Session problem

Rulkster

I am encountering a really strange problem. I use 2 computers, one at home and one at work. I wrote an application that has a login panel that sets a session variable when a person logs in.

I call this script with an include everytime I have a page where the user has to be logged in to view it.

session_start();

if (session_is_registered("user_name")){ 
	$auth = "ok";


} else {
	echo "You are not logged in 1<br><br>";
	echo "<a href = \"LOGINPAGE.php\">Log In Page</a>";
	exit;
}

Now on my home computer everything works fine and I can use the application correctly meaning i can login and then go to a page that calls the above script and go to any other page that calls it. On my work computer, everytime I login and then go to a page that calls the above code I get to that page succesfully then when I try to navigate to another page that calls the script, I get the login page. So my session got destroyed somehow.

Why would this work on one computer and not another. I have the same security settings and use the same browser (firefox) on both computers.

ednark

I will assume your pages are working correctly... so the issues it might be

is you php.ini set to session.use_only_cookies=1? you might not have cookies enabled at work, you say your settings are the same, so this might not be it

are you blacklisting cookies from that domain on your work computer, that way globally cookies would seem accepted, but wouldn't actually be from that site

are you jumping domains? do you redirect to a different domain, which is then not reading the session cookie?

is your time set correctly at your computer at work, it might be destroying cookies on it's own because it thinks they have expired.

try printing out $COOKIE and $SESSION on each page to get a better idea of whats going on.

Rulkster

Thanks ednark. Here are the answers to the questions:

is you php.ini set to session.use_only_cookies=1? you might not have cookies enabled at work, you say your settings are the same, so this might not be it

It is set to OFF on both php.ini files (home and work)

are you blacklisting cookies from that domain on your work computer, that way globally cookies would seem accepted, but wouldn't actually be from that site

I am not sure what you mean by blacklisting cookies?

are you jumping domains? do you redirect to a different domain, which is then not reading the session cookie?

No and No.

is your time set correctly at your computer at work, it might be destroying cookies on it's own because it thinks they have expired.

Yes, time is set correct on both computers.

try printing out $COOKIE and $SESSION on each page to get a better idea of whats going on.

I print out the session and see the user_name variable

Any other ideas? Thanks

ednark

im out of ideas if that didn't work..

Blacklist: you can specifically say Accept all cookies EXCEPT from domain X

Try printing out $GET $POST $COOKIE $SESSION and the constant SID on each page, which should give you an idea of exactly what php thinks it is getting for input

another thought.. there is no auto_prepend file that is resetting the use_only_cookie thing or an .htaccess file which is doing the same is there?

If none of this works please post your code (hopefully a slim version that still contains the problem) and hopefully someone will take a look at it

bbreslauer

Are you hosting this on your home computer? If so, check if there is something that refers to localhost that would make your work computer try to fetch a page from itself.

I doubt this is it, but it's a possibility.

Rulkster

No. I host with a company. I access the site through the internet.

sys4dm1n

This is just a wild--very blind and deaf guess at this problem, try removing the exit; under the loginpage.php.

See what it does to you.

Rulkster

Thanks sys4dm1n but that did not work. I knew it wouldn't but I tried it anyway and no good.

Weedpacket

Try dropping the [man]session_is_registered/man and using isset($_SESSION['user_name']) instead.

The manual's section on [man]session[/man] functions has a lot of information that can be summed up as "session_register(), session_unregister() and session_is_registered() are obsolote and you should be using $_SESSION".