PHP sessions in Nescape Communicator

Anon

My Problem:
I generate a PHP session on a login Page:
session_start();
...
session_register("xyz");
...
$xyz = "ok";

In the same site (on a different Page) I want to use the value of $xyz:

session_start();

if $xyz== ....

This works fine as long as I use IE 5.0 - but doesn't in Nescape Communicator 4.7 (The cookie is set and the session ID is there!!) $xyz can't even be displaied!!

Any idea why this difference on the client-side occurs? I think everything but the session id is on the server?!

Thank You

Paul

Anon

Can you print the session ID to screen in netscape and IE to verify that you are working with the correct session ID?

Anon

Thank You for Your reaction, Vincent!

Yes, I can. I did already print it out and inserted the following into the page:

$s_id = session_id();
$s_sessionname = session_name();
echo "$s_username $s_login $s_ip $s_id $s_sessionname";

$s_id prints the correct ID. (compared to the session id written into the cookie on the login page (cookie can be found in Netscapes cookies.txt!! )

Have a look:
www.exportrisk.ch/test/login.php

(Test-)username: xxxxxx
(Test-)password: xxxxxx

Thank you
Paul

Anon

I checked it out in netscape and ie,

It behaves strangely.

May we have a glimpse at the code you used for the sessions?

Anon

That's what I think since ... days!!

At the top of the Login Body Frame:

<? session_start();?>

At the beginning of the PHP Script:
session_register("s_username");
session_register("s_login");
session_register("s_ip");

After a query and validations:

if ($pwok=="yes" AND $sqlerr!="yes") {
// echo 'OK eingetroffen!';
$s_username = $username;
$s_login = "ok";
$s_ip = $REMOTE_ADDR;
} else {
//echo 'Fehler bei Pwok oder sqlerr!';
$s_username = "";
$s_login = "no";
$submitok = 0;

And on the other 'updates' Page:
<?
session_start();
?>

At the top

And then for test reasons the echo you know already:

<?
$s_id = session_id();
$s_sessionname = session_name();
echo "$s_username $s_login $s_ip $s_id $s_sessionname";

At different positions, I refer to $s_login like this:

<?
if ($s_login=="ok") {
// user ist eingelogged
echo "You are logged in. ";
echo "Use the full functionality on this page. ";

Anon

It is very strange because I had exactly the opposite problem, where
Netscape worked, and IE did not.

My guess is it's in the way the cookies are stored.
Have a look at your php.ini to see how the cookies are stored, and let us know,
maybe we can find something.

Personally I work with the "register globals" switched off,
and I put and get all my session variables through $HTTP_SESSION_VARS

I pass the session ID to the next URL either by cookies or my printing the SID
in the url.
Usually I use both methods, so it works both with and without cookies enabled.

Anon

For the php settings have a look at: http://www.exportrisk.ch/test/phpinfo.php
That seems to be standard?

How do I put and get the $HTTP_SESSION_VARS easily?

I'll insert the SID into the HRef.

Anon

Really strange. Here is the code I am using. The only difference I can see is that in the login page, I call session_destroy() to clear/unlock all the variables before setting them. Subsequent pages start out with the first three lines you see here, omitting session_destroy.

I have had no problems with Netscape or IE, nor have any been reported. (However, users of the Star Tribune Web site are having problems with Web Crossing's sessions under Netscape. Web Crossing uses proprietary technology but a similar approach with a session ID recorded in a cookie.)

<?
include("config.php");
include("functions.php");
session_start();
session_destroy();
if ($inusername && $inpassword)
{
$result = mysql_db_query($db, "select * from $prattle_users where username='$inusername'");
$user = mysql_fetch_object($result);
if (!$result)
echo "Invalid username.";
elseif ($user->password == $inpassword)
{
$username = $user->username;
$firstname = $user->firstname;
$lastname = $user->lastname;
$uid = $user->uid;
$hashid = makehashid();
session_register("username");
session_register("firstname");
session_register("lastname");
session_register("uid");
session_register("hashid");
header("Location: " . ($returnto ? urldecode($returnto) : "prattle.php?roomid=1"));
}
else
$badpw="Invalid password";

Anon

Tried out your script, Steve.
As soon as I use
session_start();
session_destroy();
session_register...

the content of my frame isn't loaded anylonger: Browsererror "No data on page".
There seems to be a second important session. What could that be?

