Session variables empty 1

[whinger74]

HI I have a very simple login script that I've used quite a few times before, which checks username and password against database fields.

session_start();
require_once("../includes/inc.database.php");

$strErrors = "";

if (isset($_POST["submit"]))
{
        $user = addslashes($_POST["username"]);
	$pword = addslashes($_POST["password"]);
	// Create query
	$q = "SELECT * FROM `tblusers` "
		."WHERE `username`='".$user."' "
		."AND `password`='".$pword."' "
		."LIMIT 1";
	// Run query
	$r = mysql_query($q);

	if ( $obj = @mysql_fetch_object($r) )
	{
		// Login O.K., create session variables
		$_SESSION['user'] = $obj->userID;
		// Redirect to main page
		Header("Location: list.php");
	}
	else
	{
		//show the login form again, with a failed message
		$strErrors .= "<br />* Login failed";
	}
}

?>
//html code for form here

For some reason this has stopped working - php ini hasn't changed, and the tmp folder is writable to. I don't get the Login failed message, so the mysql query must have returned 1 row.
When I use
print_r($_SESSION);
just:
Array (
)
is printed.

Has anyone else ever got something similar suddenly happen?!

 

[sleipnir214]

Are you invoking session_start() in every script that uses sessions?

Are cookies turned on in your browser?


Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[whinger74]

Yes I was using session_start. THis is a bit embarrasing, but the hard disk on our test server was full up, which meant no sessions could be saved! :0[

For others out there who didn't know this, note that no errors seem to be produced if the disk gets full and you want to use sessions.

Thanks for reading ayway. Just out of interest though, I didn't realise having cookies turned on/off would have mattered, just for basic sessions?!. I'm probably being stupid

 

[sleipnir214]

Yes, it would.

PHP, by default, stores the session ID in a cookie on the browser. If you turn cookies off, cookie-based sessions will no longer work.

PHP has a second mechanism for session-handling which edits URLs on the fly to maintain the session state. See the section titled "Passing the Session ID" of this page of the PHP online manual


Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[whinger74]

Thanks!
once again that's a bit embarassing - all this time I didn't realise that this kind of session coding was saving things client-side.... yikes.

 

[sleipnir214]

Session-variables are all server-side. The only thing that gets stored on the browser is the session ID. PHP stores the actual session data on the server in a temporary directory on the web server and uses the browser-provided session ID to know which session store on the server to access.

The session ID is notionally equivalent of the account number to a numbered Swiss bank account -- if you know the number, you can access the account. If you don't have the number, you're not getting access to the account.



Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[whinger74]

Thanks - I wasn't totally mad then