Session variables dont seem to be working as expected

[evillazydwarf]

I'm quite new to php and i;m struggling, i'm trying to write a simple login section which checks a username and a password against a database and then either redirects you to the main website (if details are correct) or back to the login page (if incorrect)

I've got a simple html form which posts to a page which processes the database query and sets up a session, giving the username as the 1 and only session variable

session_start();
$_SESSION['username'] = $username;

this is then redirected to the main page in the website, where i use the following include file:

<?php
session_start();
if(!isset($_SESSION['username']))
{
	$location = "login.htm";
	header("Location:$location");
}
?>

to determine whether a session is already started or whether the user needs to log in... the problem is that even though i've just set the session variable it seems to dissappear and i get sent straight back to the login page and i have no idea why, any help would be very much appreciated

 

[sleipnir214]

I don't know what to tell you.

The following three-script test app:

test_foo.php:

<?php
session_start();
$_SESSION['username'] = 'fred';

print '<html><body><a href="test_bar.php">click</a></body></html>';
?>

test_bar.php:

<?php
session_start();
if(!isset($_SESSION['username']))
{
    header('Location: test_baz.html');
}
else
{
	print '<html><body>Login is:' . $_SESSION['username'] . '</body></html>';
}
?>

test_baz.html:

<html><body>
No login
</body></html>

Ends up with my browser displaying:

[tt]Login is:fred[/tt]

Which is correct behavior.

Some problems, from general experience:

Do a simpler test:

test_a.php:

<?php
session_start();
$_SESSION['test'] = 'test';
print '<html><body><a href="test_b.php">click</a></body></html>';
?>

test_b.php:

<?php
session_start();
print '<html><body>';
if (isset($_SESSION['test']))
{
	print 'found: ' . $_SESSION['test'];
}
else
{
	print 'not found';
}
print '</body></html>';
?>

To see whether sessions work in general.


Set your display_errors to "on" and error_reporting to "E_ALL" in php.ini. There might be errors you're not being shown.

Session variables use cookies to pass around the session store. If you have your two scripts in different domains, the cookies might not be passed correctly.

Are you trying to use cookie-based session variables and the "Location" header on IIS? Microsoft has a unique interpretation of the HTTP spec that causes problems with setting cookies in the same transaction as a "Location" header.



Want the best answers? Ask the best questions! TANSTAAFL!

 

[jpadie]

this is then redirected to the main page in the website, where i use the following include file:

in the past, on this forum, your experience has often been the cause of a race condition on the session file. that is to say, the first file has not finished writing the session data and closing the session file before the newly redirected file opens the session file (with the wrong data in it).

this is easily surmountable by adding the following BEFORE your header redirect in the first file

session_write_close();

 

[evillazydwarf]

thanks for taking the time to reply,

I tried:

session_write_close();

gave the same results, get bounced straight back to the login page.

so tried the test with test_a.php and test_b.php and i get a couple of interesting looking errors

first:

PHP Warning: session_start() [function.session-start]: open(C:\DOCUME~1\.........\sess_qk1hkg5uu5i63mvgs41dm2it93, O_RDWR) failed: No such file or directory (2) in C:\.....\test_a.php on line 2

now i think that means that it cant find the data on the session but as i said im quite new to this so not sure.

second error msg:

PHP Warning: Unknown: open(C:\.........\sess_qk1hkg5uu5i63mvgs41dm2it93, O_RDWR) failed: No such file or directory (2) in Unknown on line 0


third error msg:

PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (C:\DOCUME~1\Ben\LOCALS~1\Temp\php\upload) in Unknown on line 0

I went and found the session.save_path part of php.ini and it seems to be commented out, saying:

;     session.save_path = "N;/path"

it also says that windows users should change this path in order to use the session functions but i have no clue what to change it to, going to play around and try changing it to a few different things but this is the update after the test and would be grateful of another hard poke in the right direction

thanks again sleipnir214 and jpadie

 

[evillazydwarf]

very sorry... posted the wrong info

i was looking at the wrong php.ini

; Default timeout for socket based streams (seconds)
default_socket_timeout = 600
upload_tmp_dir="C:\DOCUME~1\Ben\LOCALS~1\Temp\php\session"
session.save_path="C:\DOCUME~1\Ben\LOCALS~1\Temp\php\upload"
cgi.force_redirect=0

this is the contents of the real php.ini session.save_path

 

[jpadie]

make sure that the php process has read/write access to the directories in question. i am surprised that the upload directory is called sessions and the session directory is called upload, though.

 

[evillazydwarf]

im just looking into it now and these directories dont exist? should i create them? or is easier to point them somewhere else?

 

[jpadie]

it does not really matter where they are so long as they exist and have the correct read-write permissions and are accessible to the php process!

 

[evillazydwarf]

it was indeed a permissions issue, its fixed now and working fine thanks again guys