session immediate timeout

neridaj

Hello,

I don't know why this immediately redirects hen I hit the page:

session_start();
$_SESSION['valid_user'] = $username;
if(!isset($_SESSION['valid_user']))
	header('Location:http://www.listingsbox.com');
	die("Your session has expired!");

Thanks for any help,

SumitGupta

What value you are getting in $username?

neridaj

$username is set at login:

// include function files for this application
require_once('bookmark_fns.php');
session_start();

if ($username && $passwd)
// they have just tried logging in
{
try
{
login($username, $passwd);
// if they are in the database register the user id
$_SESSION['valid_user'] = $username;
}
catch(Exception $e)
{
echo $e->getMessage();
// unsuccessful login
do_html_header('Problem:');
do_html_url('login.php', 'Login');
do_html_footer();
exit;
}

}

SumitGupta

Can you please try to have Ob_start() and ob_flush(), I suspect some white spaces are coming before you are start the session and maybe that is stopping from session start.

Also you can check warning and notice if they prompt anything.

laserlight

neridaj wrote:
$username is set at login:

Where does it come from? It sounds like you should be using $_POST['username'] instead of $username since it comes from a login form. I would then expect something like this:

// include function files for this application
require_once 'bookmark_fns.php';
session_start();

if (isset($_POST['username'], $_POST['passwd']))
{
    // they have just tried logging in
    try
    {
        login($_POST['username'], $_POST['passwd']);
        // if they are in the database register the user id
        $_SESSION['valid_user'] = $_POST['username'];
    }
    catch(Exception $e)
    {
        echo $e->getMessage();
        // unsuccessful login
        do_html_header('Problem:');
        do_html_url('login.php', 'Login');
        do_html_footer();
        exit;
    }
}

Also, set error_reporting to E_ALL in php.ini so you can be warned of such potential problems.

SumitGupta wrote:
Can you please try to have Ob_start() and ob_flush(), I suspect some white spaces are coming before you are start the session and maybe that is stopping from session start.

If whitespace before headers are sent is the problem, the solution is to remove or move the whitespace, not use output buffering.

neridaj

All the $_POST vars are included:

<?php

$email = $POST['email'];
$firstname = $POST['firstname'];
$lastname = $POST['lastname'];
$username = $POST['username'];
$passwd = $POST['passwd'];
$passwd2 = $POST['passwd2'];
$new_user = $POST['new_user'];
$new_email = $POST['new_email'];
$del_me = $POST['del_me'];
$agentname = $POST['agentname'];

laserlight

All the $POST vars are included:

That does not look correct. You should check that the $POST[*] variables exist with isset or empty (or array_key_exists(), but that's rare) before using them, and that includes assigning them to some other variables.

Note to self: 9770 posts! I have overtaken vincente at long last! :p