Anon

Put:
$HTTP_SESSION_VARS[\"username\"]=\"hello\";
$HTTP_SESSION_VARS[\"password\"]=\"356j573\";

Get:
print $HTTP_SESSION_VARS[\"username\"];
$variable= $HTTP_SESSION_VARS[\"password\"];

Anon

That will never work, because you can not register variables in a session if you have just destroyed that session.
session_destroy() closes the current session.

Anon

Well, I already tried that out, but without backslashes ().

register_globals seems to be enabled. -> Didn't work in IE nor Netscape.

Anon

The backslashes are an unpleasant side effect of apparently bad php programming in the phorum, I did not put them in myself.

Anon

We can imagine, where they come from...

Back to the problem:
I just read that if track_vars and register_globals both are enabled I nevertheless should be able to access $HTTP_SESSION_VARS I'll test that now.

Anon

$HTTP_SESSION_VARS["username"]="xy";
....
print $HTTP_SESSION_VARS["username"];
Doesn't help: Nothing is printed on the screen. Varable seems to be non existant.

I am looking for an other solution now.
I could attach (e.g.) the username to the URL.
... HREF="updates.php?username=xy"... If I do that, $username is not available in the target page (body_updates.php) either. Is this because I open a frameset and not explictly the page itself? How could I avoid this?

Thank You

Anon

Look again. I call session_destroy BEFORE I call session_start to ensure that any preexisting session is flushed.

Anon

Ya, well look again yourself:
Where eaxctly do you re-open the session? hmm?

<?
include("config.php");
include("functions.php");
--> session started session_start();
--> session closed session_destroy();
if ($inusername && $inpassword)
{
$result = mysql_db_query($db, "select * from $prattle_users where username='$inusername'");
$user = mysql_fetch_object($result);
if (!$result)
echo "Invalid username.";
elseif ($user->password == $inpassword)
{
$username = $user->username;
$firstname = $user->firstname;
$lastname = $user->lastname;
$uid = $user->uid;
$hashid = makehashid();
--> var registered session_register("username");
session_register("firstname");
session_register("lastname");
session_register("uid");
session_register("hashid");
header("Location: " . ($returnto ? urldecode($returnto) : "prattle.php?roomid=1"));
}
else
$badpw="Invalid password";

Anon

Any chance you are trying to dereference a variable from inside a function without declaring it as a global first?

Anon

Argh. I need more coffee this morning. Vincent, you've got about a five-hour head start on me, don't you? :-)

session_destroy has to be called after session_start. If you do it the other way around, it's an error. The C code from .../ext/session/session.c

    if (PS(nr_open_sessions) == 0) {
            php_error(E_WARNING, "Trying to destroy uninitialized session");
            return FAILURE;

You don' t actually have to explicitly start a session. Any time you register session variables, the session module checks to see if a session is open. If it isn't, it creates one.

    if (PS(nr_open_sessions) == 0)
            _php_session_start(PSLS_C);

At any rate, I suspect that Paul's problems getting sessions to work have to do with either the surrounding code (failure to declare globals inside a function, for instance) or the server environment (does the server have permission to write to session.save_path?)

Anon

Thank You both for your answers!
After another 8 hours, I have seen enough.
I tried all out. With and without session_destroy(), with globals (I use no function) ...
May be, you're right. I'll have to check the server environment (at the provider). But this still doesn't answer my initial question, why it works in IE and not in Netscape. Can't belive that nobody else has had this problem so far...

For the moment I solve the problem by using a common cookie. (And it works ;-) )

Paul