Sessions

kc5f · June 4th, 2004, 09:48 AM

I have a site with a log-in procedure which works fine for all people but one. When she logs in, she is taken to the âwelcomeâ page which recognizes her by name. However, subsequent pages do not recognize that she is logged in (tracked by session variable âvalidâ), and send her back to the log-in page.

I can log on as her from another machine and everything works fine, as it does for all other users. (She is using Windows Milleneum Edition with Internext Explorer 5.50.)

Here are snippets from the pages. On the first page, when logging on with a valid log-in, session variable âvalidâ is set to âtrueâ and the next page is correctly shown. On that next page, if session variable âvalidâ is âtrueâ then perform action âAâ. Otherwise, perform action âBâ, requesting log-in.

Thanks for any help you can give me!

                    - Steve

First page â logging in:

<?php
session_start();
...
$_SESSION['valid']=true;
...
?>

Second page â requesting information:

<?php
session_start();
if (!isset($_SESSION['valid'])) $_SESSION['valid']=false;
...
if ($_SESSION['valid']) {
  ... (perform action A â have logged in)
}
else {
  ... (perform action B â request log-in)
}
?>

Snib · June 4th, 2004, 01:51 PM

Does she have cookies disabled or something?

Snib

<><

kc5f · June 4th, 2004, 05:35 PM

I designed the pages to use neither cookies nor javascript, to try to avoid client-side problems. However, I will see if she has disabled cookies, although she seems the type to have no idea how to do so...

(My understanding was that the session variables were kept on the server, and wouldn't use cookies. But this is a beginner's php forum, and I know I could be very wrong!)

Snib · June 4th, 2004, 06:18 PM

I believe (help me here Rich or Nik :-)) that sessions use cookies when the PHP.ini file tells them to:

session.use_cookies=1

So you would probably need to modify it to say:

session.use_cookies=0

Or if you use a remote host ask them to, but they might not allow it.

To disable/enable cookies in IE:

Open IE, on the toolbar at the top go to Tools -> Internet Options -> Privacy (tab) -> move the slider so it accepts at least some cookies.

Hope you get this problem solved!

Snib

<><

kc5f · June 4th, 2004, 07:23 PM

It is a remote host, and it is set to "1".

Thanks for the info - I'll get her to change her settings. (And I may let my php instructor know about it, too!)

- Steve

richard.york · June 8th, 2004, 06:27 PM

Right, sessions use cookies to pass around the session_id by default and modern browsers have cookies disabled by default. It's better to just hard code in the session_id.

First page â logging in:

Code:

<?php
session_start();
...
$_SESSION['valid']=true;

echo "<a href='second_page.php?sid=".session_id()."'>Go to second page.</a>\n";

// or if using POST

echo "<input type='hidden' name='sid' value='".session_id()."' />\n";

...
?>

Now PHP will pick up on the session id if a script includes a call to session_start.

Regards,
Rich

::::::::::::::::::::::::::::::::::::::::::
The Spicy Peanut Project
http://www.spicypeanut.net
::::::::::::::::::::::::::::::::::::::::::

Snib · June 8th, 2004, 06:35 PM

Hmm.... doesn't PHP usually do this anyway (somehow)? It does to my links.

Snib

<><

richard.york · June 8th, 2004, 07:43 PM

Quote:

quote:
Hmm.... doesn't PHP usually do this anyway (somehow)? It does to my links.

No, not by default anyway.

If the session.use_trans_sid directive is set to "1" and the proper tags are specified in the url_rewriter.tags directive PHP will include the session id in all urls. I usually just handle that myself by hard coding the sid.

Regards,
Rich

::::::::::::::::::::::::::::::::::::::::::
The Spicy Peanut Project
http://www.spicypeanut.net
::::::::::::::::::::::::::::::::::::::::::