Sessions Not Passing

fire_cracker

Alright, I am developing a login script on a new server we rented, and I tried using my normal aproach to using sessions with the log in, I've been looking high and low for an answer to this problem. The session vars simply aren't passing between the dologin.php and the index2.php pages. I have a very similar code (the same one I've always used) working on two other servers with no problems. I am hoping that I just screwed something up in the code, because we aren't on our dedicated server for another week, so I have no ability to change php.ini or anything. here is the code:

<?
session_start();
//Require Files Needed for Process
require("./includes/config.php");
require("./includes/sql_connect.php");

//Covert Post Data
foreach($_POST as $key => $value) {
  $key = $value;
}

//Check that all fields were filed out
if((!$user) || (!$pass)) {
  echo "<center><font size='5' color='red'><b>Invalid Username/Password combonation</b.</font></center>";
  include(".includes/login_form.html");
  exit();
}

//Check form data vs. database

$result = mysql_query("SELECT * FROM bcd_users WHERE username='$user' AND password='$pass'") or die(mysql_error());

if(mysql_num_rows($result) < 1) {
  echo "<center><font size='5' color='red'><b>Invalid Username/Password combonation</b></font></center>";
  include("./includes/login_form.html");
  exit();
}

//convert db vars
$row = mysql_fetch_array($result);

foreach($row as $key => $value) {
  $key = $value;
}

//check that user has activated their acct
if($active == '0') {
  echo "<center><font size='5' color='red'><b>Your Account Needs to be Activeated!</b></fotn></center>";
  echo "<center><font size='4' color='red'>If you feel you account is paid in full, or there is an error</font></center>";
  echo "<center><font size='4' color='red'>Please send an <a href='mailto:support@bluecollardigital.com'>e-mail</a> to our support staff</font></center>";
  include("./includes/login_form.html");
  exit();
}

//Update the login information
mysql_query("UPDATE bcd_users SET last_login=now() WHERE username='$user'") or die(mysql_error());

//Lets register some SESSION Variables

$_SESSION['fname'] = $fname;
$_SESSION['lname'] = $lname;
$_SESSION['address1'] = $address1;
$_SESSION['address2'] = $address2;
$_SESSION['city'] = $city;
$_SESSION['state'] = $state;
$_SESSION['zip'] = $zip;
$_SESSION['country'] = $country;
$_SESSION['phone'] = $phone;
$_SESSION['email'] = $email;
$_SESSION['altemail'] = $altemail;
$_SESSION['username'] = $username;
$_SESSION['acct_type'] = $acct_type;
$_SESSION['last_login'] = $last_login;
$_SESSION['paydate'] = $paydate;
header("LOCATION:index2.php?sid=" .session_id());
?>

I have tried different methods of passing the session id (which I never had to do before at all), but none of them have given me the result I want. Also, the database is updating the "last_login" filed, so I know that this script is executing.

and here is the settings as they appear in our php.ini file:

Session Support enabled

Registered save handlers files user

Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path /tmp /tmp
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid Off Off

We are running PHP 4.3.10

Thank you all for any help you can provide.

Installer

Try using SID instead of session_id(); might work, might not.

fire_cracker

I did try using that earlier, and it wasn't passing anything, nor is session_id() passing anything. I thought that passing the session id through the url was bad incase of forum postings or bookmarks.

but at any rate, neither form of passing the id did not work. thank you for the help however.

Weedpacket

SID will be empty if the browser is accepting cookies (in which case the session ID will be passed that way instead of in the URL). session_id() should have a value regardless. Is it appearing in the URL for index2.php? Maybe the fault is in that page. Have you been able to look at the stored session data on the server? I guess not.

fire_cracker

The SID hasn't been passing in the URL, I thought that might have been one of the problems. And I haven't been able to view any of the session data. I'm not in my office right now, so I don't have the code in front of me, but I'll post what I have for index2.php in the morning.

Installer

Weedpacket, I think you're mistaken. As the manual says:

...the constant SID which is always defined.

I can't check that right now, so it may be inaccurate, but I've never seen it not defined.

Weedpacket

Originally posted by Installer
Weedpacket, I think you're mistaken. As the manual says:I can't check that right now, so it may be inaccurate, but I've never seen it not defined.

Defined, yes, but that doesn't mean it's not empty.

SID
Constant containing either the session name and session ID in the form of "name=ID" or empty string if session ID was set in an appropriate session cookie.

And it is only defined if a session has been started.

Installer

Thanks for the correction.

Installer

There's a suggestion by Audun Rundberg in the users' notes on the manual's session handling page that might, might not work.