php login / session problem

smithydude

I'm having a tough problem regarding login / sessions on my site. Essentially the login works as required when I test it on all my browsers (IE, FF, Chrome, Safari). However some of my users report a problem of not being able to login.
In summary the login script is:

//start session
session_start();
header("Cache-control: private"); //IE 6 Fix

//if login details correct
$SESSION['user'] = $user; //set user id
$SESSION['password'] = md5($pswd); //set encrypted password

I then test that these session variable are set correctly on other pages that require users to be logged in.

It works for most users, and I have not been able to replicate the problem myself, but it is a recurring problem for a certain subset of users. I sometimes suggest a fresh install of a new browser which does tend to help, but I would really love to solve the problem completely.

I presume that the session variable are not being set correctly, but I can't think why this would be. Ensuring cookies are enabled on the browser doesn't seem to help.

Any Ideas? What should I look at? Why would sessions be stored for some users and not others? Do I have to set a default expiry time?

Really appreciate any help!

schwim

Hi there Smithy,

I unfortunately don't have a fix for you, but something that either might work or might help you in finding out what the problem is.

Nogdog helped me recently in spiffifying my login system by adding a timed expiry to the cookies and by setting the session storage dir to something of my choosing.

Maybe there's a chance that this might either solve your problem or might allow you to view the problematic session ??

Hope this is some sort of assistance.

thanks,
json