sessions destroyed instantly

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
chopficaro
Forum Commoner
Posts: 68
Joined: Fri Jan 01, 2010 12:56 am

sessions destroyed instantly

Post by chopficaro »

it seems that sessions work when i set them for an instant, and then they are destroyed :(
here is my phpinfo page, can anyone see the problem?
i dont have access to the phpini file :(
can u check my cookie settings and tell me if i can use those instead?
http://cksgrill.net/phpinfo.php
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: sessions destroyed instantly

Post by requinix »

You may say "destroyed" but is that what's actually happening? Is the old session data being destroyed? Or are you simply getting a new session each time?

And you may say "instant" but maybe you mean that the data isn't present in the next page load?
chopficaro
Forum Commoner
Posts: 68
Joined: Fri Jan 01, 2010 12:56 am

Re: sessions destroyed instantly

Post by chopficaro »

the same page is used to log in and check if the user is logged in
if the user is logged in, $log is true and the administration page loads
if the use is not logged in, he is prompted to log in
when testing this, i can log in and use the administration page
but if i try to refresh the administration page, the session is gone and i am prompted to log in again
here is the relevent code at the top of the page

Code: Select all

    <!DOCTYPE html>
    <script src="/javascript/header.js"></script>
    <?
    
    session_set_cookie_params(3000); 
    session_start();
    ob_start();
    ini_set('session.gc_maxlifetime', 6 * 60 * 60);
    $session_expiration = time() + 3600 * 24 * 2;
    if((($_POST['name'])and($_POST['password']))or(($_POST['name']!="")and($_POST['password']!="")))
    {
    	$_SESSION['name']=$_POST['name'];
    	$_SESSION['password']=$_POST['password'];
    	echo $_SESSION['name'];
    	echo $_POST['name'];
    	echo $_SESSION['password'];
    	echo $_POST['password'];
    }
    
    
    // redifine variables for different server
    require_once "mysqlconfig.php";  
    require_once "textprep.php";  
    
    // connect to database
    global $connection;
    $connection = mysql_connect(DB_SERVER,DB_USER,DB_PASS); 
    if (!$connection)
    {
    	die("Database connection failed: " . mysql_error());
    }
    
    // select database
    $db_select = mysql_select_db(DB_NAME,$connection);
    if (!$db_select)
    {
    	die("Database selection failed: " . mysql_error());
    }
    
    //check if logged in
    $result = mysql_query("SELECT * FROM admin");
    if (!$result)
    {
    	die("Database query failed: " . mysql_error());
    }
    
    // get table names as mysql feedback
    $i=0;
    while ($row = mysql_fetch_array($result)) 
    {
    	$name[$i]=$row['name'];
    	$password[$i]=$row['password'];
    	$rank[$i]=$row['rank'];
    	
    	//echo "\$name[$i]=".$row['name'];
    	//echo "\$password[$i]=".$row['password'];
    	//echo "\$rank[$i]=".$row['rank'];
    	
    	$i++;
    }
    
    //check if logged in
    $log=false;
    for($j=0;$j<$i;$j++)
    {
    	//echo "<p>(".$name[$j]."==".$_SESSION['name'].")and(".$password[$j]."==".$_SESSION['password'].")</p>";
    	if(($name[$j]==$_SESSION['name'])and($password[$j]==$_SESSION['password']))
    	{
    		$log=true;
    		echo logged." ".$log;
    	}
    }
    if($log==true)
    {
chopficaro
Forum Commoner
Posts: 68
Joined: Fri Jan 01, 2010 12:56 am

Re: sessions destroyed instantly

Post by chopficaro »

im 99.99% sure the problem is with php.ini or my host, i just need ur help to know what to ask him to change. please check my php.ini http://cksgrill.net/phpinfo.php
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: sessions destroyed instantly

Post by requinix »

No, it's not your php.ini or host. You can't call session_start() after you've outputted something. There is no session in the first place.
Eric!
DevNet Resident
Posts: 1146
Joined: Sun Jun 14, 2009 3:13 pm

