On my website, I have a login system which fails on some computers and works on some.
User registers, and my script sends them an email validation link.
Users were able to validate account.
User then tries to login, but fails. For testing purposes, for the time being I am keeping a copy of the user's password in pre-md5 encoded form. Using that, I was able to log in with their username and password, where they said they cannot log in.
In my login script, I have
Code: Select all
session_start();
//$r is mysql fetch result
$_SESSION['SESS_MEMBER_ID'] = $r['id'];
$_SESSION['SESS_NAME'] = $r['name'];
$_SESSION['SESS_EMAIL'] = $r['email'];
Code: Select all
require_once('auth_member.php');
session_start();
//rest of the webpage
Code: Select all
session_start();
$id = $_SESSION['SESS_MEMBER_ID'];
if(!isset($id) || (trim($id) == '')) {
$action = "Cannot log in due to no SESS_MEMBER_ID";
header("location: access_denied.php");
exit();
}
I am thinking that if they are able to validate their email, they should have cookies enabled in order to login to their email accounts in the first place. Of course they could have cookies allowed for certain sites only, but if they are savvy enough to do that, they should know how to turn on cookies for my site too and not actually getting confused and sending in a ticket.
I have one user who tells me he couldn't log in that night he registered, but was able to do so the next morning.
Basically the question I have is, is there a problem with my system or is it a cookies problem (do they happen that frequently)
A perplexing problem, any thoughts?