Passing Session variables via hyperlinks in Fusebox

[ingernet]

Hello,

I'm having a helluva time getting session variables to pass through hyperlinks in a Fusebox application I'm writing.

The circuit in question ("staffstuff") is a password-protected circuit. Any fuseaction in it needs to be protected, and I'm doing this by using the following code at the bottom of the staffstuff directory's fbx_Settings.php:

        session_start();

        if (!$_SESSION['loggedinuser'] && $Fusebox['circuit'] == "staffstuff" && $Fusebox['fuseaction'] != "login" && $Fusebox['fuseaction'] != "dologin" && $Fusebox['fuseaction'] != "logout") {
                include("dsp_loginform.php");
                exit;
        }
        include("queries/dbConnect.php");

The if() statement basically says: if there's no loggedinuser session variable, and the user isn't directly involved in fuses that either logging in or logging out, the user needs to be see to the login page.

The file which processes the login, act_login.php, looks like this:

        include("queries/qry_login.php");
        if (mysql_num_rows($loginResult) > 0) {

                $_SESSION['loggedinuser'] = $loginrow['primary_key'];
                $_SESSION['session_user'] = trim($loginrow['user']);

                print_r ($_SESSION);
                include("dsp_main.php");

        } else {

                echo "no dice, honkylips.";
        }

When I log in using act_login.php (that's staffstuff.dologin to you fusebox talkers), the dsp_main.php page displays the contents of the $_SESSION array just fine. It's when I hyperlink from that page to any other page that the wheels come off the wagon. Subsequent pages fail to display the $_SESSION['loggedinuser'] variable, regardless of how I link to them. I've tried this:

echo "<a href=\"index.php?fuseaction=staffstuff.page2&PHPSESSID=".$PHPSESSID."\">page2</a>

And while page2 will echo the PHPSESSID, it fails to find any of the $_SESSION variables - I've tried print_r($_SESSION) on page2, and the array is blank.

Am I misunderstanding the point of passing a session id in the first place? I understood it as a URL marker for the server's reference to a stored array. Thanks in advance for any insight you might provide.

Inger

 

[Vragabond]

Are you issuing [tt]session_start()[/tt] at the beginning of every page that is supposed to use session variables? If not, session variables will not be available.

 

[ingernet]

Well, after a fashion. session_start() is included in the fbx_Settings.php, which is called before each page in the circuit. the idea is that you only have to call session_start() once so that you don't have to call it in every page.

...I just tried adding a session_start() tag directly into the page2 page, and i'm still not seeing any of the $_SESSION[] variables (an empty array).

Maybe I should try troubleshooting from the very basic steps - what server settings should I be looking for in order to save session data? (I'm running PHP 4.3.11 on UNIX).

Thanks,
Inger

 

[ingernet]

Ah, as it turns out, I needed to set session_save_path(). Oy vey, stupid shared hosting!