Re: sessions destroyed instantly

Post by Eric! »

chopficaro wrote:thats not true

nevermind ill ask somewhere else
Classic.
chopficaro
Forum Commoner
Posts: 68
Joined: Fri Jan 01, 2010 12:56 am

Re: sessions destroyed instantly

Post by chopficaro »

it makes no difference if there is code above session start as long as it does not involve session variables
i tried it ur way to humor u but the result is the same

Code: Select all

<?

session_start();

ob_start();
//session_set_cookie_params(3000); 
ini_set('session.gc_maxlifetime', 6 * 60 * 60);
echo "<!DOCTYPE html>";
echo "<script src=\"/javascript/header.js\"></script>";
$session_expiration = time() + 3600 * 24 * 2;
Eric!
DevNet Resident
Posts: 1146
Joined: Sun Jun 14, 2009 3:13 pm

Re: sessions destroyed instantly

Post by Eric! »

chopficaro wrote:it makes no difference if there is code above session start as long as it does not involve session variables
i tried it ur way to humor u
Oh snap! Could it be your code has more than one problem? Thanks for humoring us again.

By the way it does make a difference when you are dealing with http headers. You can't output html and then expect to modify the http headers...major error. But then what do we know?
User avatar
Weiry
Forum Contributor
Posts: 323
Joined: Wed Sep 09, 2009 5:55 am
Location: Australia

Re: sessions destroyed instantly

Post by Weiry »

I hate to need to ask the obvious question here.

Does your php setup allow for PHP shorthand tags?

I purposefully never work in PHP shorthand and have it disabled on my development environment. So i copied a very basic example of your code and added a quick html form and experienced the same issue where the session was never set. I switched your shorthand tags out for the full <?php tag and it worked fine.

phpsession.php

Code: Select all

<?php
session_start(); 
session_set_cookie_params( 3000 );

//ob_start();
ini_set( 'session.gc_maxlifetime' , 6 * 60 * 60 );
$session_expiration = time() + 3600 * 24 * 2;
if ( !empty( $_POST['name'] ) && !empty( $_POST['password'] ) ) {
	$_SESSION['name'] = $_POST['name'];
	$_SESSION['password'] = $_POST['password'];
}
?>
<!DOCTYPE html>
<script src="/javascript/header.js"></script>
<body>
	<form method="post" action="phpsession.php">
		<label>Username</label>
		<input type="text" name="name" size="20" value=""/>
		<label>Password</label>
		<input type="text" name="password" size="20" value=""/>
		<p>
			<input name="submit" type="submit" value="Submit"/>
		</p>
	</form>
	<?php
		print "POST:";
		print "<pre>";print_r( $_POST );print "</pre>";
		print "SESSION:";
		print "<pre>";print_r( $_SESSION );print "</pre>";
	?>
</body>
I would also like to add that requinix was 100% correct with the session_start() function. If you check the PHP notes on the function you will find:
Note:
To use cookie-based sessions, session_start() must be called before outputing anything to the browser.
Can i also make a quick suggestion to reduce the amount of code required :)

Code: Select all

<?php
// We can check the username and password safely directly from mysql as long as the input is sanitised.
$query = sprintf(
		"SELECT * FROM `admin` where `name` = '%s' and `password` = '%s'",
		 mysql_real_escape_string($_POST['name']),
		 mysql_real_escape_string($_POST['password'])
		);
$result = mysql_query( $query ) or die( "Database query failed: " . mysql_error() );

// We dont have to loop if here if we expect a single row, but we can.
$userdata = array();
while( $row = mysql_fetch_assoc($result) ){
	// Assign user data to an available array
	$userdata[] = $row;
}
Eric!
DevNet Resident
Posts: 1146
Joined: Sun Jun 14, 2009 3:13 pm

Re: sessions destroyed instantly

Post by Eric! »

Weiry, if you follow the link that requinx posted several users there offered similar help and were equally offended by the user's abusive tone when trying to get free help. Good to see you take the high road unlike me who couldn't bring myself to make additional corrections/suggestions.
Post Reply