Trouble with session variables

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Neilos
Forum Contributor
Posts: 179
Joined: Fri Nov 19, 2010 2:07 am

Trouble with session variables

Post by Neilos »

Hello,

I have a function described below;

Code: Select all

function validateUser()
{
	session_regenerate_id ();
	$_SESSION['validSession'] = 1;
	$_SESSION['useridSession'] = $userid;
	$_SESSION['usernameSession'] = $username;
}
I then direct to another page using;

Code: Select all

header('Location: nextpage.php');
And then echo the variables using;

Code: Select all

echo $_SESSION['validSession'];
echo $_SESSION['useridSession'];
echo $_SESSION['usernameSession'];
Should be simple but as always it's not working. The only text I see is from the echo $_SESSION['validSession']; line, the rest shows as nothing as if the variables are set to null.

So, what I thought was that it must be the way I declare the variables $username and $userid but if I echo these on the page where the function is called they display correctly. Soooo... the only thing I can think could be wrong is;

Code: Select all

	$_SESSION['useridSession'] = $userid;
	$_SESSION['usernameSession'] = $username;
These two lines. But I cannot for the life of me see why?! I'm a bit of a noob and I'm hoping it is blindingly obvious what the problem is, so could someone be so kind as to enlighten me please?

Also, are there some easy ways to make this more secure? It looks like the session can be hijacked relatively easily but other than regenerating the id I don't know what to do :?

Thanks
zaster79
Forum Newbie
Posts: 7
Joined: Tue Nov 16, 2010 9:37 am

Re: Trouble with session variables

Post by zaster79 »

Code looks fine to me in theory.

I had an issue recently where I needed to display data from a session variable but it just wouldn't work, my code was good, but it wasn't working and this sounds very similar.

It turned out that the code (for that .php file) had somehow ended up all on a single line in the file, despite displaying on multiple lines in the editor. It had me banging my head against a brick wall for a while. I found it by viewing the source in my browser and noticed that everything was on one line. I lost a day and a half figuring that one out. :banghead:

viewtopic.php?f=1&t=124884
Neilos
Forum Contributor
Posts: 179
Joined: Fri Nov 19, 2010 2:07 am

Re: Trouble with session variables

Post by Neilos »

I had a look at your problem and although the symptoms are similar I think that the cause is different. It's peculiar that sometimes when the code looks ok it just doesn't seem to work. I'll keep fidling with it until I get it. In the mean time any suggestions are welcome.

Thanks
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: Trouble with session variables

Post by Celauran »

Neilos wrote:

Code: Select all

function validateUser()
{
	session_regenerate_id ();
	$_SESSION['validSession'] = 1;
	$_SESSION['useridSession'] = $userid;
	$_SESSION['usernameSession'] = $username;
}
You're not passing any arguments to the function. Where are $userid and $username coming from?
Neilos
Forum Contributor
Posts: 179
Joined: Fri Nov 19, 2010 2:07 am

Re: Trouble with session variables

Post by Neilos »

Hmmm ok didn't think of that. I lost my OOP head for a sec.

The variables come from...

Code: Select all

$email = $_POST['email'];
$query = "SELECT id, password, salt, username, activated FROM users WHERE email = '$email';";
$result = mysql_query($query);
$userData = mysql_fetch_array($result, MYSQL_ASSOC);
$userid = $userData['id'];
$username = $userData['username'];
So I'm guessing, and will try when I get a chance,I need to do something like;

Code: Select all

<?php

session_start();

function validateUser($id, $user)
{
	session_regenerate_id ();
	$_SESSION['validSession'] = 1;
	$_SESSION['useridSession'] = $id;
	$_SESSION['usernameSession'] = $user;
}

$email = $_POST['email'];
$query = "SELECT id, password, salt, username, activated FROM users WHERE email = '$email';";
$result = mysql_query($query);
$userData = mysql_fetch_array($result, MYSQL_ASSOC);
$userid = $userData['id'];
$username = $userData['username'];

validateUser($userid, $username);

?>
Makes a lot of sense now, but of course, I am yet to try it!

Thanks

Edit* success it worked. thanks for your help jogging my memory!!! :D
Post Reply