Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Session problem

Status
Not open for further replies.
pease

pease

Programmer
Apr 2, 2009
29
GB
Morning (or afternoon depending on where you are!)

I have a problem with a very basic session script.

I have two pages, page1 and page2, for debugging purposes currently each page starts with

Code: 
session_start();
if(!isset($_SESSION['userid'])) {
echo "no session";
} else {
//do code for page....


On the login page I set the cookie using
Code: 
Setcookie("userid","This is my test cookie");

when I login and move to page 2 it acts as if the session is not set and displays "no session"

I thought the cookie wasnt setting or being carried over so I changed the echo "no session" to
Code: 
echo $_COOKIE["userid"];
expecting it to come back blank, it didnt, the cookie displayed exactly what I expected it to (in this case "this is my test cookie").

Im now lost??????
 
Sort by date Sort by votes
$_COOKIE and $_SESSION are two separate things. a session is a set of server stored information. typically this is stored as a serialized array in the file system and identified by a unique id which is transmitted to the client by way of a cookie. thus the only thing a client knows about a session is the id.

so, setting a COOKIE with the name userid and an arbitrary value will not help you at all. you must set a session variable instead

Code: 
$_SESSION['userid'] = 'somevalue';

remember to make sure that the session store folder is read-writable by the php process.

and if you are testing on a local machine or a very slow server then you might find that session data appears not to be stored properly. in which case call session_write_close() after you have finished manipulating your session data.
 
Upvote 0 Downvote
session id's are stored in cookies for php (unless you are using TRANSID). is session fixation really an issue? has anyone god examples of an attack vector exploiting session fixation via php cookie-stored sessions?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

jason.lex
  • Locked
  • Question
Problem with table output and calendar picker bug
Replies
3
Views
146
spamjim
spamjim
charlion
  • Locked
  • Question
another json problem. 1
Replies
2
Views
141
charlion
charlion
Krus1972
  • Locked
  • Question
Special Character Filter Function Problem
Replies
2
Views
133
Unscruffed
Unscruffed
southbeach
  • Locked
  • Question
Haunted by vanishing session 1
Replies
4
Views
131
southbeach
southbeach
southbeach
  • Locked
  • Question
Problem with session dropping/loosing value
Replies
1
Views
99
southbeach
southbeach

Part and Inventory Search

Sponsor

Back
Top