Problems with session variables being unset

TomGoodacre

I’m running PHP5 and IIS6. I have created a simple login script which verifies account details entered into a form against a DB and then if successful creates a number of session variables. Browsing through other pages within the site (and once logged in) the session variables are available (as they should be) and everything seems to work fine.

The problem:

If I create a page that contains a form and the form is submitted, the session variables suddenly become unset i.e. the session is being destroyed. I am relatively new to PHP but have absolutely no idea why this is happening. Is anyone able to help?

It’s worth mentioning the way in which the site works. All content is pulled into index.php depending on the value of variable ‘p’ e.g. www.mysite.com/index.php?p=1 – index.php would go to the DB find the correct reference to the content with an id of 1 and include it:

<?php
//start session
session_start();
//connect to the database
include 'db_connect.php';

//html header stuff comes here

//page requested
include '$p_whatever_it_might_be';

include ‘footer.php’;
?>

rebelo

Your wording is a bit confusing, but when the form is submitted, is it being submitted to the same document? If not, are you sure you have a session_start() call on the form target document?

TomGoodacre

I'm still having the same problems - session vars are being unset/disappearing whenever I submit a form which is really strange. Does anyone have any idea why this might be happening?

rebelo: Yes, session_start() is being called on each page.

Here's my code:

index.php (pages are pulled in to this)

<?php
//start a session
session_start();

//connect to the database
include 'db_connect.php';

//html header stuff comes here

if (!isset($p)) {
include 'main.php'; 
}

else if (!is_numeric($p)) {

echo '<h1>page not found</h1>'; 
}
else {
// get the page to be displayed in the main body from the db
 $query = "SELECT * FROM pages WHERE id ='$p'"; 
 $result = mssql_query($query); 
 $result = mssql_fetch_row($result); 

 //if page does not exist 
 if ($result[0] == NULL || !is_numeric($p)) {

echo '<h1>page not found</h1>'; 
 }

else { 
	// get file to include display
	include $result[1];

}
}
	include 'footer.php';
?>

When I load login.php I can successfully validate a user and session vars are created. For the moment I'm displaying them in the footer (see login.JPG attached). Loading different pages e.g:

http://domain.com/index.php?p=1
http://domain.com/index.php?p=2
http://domain.com/index.php?p=3
http://domain.com/index.php?p=4

is fine and the footer still displays the loaded session vars (as you would expect)

THE PROBLEM:

As soon as I load a page where I submit a form the session variables are unset. Here's the code for the page containing the form:

<?php 

if (!isset($_POST['contract_no'])){

?>	

<form action="<?php echo $_SERVER['PHP_SELF']."?p=4"; ?>"  method="post">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr><td>Enter the client name (Legal entity):</td><td><input type="text" name="legalentity" maxlength="300"></td></tr>


<tr><td colspan="2" align="right"><input type="submit" name="contract_no"></td></tr>
</table>
</form>

<?php
}

//if form has been submitted
else {
echo "<h1>FORM HAS BEEN SUBMITTED</h1>";
}
?>

Once the form has been submitted the variables I set in login.php don't exist. See unset.JPG (attached).

Does anyone have any idea why this might be happening?

Thanks!