Session SID variable

[Sarky78]

Right i am trying to impliment a login page that will use sessions for security on further pages.

if the data supplied passes the checks then this code is run:
session_start();
session_name("myLogin&quot
$UserID = $UserRow["UserID"];
$UserName = $UserRow["username"];
$AccessID = $UserRow["accessID"];
$LoggedIn = 1;
//set the session variables
$_SESSION["USerID"] = $UserID;
$_SESSION["UserName"] = $UserName;
$_SESSION["AccessID"] = $AccessID;
$_SESSION["LoggedIn"] = $LoggedIn;

I can see the sessions being created in my session directory. when i move onto other pages i have put some code that checks for the existance of the session:

if (! IsSet($_SESSION['UserID'])) {
header("Location: $refer_url"
} else {
echo "The value of the SID variable is: " .SID;
}

this is always doing refering me back to my login page. I have seen that there is a variable called SID that i can include on all of the pages to pass the session info but when i try to use this i get nothing back, its empty.

I haven't changed any of the settings in the php.ini file, and i am running php 4.2.1 on window nt server running iis 4.

any ideas why this variable is empty all the time?

 

[AnakinPt]

you must do a session_start() in ALL files you need to use sessions. This line MUST come before ANY output echoed to the screen.
Anikin
Hugo Alexandre Dias
Web-Programmer
anikin_jedi@hotmail.com

 

[Sarky78]

sorry forgot to mention that one.

the file that checks for the existance of the session vbl has a session_start(); right at the top of the page

session_start();
$refer_url=$rp . "admin/index.php";

if (! IsSet($_SESSION["UserID"])) {
header("Location: $refer_url"
} else {
echo "The value of the SID variable is: " .SID;
}

 

[AnakinPt]

don't use isset function.

just do:
if (!$_SESSION["UserID"])
{
header("Location: $refer_url"
} else {
echo "The value of the SID variable is: " .SID;
}

I think there are some issues with isset.

This if checks if there is some value in the UserID var of the session. NOTE: It fails if you have a login value of 0 or empty string. As i assume you will not have neither... Anikin
Hugo Alexandre Dias
Web-Programmer
anikin_jedi@hotmail.com

 

[Sarky78]

thanks for the pointer but ever time i click a link i am still being redirected back to the login page. The code above is saying that the session doesn't exist everytime it executes.

I can't seem to get the SID to pass across to the other pages.

this is what i am using:

<A href=&quot;users/index.php?<?=SID?>&quot;>User Administration</A><BR>

but when i roll over the link all i get is:
users/index.php?

any ideas ?

 

[AnakinPt]

that's buggy ... are you using cookies to keep the session id? check the php.ini file, the section 'sessions'

That's wierd. I use always sessions without any problems.
Anikin
Hugo Alexandre Dias
Web-Programmer
anikin_jedi@hotmail.com

 

[Sarky78]

it looks like i am using cookies, but when i run the page and look in my browser temp internet folder there isn't a cookie in there for this site. i have included all of the other session settings that are in the ini file as well, i haven't changed any of these so it is as the install !

cheers for your help so far anikin

[Session]
session.save_handler = files

session.save_path = C:\PHP\sessiondata

session.use_cookies = 1

session.name = PHPSESSID

session.auto_start = 0

session.cookie_lifetime = 0

session.cookie_path = /

session.cookie_domain =

session.serialize_handler = php

session.gc_probability = 1

session.gc_maxlifetime = 1440

session.referer_check =

session.entropy_length = 0

session.entropy_file =

session.cache_limiter = nocache

session.cache_expire = 180

session.use_trans_sid = 1

url_rewriter.tags = &quot;a=href,area=href,frame=src,input=src,form=fakeentry&quot;

 

[bardley]

Don't know if this is even relevant, but I noticed that you had:

$_SESSION["USerID"] = $UserID;

but then checked

$_SESSION["UserID"]

Notice the case difference in UserID. I think that would cause the error.

(I've smacked my forehead so many times over stuff like that)

if not, try checking the output from phpinfo (look for the variables with their values in the bottom section)

Good Luck
Brad Brad Gunsalus
Cymtec Systems, Inc.
bgunsalus@cymtec.com

 

[Sarky78]

brad,

thanks for the post

i noticed that one and made the change but got the same result - redirected back to the login page - i did the phpinfo and there wasn't a mention of any of the variables that i had declared, but there were these three in the php variables section:

_COOKIE[&quot;CFID&quot;] 2603
_COOKIE[&quot;CFTOKEN&quot;] 21451189
_COOKIE[&quot;wowCMS&quot;] 8c8dc606b858148d844d022ba5a877e8

the last one is the name that i gave to the session so something is happening

the page that i use to check if the session exists is an include file that is located off the main root. would the location of this make any difference?

root
|--login (where the session is set)
| |-- -- various other directories
|--includes (file that is used to check the sesison set in login)

thanks for your help

 

[AnakinPt]

No. You can have the include files wherever you want. You just have to include the file rightly.
Anikin
Hugo Alexandre Dias
Web-Programmer
anikin_jedi@hotmail.com