PHP Session Variables not passing.

[kyoukan]

Hi,

I have run into a really strange problem. I have been designing a site using Sessions to manage logins.

Sessions were working beautifully all through development, but since last week it just stopped.

Here is the order in which a user of the site logins in:

1: index.php w\ an iframe for the login: user types in username and password

2: form submits to login1.php - which validates the username and password.

3: If successful, form variables are sent to logincomplete.php - which adds variables to $_SESSION.(code below)

<?php
ob_start("ob_gzhandler");

session_start();
$memberID = $HTTP_GET_VARS['id'];
$username = $HTTP_GET_VARS['user'];
$password = $HTTP_GET_VARS['pass'];
$type = $HTTP_GET_VARS['type'];
$email = $HTTP_GET_VARS['email'];
$fName = $HTTP_GET_VARS['fname'];
$lName = $HTTP_GET_VARS['lname'];
$remember = $HTTP_GET_VARS['rememberme'];


$_SESSION["member_id"] = $memberID;
$_SESSION["member_username"] = $username;
$_SESSION["member_password"] = $password;
$_SESSION["member_type"] = $type;
$_SESSION["member_email"] = $email;
$_SESSION["member_firstname"] = $fName;
$_SESSION["member_lastname"] = $lName;
$_SESSION["logged_in"] = "yes";

if($remember == "yes")
{
setcookie("exact[member_username]","$username",time()+60*60*24*30);
}

?>
<script language="javascript">
window.location="profile.php";
</script>

4: Then the profile page will bring up related information for the user. Profile.php starts like this:

<?php
ob_start("ob_gzhandler");

session_start();

include("includes/dbConn.php");

if(is_null($_SESSION['member_id']))
{
die("I shouldn't get here"); <--- the scripts gets to this line
if(!is_null($_SESSION['tmp_id']))
{
$conn = mainConnect();

$query = "Drop table ".$_SESSION['tmp_tablename'];
mysql_query($query,$conn) or die(mysql_error()." Line 21");

$_SESSION['tmp_id'] = '';
$_SESSION['tmp_tablename'] = '';
session_destroy();
}
}
?>


So as I have said before, this worked just fine during development, but now when it gets to profile.php the Session variables are lost.

I have checked to see if the session ids were the same from logincomplete.php to profile.php and they were.

I checked to make sure the $_SESSION array wasn't empty before sending the browser to profile.php and it wasn't.

Here is the current settings for Sessions from phpinfo():


Session Support enabled
Registered save handlers files user


session.auto_start Off
session.bug_compat_42 On
session.bug_compat_warn On
session.cache_expire 180
session.cache_limiter nocache
session.cookie_domain no value
session.cookie_lifetime 0
session.cookie_path /
session.cookie_secure Off
session.entropy_file no value
session.entropy_length 0
session.gc_divisor 100
session.gc_maxlifetime 1440
session.gc_probability 1
session.name PHPSESSID
session.referer_check no value
session.save_handler files
session.save_path c:\winnt\temp\php4
session.serialize_handler php
session.use_cookies On
session.use_only_cookies Off
session.use_trans_sid Off

This has been really puzzling to me because it should be simple and straight forward.

I am calling session_start() at the top of every page and new sessions are not being created from page to page.

Any ideas on what could be going on?

 

[jpadie]

expire the cookie before destroying the session.
and you might want to force the session to save before delivering a redirect pointer to the browser

...
[red]session_write_close();[/red]
?>
<script language="javascript">
window.location="profile.php";
</script>

 

[kyoukan]

himm, I added that line of code, but still no success.

I am wondering if it isn't creating the session cookie at all.


I am not sure what has happend because I these script worked for the longest time.

It just won't pass info from logincomplete.php to profile.php.

 

[jpadie]

is the session path (c:\winnt\temp\php4) writable by the php process?

 

[kyoukan]

I am not sure, I can only assume so. I am using a webhost called IXWebhosting, so I would have to ask them.

Although, I have noticed that before this problem session file s were being created in the main dir of the site and now no more files are being made.

