session issue

MaxD

I'm defining a session variable in one script and calling it up in another. Both these scripts are called with require_once() in the "index" script (which contains the session_start()). But the second script cannot access the session. What Gives?

index.php

<?PHP
$self = basename($_SERVER['PHP_SELF']);

header("Cache-control: private");

require_once('inc/functions.php');
require_once('inc/display.php');

session_start();

if($auth == TRUE){
  if($page == ""){
    require_once('inc/page.contents.php');
  }else{
    require_once('inc/page.$page.php');
  }
}else{
  echoheader("Client Area : Please Login");
  echo $login_form;
  echofooter();
}

?>

functions.php

////////////////////////////////////////////////////////////
                                                          //  CHECK AUTH
if($_SESSION['authenticate']){
  $query = "SELECT * FROM users WHERE skey = '$key'";
  $result = mysql_query($query);

  if(!$result){
    $error .= "Couldn't successfully run query ($query) from DB: " . mysql_error() . " <br /> ";
  }

  if(mysql_num_rows($result) == 0){
    $error .= "No rows found with ($key) <br />";
  }

  $row = mysql_fetch_row($result);
  if($row[8] == $ip){
    $auth = TRUE;
  }else{
    $error .= "IP Address Doesn't Match. <br />";
    $auth = FALSE;
  }
}else{
  $auth = FALSE;
}
////////////////////////////////////////////////////////////
                                                          //  LOGIN
if($_POST['action'] == "login"){
  $query = "SELECT * FROM users WHERE handle = '$handle' AND passwd = '$passwd'";
  $result = mysql_query($query);

  if(!$result){
    $error .= "Couldn't successfully run query ($query) from DB: " . mysql_error() . " <br /> ";
  }

  if(mysql_num_rows($result) == 0){
    $error .= "The user name and password you entered are not valid.<br />";
  }

  $row = mysql_fetch_row($result);
  if($row['suspended'] = "FALSE"){
    $_SESSION['authenticate'] = TRUE;
    $auth = TRUE;

$key = sha1($time . $ip);
$_SESSION['key'] = $key;

$_SESSION['client'] = $row[7];

$uid = $row[0];

$result = mysql_query("UPDATE users SET skey='$key'        WHERE uid='$uid'") or die(mysql_error());
$result = mysql_query("UPDATE users SET ip='$ip'           WHERE uid='$uid'") or die(mysql_error());
$result = mysql_query("UPDATE users SET last_login='$time' WHERE uid='$uid'") or die(mysql_error());

  }else{
    $error .= "Your account has been suspended.  Please contact your administrator. <br />";
  }
}

restricted page

<?php
$client = $_SESSION['client'];

$query = "SELECT * FROM clients WHERE id = '$client'";
$result = mysql_query($query);

if(!$result){
  $error .= "Couldn't successfully run query ($query) from DB: " . mysql_error() . " <br /> ";
}

if(mysql_num_rows($result) == 0){
  $error .= "No rows found with ($client) <br />";
}

$row = mysql_fetch_row($result);

$client_name = $row[1];

echoheader("Client Area : $client_name Contents");

echo <<<HTML
            <h1>$client_name</h1>
            <p>This is a protected area</p>
            $error
          </div>
HTML;

echofooter();

?>

thanks

drew010

what are you session settings set to currently. perhaps its not using cookies to hold the session id and there is no place where the sid is passed in the query string.

MaxD

well, after the first "login" it shouldn't matter what is in the url. a variable is set and then immediatly read. Why would it go blank in the few short lines between write and read.

Everything about sessions in my php.ini file is default.

drew010

have you tried making a simple session to see if they work...

page1.php

<?php
session_start();

if (!isset($_SESSION['count'])) {
  $_SESSION['count'] = 1;
} else {
  ++$_SESSION['count'];
}

echo "Count is {$_SESSION['count']}.<br />";
echo "<a href='page2.php'>Page 2</a>";

?>

page2.php

<?php
session_start();

++$_SESSION['count'];

echo "Count is: {$_SESSION['count']}<br />";
echo "<a href='page1.php'>Page 1</a>";

?>

MaxD

yes, sessions work in other applications that I've created on this particular server. Your script worked too. This is the first time I've ever had a problem.