Session doesn't always start 1

[jason246day]

I am creating an administration mode for a website, and I thought everything was working great. But now I've noticed that sometimes the session won't start, and this won't allow the user to gain access to the admin mode. Here is the code I use to login. Does anyone have any idea what may be causing this.


<?php
session_start();
header("Cache-control: private"); // IE 6 Fix.

require("header.htm");
echo "<table width=\"75%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\" align=\"center\"><tr>";
echo "<td width=\"21\"><img src=\"images/news_left.jpg\" width=\"21\" height=\"43\" alt=\"left side news title bar\"></td>";
echo "<td align=\"center\" background=\"images/news_bg.jpg\">&nbsp;</td>";
echo "<td align=\"right\" width=\"24\"><img src=\"images/news_right.jpg\" width=\"24\" height=\"43\" alt=\"right side news title bar\"></td></tr></table>";

switch($action) {
default:

echo "<form name=\"form1\" method=\"post\" action=\"admin.php?action=login\">\n";
echo "<p class=\"title\">Username: <input type=\"text\" name=\"user\" size=\"20\"><br>\n";
echo "Password: &nbsp;<input type=\"password\" name=\"pass\" size=\"20\"><br><br>";
echo "<input type=\"submit\" name=\"Submit\" value=\"Login\"></p></form>";
break;

case login:
$user_file = fopen("db/users.txt", "r");
$user_line = fgets($user_file);
$user_data_arr = explode("|", $user_line);
$user_name = $user_data_arr[0];
$user_pass = $user_data_arr[1];

$submit_pass = $_POST["pass"];
$submit_name = $_POST["user"];

if(!strcmp($submit_name,$user_name) && !strcmp($submit_pass,$user_pass)){
$_SESSION['flag'] = 1;
redirect("index.php");
}
else{
$_SESSION['flag'] = 0;
redirect("admin.php");
}
break;

case logout:
$_SESSION['flag'] = 0;
redirect("index.php");
break;
}
require("footer.htm");

function redirect($send_to) {
echo "<script language='JavaScript'>\n";
echo "<!--\n";
echo "function redirect(){\n";
echo "window.location = '$send_to'}\n";
echo "setTimeout(\"redirect();\", 1)\n";
echo "// -->\n";
echo "</script>\n";
}
?>

 

[sleipnir214]

With what web server are you running PHP?


Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[Bastien]

it might be the users computer is not set to allow session cookies. you might need / want to enable trans_sid to pass the session id in the url.

XP allows the choice of setting session cookies in
tools > internet options > privacy > advanced > allow session cookies check box

Bastien

Cat, the other other white meat

 

[sleipnir214]

jason246day:
If you are running PHP on an IIS server, the problem likely stems from the fact that you're using cookies and "Location" headers in the same script.

When your script sends a "Location" header, the server sets its HTTP response code to 302. The programmers of IIS took it upon themselves to interpret the HTTP specification differently from all other web server programmers. They wrote IIS so that when the HTTP response code is 302, IIS does not send cookies.

And PHP's sessions depend on setting cookies on the browser.


Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[jason246day]

I am not sure what web server its running on. All I have is FTP access. Is there a script I can run to retrieve that information??

And I know for a fact that its not a setting on the computer that is causing the problem. Because I allow cookies on my computer, and it is happening to me too.

 

[jason246day]

results of phpinfo()

PHP Version 4.2.1
System Windows NT 5.0 build 2195
Build Date May 12 2002 23:51:56
Server API CGI
Virtual Directory Support enabled
Configuration File (php.ini) Path C:\WINNT\php.ini
Debug Build no
Thread Safety enabled


Does this help anyone with narrowing down the problem???

 

[sleipnir214]

There's a couple of ways to tell which server is being used.

One is to create run a script which consists of:

<?php
phpinfo();
?>

and run it on your web server. The output of this script should tell you enough about the current PHP installation to guess.


Another is to use telnet on port 80 to your server and do a by-hand fetch of a page. The web server will set a header which describes it. See section 2.6 of my FAQ in this forum titled "Debugging PHP code", fag434-2999


Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[jason246day]

I already discovered that, and posted the results from the phpinfo() up above

 

[sleipnir214]

It is the problem I described earlier in this thread. You cannot reliably use the "Location" header and cookies in the same script on IIS. This is not a bug -- IIS was built this way by design.


