Page 1 of 1

Trouble with session variables

Posted: Fri Nov 19, 2010 2:23 am
by Neilos
Hello,

I have a function described below;

Code: Select all

function validateUser()
{
	session_regenerate_id ();
	$_SESSION['validSession'] = 1;
	$_SESSION['useridSession'] = $userid;
	$_SESSION['usernameSession'] = $username;
}
I then direct to another page using;

Code: Select all

header('Location: nextpage.php');
And then echo the variables using;

Code: Select all

echo $_SESSION['validSession'];
echo $_SESSION['useridSession'];
echo $_SESSION['usernameSession'];
Should be simple but as always it's not working. The only text I see is from the echo $_SESSION['validSession']; line, the rest shows as nothing as if the variables are set to null.

So, what I thought was that it must be the way I declare the variables $username and $userid but if I echo these on the page where the function is called they display correctly. Soooo... the only thing I can think could be wrong is;

Code: Select all

	$_SESSION['useridSession'] = $userid;
	$_SESSION['usernameSession'] = $username;
These two lines. But I cannot for the life of me see why?! I'm a bit of a noob and I'm hoping it is blindingly obvious what the problem is, so could someone be so kind as to enlighten me please?

Also, are there some easy ways to make this more secure? It looks like the session can be hijacked relatively easily but other than regenerating the id I don't know what to do :?

Thanks

Re: Trouble with session variables

Posted: Fri Nov 19, 2010 3:49 am
by zaster79
Code looks fine to me in theory.

I had an issue recently where I needed to display data from a session variable but it just wouldn't work, my code was good, but it wasn't working and this sounds very similar.

It turned out that the code (for that .php file) had somehow ended up all on a single line in the file, despite displaying on multiple lines in the editor. It had me banging my head against a brick wall for a while. I found it by viewing the source in my browser and noticed that everything was on one line. I lost a day and a half figuring that one out. :banghead:

viewtopic.php?f=1&t=124884

Re: Trouble with session variables

Posted: Fri Nov 19, 2010 5:08 am
by Neilos
I had a look at your problem and although the symptoms are similar I think that the cause is different. It's peculiar that sometimes when the code looks ok it just doesn't seem to work. I'll keep fidling with it until I get it. In the mean time any suggestions are welcome.

Thanks

Re: Trouble with session variables

Posted: Fri Nov 19, 2010 5:42 am
by Celauran
Neilos wrote:

Code: Select all

function validateUser()
{
	session_regenerate_id ();
	$_SESSION['validSession'] = 1;
	$_SESSION['useridSession'] = $userid;
	$_SESSION['usernameSession'] = $username;
}
You're not passing any arguments to the function. Where are $userid and $username coming from?

Re: Trouble with session variables

Posted: Fri Nov 19, 2010 6:55 am
by Neilos
Hmmm ok didn't think of that. I lost my OOP head for a sec.

The variables come from...

Code: Select all

$email = $_POST['email'];
$query = "SELECT id, password, salt, username, activated FROM users WHERE email = '$email';";
$result = mysql_query($query);
$userData = mysql_fetch_array($result, MYSQL_ASSOC);
$userid = $userData['id'];
$username = $userData['username'];
So I'm guessing, and will try when I get a chance,I need to do something like;

Code: Select all

<?php

session_start();

function validateUser($id, $user)
{
	session_regenerate_id ();
	$_SESSION['validSession'] = 1;
	$_SESSION['useridSession'] = $id;
	$_SESSION['usernameSession'] = $user;
}

$email = $_POST['email'];
$query = "SELECT id, password, salt, username, activated FROM users WHERE email = '$email';";
$result = mysql_query($query);
$userData = mysql_fetch_array($result, MYSQL_ASSOC);
$userid = $userData['id'];
$username = $userData['username'];

validateUser($userid, $username);

?>
Makes a lot of sense now, but of course, I am yet to try it!

Thanks

Edit* success it worked. thanks for your help jogging my memory!!! :D