Dropping $_Session Elements
Posted: Mon Aug 03, 2009 9:58 am
Hi all, and thanks up front for any help on this.
I'm working with a basic login system of only a couple of files and I thought I understood how they worked until I moved them from a domain hosted on hostmonster to a domain on GoDaddy. This is all probably old hat for most of you folks but let me describe what I know. My index file plays double duty either displaying the login form or, if logged in, displaying a front page. This page starts the user session, checks to see if the user wanted to be "remembered," checks some cookies, etc. and if not, presents the login form. The form script of course immediately tries to log the user and, whether successful or not, it redirects back to the main index page, where this process simply starts over. But this time, if the login was successful, the front page is displayed instead of the login form.
Simple enough loop I thought. The key is the end of the form script processing, which adds some elements to the $_SESSION array which, upon redirect back to the index form, are needed to determine if the user is logged in, and hence, what to display.
On both hostmonster and GoDaddy right before the redirect back to the start page, the process looks good, the $_session array has what I expect it to have given a successful or unsuccessful login.
After the redirect back to the common starting index page,
on hostmonster, the $_session array contains these values and proceeds as expected, but
on goDaddy, the $_session array is basically empty. It does contain one element that's added when this main page is called, but the elements expected from the result of the login attempt, are simply not present.
Now I've read quite a lot about problems with dropped sessions on redirect. But I'm still unable to make sense out of this. Most notably, since it works fine on hostmonster and not on GoDaddy, I'd guess there's something in version or configuration that's at odds here but I can't find it. I've compared versions, they are slightly different, hostmonster on 5.2.9, GoDaddy on 5.2.5. I've compared all their session handling configuration switches and they all match, or those I'm seeing with phpinfo() anyway.
One issue I chased down was register_globals which is off for both hosts. But register_argc_argv is off on goDaddy, on on hostmonster. But I'm not sure that is a factor.
I realize there's a lot I don't know here. I don't fully understand how a header(location: ) redirect might be connected to or dependent upon 302 settings at the server but I found some references to this. I don't fully understand the session managment but the main index script calls session_start() initially and I've added a check on the return value on this and it's always successful. But the session management doesn't appear to be any deeper than this. And somehow, on hostmonster, after shunting over to a completely separate form script, when we loop back to the main page again, the $_session array has the data the form process script added to the array. Not sure I understand why completely but it does work, on hostmonster.
But, more importantly, I just don't know enough about session management and the nuances of different server/installation configurations issues to know which end of this to chase first. It may well be that the base script, despite working correctly on hostmonster, was itself not well devised and was simply lucky enough to have the side-effect of working on hostmonster at all, or maybe that luck was a specific php configuration, etc. But before I go changing things or taking a different approach, I need to understand why it doesn't work simply when moved to GoDaddy.
Any thoughts?
Thanks again for any help,
/jim
I'm working with a basic login system of only a couple of files and I thought I understood how they worked until I moved them from a domain hosted on hostmonster to a domain on GoDaddy. This is all probably old hat for most of you folks but let me describe what I know. My index file plays double duty either displaying the login form or, if logged in, displaying a front page. This page starts the user session, checks to see if the user wanted to be "remembered," checks some cookies, etc. and if not, presents the login form. The form script of course immediately tries to log the user and, whether successful or not, it redirects back to the main index page, where this process simply starts over. But this time, if the login was successful, the front page is displayed instead of the login form.
Simple enough loop I thought. The key is the end of the form script processing, which adds some elements to the $_SESSION array which, upon redirect back to the index form, are needed to determine if the user is logged in, and hence, what to display.
On both hostmonster and GoDaddy right before the redirect back to the start page, the process looks good, the $_session array has what I expect it to have given a successful or unsuccessful login.
After the redirect back to the common starting index page,
on hostmonster, the $_session array contains these values and proceeds as expected, but
on goDaddy, the $_session array is basically empty. It does contain one element that's added when this main page is called, but the elements expected from the result of the login attempt, are simply not present.
Now I've read quite a lot about problems with dropped sessions on redirect. But I'm still unable to make sense out of this. Most notably, since it works fine on hostmonster and not on GoDaddy, I'd guess there's something in version or configuration that's at odds here but I can't find it. I've compared versions, they are slightly different, hostmonster on 5.2.9, GoDaddy on 5.2.5. I've compared all their session handling configuration switches and they all match, or those I'm seeing with phpinfo() anyway.
One issue I chased down was register_globals which is off for both hosts. But register_argc_argv is off on goDaddy, on on hostmonster. But I'm not sure that is a factor.
I realize there's a lot I don't know here. I don't fully understand how a header(location: ) redirect might be connected to or dependent upon 302 settings at the server but I found some references to this. I don't fully understand the session managment but the main index script calls session_start() initially and I've added a check on the return value on this and it's always successful. But the session management doesn't appear to be any deeper than this. And somehow, on hostmonster, after shunting over to a completely separate form script, when we loop back to the main page again, the $_session array has the data the form process script added to the array. Not sure I understand why completely but it does work, on hostmonster.
But, more importantly, I just don't know enough about session management and the nuances of different server/installation configurations issues to know which end of this to chase first. It may well be that the base script, despite working correctly on hostmonster, was itself not well devised and was simply lucky enough to have the side-effect of working on hostmonster at all, or maybe that luck was a specific php configuration, etc. But before I go changing things or taking a different approach, I need to understand why it doesn't work simply when moved to GoDaddy.
Any thoughts?
Thanks again for any help,
/jim