The workaround is to redirect the browser using META tags, client-side scripting, or links for the user to click on.

<aside>
This, BTW is why when you tell Tek-Tips to remember your login, you are taken to a page which tells you the cookie has been set and provides a link into the site. That's their workaround to the problem -- that intermediate page does not require a "Location" header.
</aside>


Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[jason246day]

I am not sure if I understand what you are saying. Lets start simple and then work up.

First off, is there something that needs to be removed from my script??? I am new to working with sessions.

 

[sleipnir214]

Damn.

Sorry, you are already working around the IIS/header/cookie problem by using client-side code.




Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[jason246day]

so does this put us back to square one???

for some reason the session variable isn't getting set. i am not sure if the session itself is even getting started. it was working the other night, but now it comes and goes. any ideas???

 

[jamesp0tter]

I experience this problem oftenly, whenever a page that contains sessions is called through a frame/redirect script.

Try to access the php directly, without linking to it through other pages.

Oh, and if you are using Flash movies in the webpage (.swf) i would advise you to remove them, there wasn't a single time that i could get sessions to work while .swf elements where on the page.

Hope that could help!

jamesp0tter,
jamespotter@netcabo.pt

p.s.: sorry for my (sometimes) bad english

 

[sleipnir214]

jamesp0tter's suggestions sound like good ones.

Also, I've found that the Opera web browser can give you good information about what cookies are being set.


Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[vbkris]

there is a bug in IE6,
Sessions are set if only IP addresses are used,
e.g:

http://System2/Site

- wont set session.

http://195.789.78.12/Site

- will set session. (u have to use the server's IP)...



Known is handfull, Unknown is worldfull

 

[sleipnir214]

vbkris:
What subversion(s) of IE 6?

I've never encountered the error you describe.


Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[vbkris]

give me some time to give u the sub versions, i encountered this problem while working on a recent project. the user will always be logged out the first time, but from the next time he could login correctly, the reason was the first time they were using the server name, the redirect script used IP address, therefore tfrom the next time the login worked, i will get you the sub versions...

Known is handfull, Unknown is worldfull

 

[Theseekers]

Hi there,

Jason, I understood your frustration on this because I am in the same boat as you are and still working on similar problem. After many hours of searching for solution, Sleipnir214 and others here have helped me to understand the issue of php running under windows IIS. Unfortunately, you have to use the Meta tag to achieve redirect automatically period. Thanks for the tip Sleipnir214 !!!.

Expand to this note, and if you don't mind Sleipnir214 and any one on this thread, I do have another ??? on the meta tag in my php code. I've tried your suggestion and it worked so far. However, it won't maintain the session after the initial refresh. Let me give you an example:

As to my problem: I have 3 php pages: (login, welcome, and logout). Information was passed to login via a form (no problem there). I used those information in the login script to either send them back or going forward to the welcome page if their credentials are ok (this work fine with your meta tag suggestion). However, when i issue another meta tag to go to the logout from the welcome scripts; another session cookies file is created with the 0KB and it is used the latest session cookies as the source for filling the blank on my logout form. Is there an issue for using the meta tag consecutively and as frequently as I did in this case???

JamesOtter -- Can you please clarify your suggestion as
"accessing php directly". Do you mean we have to type in the url address box??? I am not so sure to understand your suggestion (sorry 4 my lack of knowledge on this...)

TIA and thank Jason for letting me using your thread with my question. I think it will benefit us both.....I hope.

 

[jamesp0tter]

well, i've seen in many places, when you use a redirect service (like cjb.net , etc) to access a forum (for example), and you have a cookie set to auto-identify you in that forum, it doesn't get recognised. you need to type the direct access in the forum's hoster's domain to get logged in.

this means that there's some kind of problem when you get redirected to a session/cookie page, maybe meta tags or header's content (i don't know i'm not familiar with this areas), but there's a problem alright.

so, yes, when i suggested "accessing php directly" i meant type "

http://www.domain-hoster.com/user-account/forum/"

instead of "

http://wow-forum.cjb.net"

jamesp0tter,
jamespotter@netcabo.pt

p.s.: sorry for my (sometimes) bad english

 

[jason246day]

I have replaced my javascript redirect with a meta tag redirect, and everything seems to be working good. thank you very much for all of your help.