$_SESSION vars getting unset automatically?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
ben.artiss
Forum Contributor
Posts: 116
Joined: Fri Jan 23, 2009 3:04 pm

$_SESSION vars getting unset automatically?

Post by ben.artiss »

Hi everyone,

I'm having a bit of trouble with a project; session variables keep disappearing! I'm trying to make a simple login system (which I've never had trouble with before) and it uses the $_SESSION array to validate the session. I think I should show you some code just to give an idea of what's happening (btw, the very first thing I do is session_start()):

Code: Select all

class user {
    public static
        $login_arrive_time,
        $login_token,
        $username,
        $reset_arrive_time,
        $reset_token,
        $email,
        $login_id,
        $user_id,
        $group,
        $last_action,
        $meta
    ;
 
    public function __construct() {
        core::recall('user','login_arrive_time');
        core::recall('user','login_token');
        core::recall('user','username');
        core::recall('user','reset_arrive_time');
        core::recall('user','reset_token');
        core::recall('user','email');
        core::recall('user','login_id');
        core::recall('user','user_id');
        core::recall('user','group');
        core::recall('user','meta');
        core::recall('user','last_action');
 
        user::validate_login_attempt();
        user::validate_reset_attempt();
        user::check_auth();
 
        if (stristr(URL_QUERY,'logout')) {
            user::logout();
        }
    } // __construct()
 
...
}
OK I think the class' variables are pretty self-explanatory (sorry if not!), so the constructor recalls the values for the variables from the $_SESSION array. Here's how recall works:

Code: Select all

public function recall($class=false,$var=false,$autounset=false) {
    if (!$class) {
        return core::error('core::recall() line '.__LINE__.' requires a class name as parameter 1');
    } elseif (!class_exists($class)) {
        return core::error('core::recall() line '.__LINE__.' class doesn\'t exist: '.$class);
    }
 
    if (!$var) {
        return core::error('core::recall() line '.__LINE__.' requires a variable name as parameter 2');
    }
 
    if (!isset($_SESSION[$var])) {
        return false;
    }
 
    eval($class.'::${$var} = $_SESSION[$var];');
 
    if ($autounset) {
        unset($_SESSION[$var]);
    }
 
    return true;
} // recall()
When someone logs in the login() function set's a few $_SESSION variables, including e.g. $_SESSION['login_id']. So when I run core::recall('user','login_id'), the value of $_SESSION['login_id'] is given to core::$login_id and the $_SESSION var is kept (if the $_SESSION var was set in the first place). If I give recall a third parameter (1/true), the associated $_SESSION var gets unset - so it's fair to say that the calls to core::recall() don't use a third parameter, so it's default behavior is to NOT unset the $_SESSION['var'].

However, the check_auth() function checks to see where a user is in the website, and if they're in a restricted area it first checks to see if they're logged in using the user::is_logged_in() function. Here's that function:

Code: Select all

public function is_logged_in() {
    if (!isset($_SESSION['login_arrive_time']) ||
        !isset($_SESSION['login_token']) ||
        !isset($_SESSION['username']) ||
        !isset($_SESSION['email']) ||
        !isset($_SESSION['login_id']) ||
        !isset($_SESSION['user_id']) ||
        !isset($_SESSION['group']) ||
        !isset($_SESSION['last_action']) ||
        !isset($_SESSION['meta'])
    ) {
        return false;
    }
 
 
    if ($_SESSION['login_token']!=user::get_access_token($_SESSION['login_arrive_time'],'login')) {
        return false;
    }
 
    if ($_SESSION['login_id']!=user::get_login_id()) {
        return false;
    }
 
    return true;
} // is_logged_in()
Before the end of the check_auth() function is reached, I run the is_logged_in() function and return to the login page with an error if it returns false, which keeps happening after about a minute of inactivity. So to debug I displayed the contents of the $_SESSION array many times, and all required vars are there when I login, and when check_auth() runs when you reload the page, they've gone! I think I'm going crazy, because I've never had trouble with the session before..! Can anyone possibly give me any advice? I can't see where the problem is!

Thanks in advance, and sorry if this makes little/no sense!

Regards, Ben
Post Reply