Haunted by vanishing session 1

[southbeach]

The problem:
------
Working on script where a link is provided via email. The script looks at URL for content/values and if URL is that of a email the routine is triggered to automatically log in user.

The log in routine is the same routine one would use if you were to fill in the log in form and submit it so, it is fair to say that the same session variables are set - I confirmed this by comparing session dumps obtained using both approaches.

Once logged in, as user navigates through application, scripts check if $_SESSION['usrInfo'] is set - If this is NOT set, then it kills session and routes user back to log in page.

The behavior is triggered if I start navigating the moment the log on process is complete - If I wait a few seconds, it does not kick me out; as if session needs some time to sync in or to be stored.

I am not using a custom session control system - I am using PHP's own by setting $_SESSION variables and checking these variables when/if needed.

I use session_start('SessionName') in the scripts

----
For the life of me - I cannot understand why this is and cannot find a suggested solution to this problem.

Do you have any idea, however improbable of what can be causing this? Any suggestion is and will always be greatly appreciated.

Regards,



--
SouthBeach

http://www.fp2php.com

The good thing about not knowing is the opportunity to learn - Yours truly, 2008.

 

[Olaf Doschke]

What should session_start('SessionName') do? Its parameterization expects an array of options, not a session name.

If you want a names session, then please read the help here:

To use a named session, call session_name() before calling session_start().

So before calling session_start call session_name('SessionName').

You should perhaps reimplement your session handling overall.

Bye, Olaf.

 

[southbeach]

My bad - I do have session_name() before session_start() ... both using one argument and the same argument ... Will read up on session_start() as suggested.

Tks,


--
SouthBeach

http://www.fp2php.com

The good thing about not knowing is the opportunity to learn - Yours truly, 2008.

 

[Olaf Doschke]

Why do you think you need named sessions at all? Sessions are per user anyway, per session of them. Session_Start() has no parameter for the session name, it's simply wrong usage of the function.
In the simplest case all you need is session_start(). To logout session_unset() and session_destroy(), all parameterless calls. After session_start() you may set session variables for later access or test whether session variables are set ((isset or empty) and use them in this case. The function session_id() will give you a unique session id, also as global SID. When cookies are disabled this is forwarded as URL parameter, then sessio0n_name specifies the name of the URL parameter used instead of the default PHPSESSID. You don't get two or more separate session by naming them, if you think along that route.

Bye, Olaf.

 

[southbeach]

Thanks @OlafDoschke!!!!

I love the simple and straight forward explanation - Thanks again.


--
SouthBeach

http://www.fp2php.com

The good thing about not knowing is the opportunity to learn - Yours truly, 2008.