 

[jpadie]

try this

if (is_writable('c:/winnt/temp/php4')){
 echo "directory is writable";
} else [
 echo "directory is not writable";
}

 

[kyoukan]

I think you might be on to something. I just checked my local php settings and the servers and they are the same. Also, I made a couple of test pages that simply called

ob_start("ob_gzhandler");

session_start();

Then passed a couple of variables into $_SESSION

called window.location to another test page that printed out the variables I had passed in.

It worked locally , but not on the server side.

 

[jpadie]

oops

if (is_writable('c:/winnt/temp/php4')){
 echo "directory is writable";
} else [red]{[/red/]
 echo "directory is not writable";
}

 

[kyoukan]

ah that file path wasn't writable. So I don't believe the variables are being saved at all. They are in there on the page that puts them in there , but onces that script ends the go poof.

I just created a couple of pages to simple test passing variables. First page starts the session, puts 3 variables into $_SESSION, and prints them out on the second pages.

Works fine locally, but not on the server side.

I have also tried to add a .htaccess file in the dir of the site with the line:
php_value session.save_path "pathtosite"


Is my syntax right and do I need forward slashes or back?

 

[jpadie]

are you sure an htaccess file will work? is your host using apache or IIS? i'd guess more likely to IIS on a windows platform?

but you can use session_save_path() as a runtime option. you must put it in your scripts BEFORE your session_start()

session_save_path(sys_get_temp_dir()); // will set the session path to the system temp directory in php5

i think you are using php4 so you will need to hardcode the directory value.

 

[kyoukan]

Just tried that still nothing.

I also found out last night that another site I put up on the same server is no longer working. I bought a $400 script that is similar to myspace and it was working until now as well.

What server setting and or php setting would cause this not to work?

 

[jpadie]

the session save directory. it looks like your host has changed the permissions on it.

 

[kyoukan]

Yay, you were correct. I had forgot to double backslash the hard coded file path in session_save_path, but I was able to get it working.

Thank you so much for your help

 

[tyrannus]

I am having a problem similar to this. Everything was working fine, I may have deleted something I needed but do not remember. Stupid me forgot to back up the file.

when a user logs on to my app, the function called checks the username and password. sets the session variables, but when it redirects to the new page, the variables don't follow. I have session_start(); at the start of every page. here is my function:

function logonUser($email, $passwd){
session_register("logged");//Create session logged.

$passwd = cryptpass($passwd);//Encrypt password
$query = "select * from users as u, stores as s where u.email = '$email' and u.password = '$passwd' and s.store_num = u.store";
$result = mysql_query($query) or die(mysql_error());
if($row = mysql_fetch_array($result)){
$_SESSION['email'] = $row['email'];
$_SESSION['passwd'] = $row['password'];
$_SESSION['store'] = $row['store_name'];
$_SESSION['etreby'] = $row['etreby_ip'];
$_SESSION['fname'] = $row['fname'];
$_SESSION['lname'] = $row['lname'];
$_SESSION['phone'] = $row['phone'];
header ('Location: main.php');
}else{
$_SESSION['message'] = "<p align = center><font color = blue size = 4>User Does Not Exist, Please Register</font></p>";
header ('Location: register.php');
}
}

####### End Code ########

Ok so if a user does not exist, the $_SESSION['message'] variable gets passed as it displays the message at the top of register.php..

However if a valid user logs in, it goes to the main.php page, but the $_SESSION variables don't follow.

 

[jpadie]

change the logic to this

 $result = mysql_query($query) or die(mysql_error());
   if(intval(mysql_num_rows($result)) > 0){
     $row = mysql_fetch_array($result)){
     $_SESSION['email'] = $row['email'];
     $_SESSION['passwd'] = $row['password'];
     $_SESSION['store'] = $row['store_name'];
     $_SESSION['etreby'] = $row['etreby_ip'];
     $_SESSION['fname'] = $row['fname'];
     $_SESSION['lname'] = $row['lname'];
     $_SESSION['phone'] = $row['phone'];
     session_write_close();
     header ('Location: main.php');
    }else{
     $_SESSION = array();
     $_SESSION['message'] = "<p align = center><font color = blue size = 4>User Does Not Exist, Please Register</font></p>";
     session_write_close();
     header ('Location: register.php');
  }

get rid of the session_register() call too. replace with a $_SESSION = notation.

 

[tyrannus]

Thanks!!