Session data disappearing
Posted: Wed Jan 19, 2011 4:11 am
Could be a fun one this, chaps, so I'll start from the beginning.
I'm developing a website that is hosted using XAMPP on a local network. As the server's name contains an underscore and IE6 (which all of our users use, unfortunately) hates underscores and won't accept cookies from a website whose address contains one, I'm resorting to using sessions with trans SID's (http://blahblahblah.com/index.php?PHPSESSID=xxxxxxxxx)
To do this, in my header include I have the following code:
And then my 'doLogin.php' file contains the following:
In the authUser.php file, I do the following:
Here's the fun part -- it appears that the session ID is transferred to index.php (which in turn includes header.php, which in turn includes authUser.php) but the session variable is an array with zero elements.
Am I doing something wrong or is this PHP misbehaving?
Any help appreciated, I'm tearing my hair out over this one!
EDIT: Strange thing happening - if I check (using Google Chrome's developer tools) what was passed to index.php after the doLogin.php script has run, I see that it has passed the session ID [text]http://blah/blah/index.php?PHPSESSID=sq ... 97t6qf1rr6[/text]
If I then copy and paste that entire URL into my browser, it works and the site runs as it should after I've logged in. If I log out and then back in, it goes back to square one. Very frustrating!#
EDIT 2: Although I am using session_write_close(), I thought that it may be a good idea to utilise a bit of JavaScript in doLogin.php that redirects the user after three seconds (in case the session data wasn't being written quickly enough). Still no joy -- same situation as above.
EDIT 3:Eureka! Sort of... the footer of my page uses ob_get_contents and then ob_end_clean to rewrite the URL so that the images are referred to absolutely rather than relatively. However, this breaks PHP's rewriting of the URL so that the session ID is on the end. Any ideas on how to get around this?
I'm developing a website that is hosted using XAMPP on a local network. As the server's name contains an underscore and IE6 (which all of our users use, unfortunately) hates underscores and won't accept cookies from a website whose address contains one, I'm resorting to using sessions with trans SID's (http://blahblahblah.com/index.php?PHPSESSID=xxxxxxxxx)
To do this, in my header include I have the following code:
Code: Select all
define('USE_TRANS_SESSION', true);
if (USE_TRANS_SESSION == true)
{
ini_set("session.use_trans_sid", "1");
ini_set("session.use_cookies","0");
ini_set("session.gc_maxlifetime", "2592000");
} else {
ini_set("session.use_trans_sid", "false");
ini_set("session.use_cookies","true");
ini_set("session.gc_maxlifetime", "2592000");
}Code: Select all
$_SESSION['username'] = $row['userName'];
$_SESSION['eNumber'] = $row['eNumber'];
$_SESSION['userClassName'] = $row['userClassName'];
logEvent($username, "Successful login");
//Code to stop people from using the same session ID from multiple PCs
$dbConn->query("DELETE FROM loggedinusers WHERE eNumber = '" . $row['eNumber'] . "'");
$dbConn->query("INSERT INTO loggedinusers (eNumber, lastLoginDate, lastIP) VALUES ('" . $row['eNumber'] . "', '" . date("Y-m-d H:i:s") . "', '" . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . "')");
session_write_close();
//Redirect user - please note that I have tried using $sessionid = session_id() before the session is closed and using this variable in the next line with no joy
header("Location:/blah/index.php?PHPSESSID=" . session_id());
header("Connection: close");
die();
Code: Select all
$row = $loginDBConn->getNextAssocRow();
$rowCount = $loginDBConn->queryAssoc("SELECT * FROM loggedinusers WHERE eNumber = '" . $_SESSION['eNumber'] . "' LIMIT 1");
if ($rowCount == 0)
{
$loginFail = true;
}
if ($row['lastIP'] != $_SERVER['REMOTE_ADDR'])
{
$loginFail = true;
}
if ($loginFail == true)
{
session_destroy();
header("Location:/blah/login.php");
die();
}
Am I doing something wrong or is this PHP misbehaving?
Any help appreciated, I'm tearing my hair out over this one!
EDIT: Strange thing happening - if I check (using Google Chrome's developer tools) what was passed to index.php after the doLogin.php script has run, I see that it has passed the session ID [text]http://blah/blah/index.php?PHPSESSID=sq ... 97t6qf1rr6[/text]
If I then copy and paste that entire URL into my browser, it works and the site runs as it should after I've logged in. If I log out and then back in, it goes back to square one. Very frustrating!#
EDIT 2: Although I am using session_write_close(), I thought that it may be a good idea to utilise a bit of JavaScript in doLogin.php that redirects the user after three seconds (in case the session data wasn't being written quickly enough). Still no joy -- same situation as above.
EDIT 3:Eureka! Sort of... the footer of my page uses ob_get_contents and then ob_end_clean to rewrite the URL so that the images are referred to absolutely rather than relatively. However, this breaks PHP's rewriting of the URL so that the session ID is on the end. Any ideas on how to get around this?