit;
 }
 include('./includes/header.tpl');
 include('./includes/navigation.tpl');
 $username = $_POST['username'];
 $userid = $_GET['id'];
 $password = $_POST['password'];
 $cpassword = $_POST['cpassword'];
 $email = $_POST['email'];
 $access = $_POST['access'];
 switch($mode) {

So how is $username changing $SESSION['username']
Oh and I also noticed while a made a mistake before and didnt retrieve $access = $POST['access'] before, $access was holding thr right value. Its as if my superglobals dont exist! 😕

planetsim

What version of PHP are you using? $username shouldnt have anything to do with $_SESSION['username']

BrentNorin

4.3.10

http://www.controlled-insanity.com/info.php

I know, it should have NOTHING to do with it. But if I comment out the line in the code mentioned above ($username), I don't have that problem of losing the session. So wtf is going on?

rehfeld

it sounds like register globals is turned ON

i would turn it off for security reasons, even though you access your variables via superglobals. if you forget to intiailize a variable, register globals being on could cause security problems.

you can use .htaccess to turn it off btw-

php_flag register_globals off

BrentNorin

Ok that was it! Thanks. I don't know why it was changed to on. Its changed with htaccess for now, gotta find php.ini later.