problem with sessions!!

758

Well, i have had this issue for a while, i think it could be something with the server, but im posting here just to check to see if its a coding error. On my website, users log on, but when they log the session is active for only 1 request back to the server, so basically you log on and when you click to go to another page, your logged off. I cant figure out why its doing this. It does the same thing when i use cookies (which i prefer not to use). Heres the code


if(mysql_num_rows($query) > 0) {
	session_start();
	$_SESSION['user_id'] = $user;
	$user_id = $user;
	$loggedin = true;
}
else {
	$loggedin = false;
}
..
//later in the code
if(isset($loggedin)) {
	if($loggedin == true) {
		echo "Your Now Logged In As " . $_SESSION["user_id"];
	}
	else {
		echo "Incorrect Username or Password";
	}
}
elseif(isset($_SESSION["user_id"])) {
       echo "You Are Already Logged In";
}

devinemke

you are calling sesson_start() and setting the $loggedin variable only if the $query result returns any rows. is that query being run on every page request?

758

no, just the log in page, after you make a session your not supposed to have to remake it for every page you visit, its supposed to be there until the browser is closed (or some preset limit of time). Or at least, thats what i have read.

I'm pretty sure its returning rows, it wouldnt set the session for 1 request back to the server if it didn't. Im just trying to figure out why the session dies after it is set and requested once. I can make a fake account on the web site so you can see whats happening if you would like me too.

devinemke

758 wrote:
no, just the log in page, after you make a session your not supposed to have to remake it for every page you visit, its supposed to be there until the browser is closed (or some preset limit of time). Or at least, thats what i have read.

i think you are missing my point. are you calling [man]session_start[/man] on every page request that uses sessions? your code snippet suggests that you are only calling it if the query returns rows. i would suggest (at least for for testing) that you call [man]session_start[/man] and set the $loggedin unconditionally.

758

oh, ok, so i should call session_start() and set $loggedin at the top of the page instead of checking for mysql rows? Then if the query returns rows set the session variables?

758

well, ive found out its not settings the user_id variable. thats why it only works for 1 request back to the server. Is there a proper way to set session variables?

devinemke

your code as posted never shows how/where the $user variable is being set

758

if(mysql_num_rows($query) > 0) {
    session_start();
    $_SESSION['user_id'] = $user; //setting user_id for session
    $loggedin = true;
}

i think thats the way to set it, this is my first time working with sessions, so i dont know if theres another way to do it...

devinemke

you have...

$_SESSION['user_id'] = $user;

...but you never set the $user var. where/how is that variable coming from? from a form? as a GET var on the url? where?

758

its earlier in the code, comes from a POST request, i just didnt post the whole entire script, just the parts i thought were causing the issues

devinemke

let's back up and let's simplfy

user fills out a form
POST data is sent to form handling script
db is queried for a record matching what the user entered
session is created containing results form the query

you have not posted all of your code but again what you have posted suggests that you are only calling [man]session_start[/man] in a condtional block if the query returns rows. on the next page request the query will not be run so consequently [man]session_start[/man] won't be called and thus...no session.