[RESOLVED] Troubleshooting Sessions

TJ_IN_AK

Hello,

I'm trying to do a very simple login against a mysql 'user' table that will redirect upon successful authentication. I'm stuck trying to troubleshoot why this will not take me to the correct page when authenticated.

Problem is when I successfully authenticate I'm still directed to the login page (index.php).

I've made sure I can do sessions with a simple test script echoing back the session ID. I've also checked my variable names.

Please advise if possible.

<?php
require_once( "DB.php" );
$dsn = 'mysql://root:password@localhost/database';
$db =& DB::Connect( $dsn, array() );
if (PEAR::isError($db)) { die($db->getMessage()); }

$res = $db->query( "SELECT user_name FROM user WHERE user_name=? AND passwd=MD5(?)",
	array( $_POST['user_name'], $_POST['passwd'] ) );

$row = array( null );
if ( $res != null )
	$res->fetchInto( $row );

if ( $row[0] != null )
{
		session_start();
		$_SESSION['user'] = $row[0];
		header( "Location: welcome.php" );
}
else
{
		header( "Location: index.php?bad=1" );
}
?>

Here is the welcome.php

<?php
session_start();
if ( $_SESSION['user'] == null || $_SESSION['user'] < 1 )
{
		header( "Location: index.php" );
		exit;
}

require_once( "DB.php" );
$dsn = 'mysql://root:password@localhost/database';
$db =& DB::Connect( $dsn, array() );
if (PEAR::isError($db)) { die($db->getMessage()); }

$res = $db->query( "SELECT user_name FROM users WHERE id=?",
	array( $_SESSION['user'] ) );
$res->fetchInto( $row );
?>
<html>
<head><title>Welcome</title></head>
<body>
Welcome <?php echo( $row[0] ); ?><br/><br/>
<a href="logout.php">Logout</a>
</body>
</html>

Thank you for any help provided.

Tim

HalfaBee

Use www.php.net/session_write_close before the header().

TJ_IN_AK

Thank you for reply.

My problem still exists. I read up on the session_write_close but that did not solve it. The redirection with header() works correctly regardless of if I close the session before redirecting the user.

What I did discover is that the $_Session['user'] variable is empty when called by the
welcome.php script.

I thought after reading about Sessions that the Session vars are accessible by more than one script (in my case the login.php and welcome.php scirpts.).

Perhaps I have to get the Sessions vars before using them?

I would really like to understand this and I do appreciate your time if you reply.

Thank you,
Tim

smudgeh

I would suggest the first thing you do is confirm that $_SESSION['user'] has a value before the header() redirection, with something along the lines of:

session_start();
$_SESSION['user'] = $row[0];
echo 'User session has the value of: '.$_SESSION['user'];
#header( "Location: welcome.php" );

That will output what value it has (if any) before the redirection. If it doesn't have a value, then you know something is wrong in login.php and not welcome.php

TJ_IN_AK

Thank you.

I'm running a Debian Sarge box and found that the session.cache_limiter is set to 'nocache' by default in my php.ini. I changed this value to 'public', restarted Apache and my problem resolved.

Tim