SESSIONS PROBLEM -- HELP!! 1

[metamorphy]

I have a website that uses sessions and everything seemed to be working fine....But someone gave me some feedback today that after they log in, when they go to another page on the site, they are getting logged out ( I guess the session vars are not carrying over from page to page for this paticular individual??) I assume this has to do with browser settings (maybe cookies/security settings?)

At any rate, is there something I can change in the PHP ini to keep the sessions from having to rely on the browser settings without having to overhaul my entire code. As it is now, I just use a header file at the top of every page to check for the $SESSION['loggedin'] var. Im using PHP 4.3.1 on free BSD.

Thanks for the help.
-CH

 

[newphpbie]

Uno it should be checking for $_SESSION['loggedin'] not $SESSION['loggedid'].

That might be why it isn't working. And don't forget, cokkie handling is managed from the client side, so there's nothing you can do about it. But if you're not setting any cookies I don't see how this could be a problem.

Don't forget you can use ...

echo '<pre>';
print_r($_SESSION);

to see what session vars are active.... use this code on the page you are setting the session vars and the page you are trying to receive them on.... should give you a better understanding of what's going on....

Hope this helps..

 

[DRJ478]

Sessions usually rely on cookies and that's the default setting in PHP - unless you use URL based sessions which are additional trouble:
URL based session management has additional security risks compared to cookie based session management. Users may send an URL that contains an active session ID to their friends by email or users may save an URL that contains a session ID to their bookmarks and access your site with the same session ID always, for example.

If visitors to your site want to use it, they ought to turn on cookies -it's that easy. If they don't it's their loss. There's nothing you can do on your side of the code unless you want to get involved into the URL session business which IMO is not a good choice.

newphpbie
But if you're not setting any cookies I don't see how this could be a problem.
Session IDs are by default kept in a cookie. There's no explicit need to set it, it's part of the session handling.

 

[metamorphy]

Thanks for your help guys.

I guess I'll just leave it like it is and maybe put a little message on the site that says you have to enable cookies.

-CH

 

[DRJ478]

You can detect that cookies are disabled by checking for $_COOKIE and redirect people that have them disabled to a page that gives the appropriate message.
It's probably better to not diesplay the message to the majority of users, who certainly have cookies enabled.

 

[metamorphy]

Thanks again.

By the way. Perhaps my description of the problem wasn't adequate but does this issue seem to be almost certainly a client side browser/cookies setting issue? I just want to rule out the possibility of a coding error on my part.

Thanks again for the help!

-CH

 

[DRJ478]

Go to the offending script and check if you have the session_start() at the top, then you'll know you should be all set.
Test it yourself, go there and observe if your session values get lost. A quick print_r($_SESSION) within <pre></pre> tags will show.