Problems relating to sessions

kcgame

Hi all,

I have encountered a problem in my log-in page when my user opens a new window in the area and go to other pages (this action kills the session resulting in not be able to view the members' area anymore)..It might be a bit difficult to understand what i said above, please visit the following page and do the steps below in order to get the full understanding of my problem..

load: http://www.absolutethree.com
enter test for username and testing for password.
Once inside the login area, click 'Explore' via right-click-> open new window
In this new window, go to the page ( http://www.absolutethree.com)
Go back to the old window and click (normal left click) 'Explore'
There will be errors showing division by zero, this is due to the fact that the sessions were destroyed and members' details can't be retrived from the database.

How can I prevent the session to be destroyed this way? I only want the session to be destroyed upon pressing the logout button...not when user open new window and go to my homepage (think the homepage destroys my sessions..)

My homepage code(for the front part of code):

<?php
session_start();
header("Cache-control: private"); //IE 6 Fix
ob_start();
echo'<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">';
echo"<html><head>";
echo'<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">';
echo'<META NAME="description" CONTENT="Absolute III is an unique free online game. This game is played through your browser, no download needed.">';
echo'<META NAME="keywords" CONTENT="Absolutethree, AbsoluteIII, browser, game, online, MMORPG, Singapore">';
echo"<title>Absolute III-An unique browser based game in Singapore</title>";
echo'<link rel="stylesheet" type="text/css" href="abs.css">';
?>
<SCRIPT type="text/JavaScript">
Image1= new Image(92,35)
Image1.src="images/button_signupon.gif";
Image2= new Image(92,35)
Image2.src="images/button_forumon.gif";
Image3= new Image(92,35)
Image3.src="images/button_guideon.gif";
Image4= new Image(92,35)
Image4.src="images/button_rankson.gif";
Image5= new Image(92,35)
Image5.src="images/button_creditson.gif";
var currenttime = '<?php print date("F d, Y Hi", time())?>' 
window.status ="Server time: "+ currenttime+ "hrs"
</SCRIPT>
<?php
echo"</head><body>";
include("connect.php");
$a=1;
$link=@mysql_pconnect($mysqlhost,$mysqluser,$mysqlpasswd);
		if($link==FALSE){
                 echo "<p><b>Unfortuantely, no link to the database can be made. Therefore, no results. Try later.</body></html>\n";
                 exit();}					
mysql_select_db($mysqldbname,$link);
if(isset($_POST[Submit])) {  //If submit is pressed, process it
		$result=mysql_query("SELECT * FROM users WHERE username = '$_POST[mainuser]' AND password = '$_POST[mainpswd]'",$link ) or die(mysql_error());
		$num_rows=mysql_num_rows($result);
			if ($num_rows==0) {
			$a=0;
			} else {
				// register and start sessions
				$_SESSION['name'] = $_POST['mainuser'];
				$_SESSION['pswd'] = $_POST['mainpswd'];
				$current =$_SESSION['name'];  //save username to current array		
    		    $result=mysql_query("SELECT * FROM users WHERE username = '$current'",$link ) or die(mysql_error());
				$newarray=mysql_fetch_array($result);
					if ($newarray[Status]=='D') header("Location: popex.php");				
						else {
							$insert_login=mysql_query("INSERT INTO users_activity (kname,ip_add,login) VALUES('$newarray[kname]','$_SERVER[REMOTE_ADDR]',NOW())",$link ) or die(mysql_error());
							//get this id inserted and store in session['id']
							$_SESSION['id']=mysql_insert_id(); 							
							header("Location: loginmain.php");							
							}
					}					
		mysql_close();
}

Any help will be greatly appreciated. Thank you.

toplay

The session is not destroyed. I tried your steps and got the same result ("divide by zero error") but I can see that the session cookie is still there.

Fix your divide by zero error. Always check the value is not zero before dividing. You're getting it in explore.php and it would be nice to see relevant code snippets from that.

A few suggestions:

Don't use mysql_pconnect() and use the regular mysql_connect() instead. The mysql_close has no effect on mysql_pconnect() anyway, so remove it.

You're not testing for any possible errors after trying to select the database. Put in an error check before continuing on.

Also, after this line:
$newarray=mysql_fetch_array($result);

You don't check if the value got returned from the table. Don't just assume that it did. The query can work without any errors, but the fetch may or may not return data (depending on whether the search criteria found a match). See example at this post.

The ob_start() should be the first thing in your code. Yes, even before a session_start(). This is not mandatory, but you're not utilizing it's full usefulness if you don't put it first.

Please note that the header() with location command does not redirect right there and then when it's executed. It actually redirects when your script ends or an exit is reached. So, to ensure no logic flow problems in your script, you should have an exit right after every header() with location to force redirection to occur immediately.

halojoy

Fix your divide by zero error.
Always check the value is not zero before dividing.
You're getting it in explore.php
and it would be nice to see relevant code snippets from that.

This is a common error when starting to run new classes, new functions.

Same type of error can be when trying to run functions
on files that have filesize = 0 bytes
Some functions can not performed/gives Error, when run on empty files.

These things can be hard to realize when writing scripts
but reality check and beta testing will show, we did not count on these exceptional cases.

As already said, in those cases, we need to put an
if size = 0
if var = 0
then skip function or division
or make something so this error does not interupt our scripts:

Error divide by zero
Error filesize zero

/halojoy

kcgame

Hi, thanks for the help, toplay and halojoy..

I will check the scripts for this 'division by zero' error and implement your suggestions...However, I still cannot get it that this error is not because of sessions... if the problem lies with the empty variable / functions...why sometimes the page can load successfully but sometimes can't .. 😕