Page 1 of 1
sessions destroyed instantly
Posted: Wed Nov 27, 2013 11:38 pm
by chopficaro
it seems that sessions work when i set them for an instant, and then they are destroyed

here is my phpinfo page, can anyone see the problem?
i dont have access to the phpini file

can u check my cookie settings and tell me if i can use those instead?
http://cksgrill.net/phpinfo.php
Re: sessions destroyed instantly
Posted: Thu Nov 28, 2013 12:23 am
by requinix
You may say "destroyed" but is that what's actually happening? Is the old session data being destroyed? Or are you simply getting a new session each time?
And you may say "instant" but maybe you mean that the data isn't present in the next page load?
Re: sessions destroyed instantly
Posted: Thu Nov 28, 2013 12:31 am
by chopficaro
the same page is used to log in and check if the user is logged in
if the user is logged in, $log is true and the administration page loads
if the use is not logged in, he is prompted to log in
when testing this, i can log in and use the administration page
but if i try to refresh the administration page, the session is gone and i am prompted to log in again
here is the relevent code at the top of the page
Code: Select all
<!DOCTYPE html>
<script src="/javascript/header.js"></script>
<?
session_set_cookie_params(3000);
session_start();
ob_start();
ini_set('session.gc_maxlifetime', 6 * 60 * 60);
$session_expiration = time() + 3600 * 24 * 2;
if((($_POST['name'])and($_POST['password']))or(($_POST['name']!="")and($_POST['password']!="")))
{
$_SESSION['name']=$_POST['name'];
$_SESSION['password']=$_POST['password'];
echo $_SESSION['name'];
echo $_POST['name'];
echo $_SESSION['password'];
echo $_POST['password'];
}
// redifine variables for different server
require_once "mysqlconfig.php";
require_once "textprep.php";
// connect to database
global $connection;
$connection = mysql_connect(DB_SERVER,DB_USER,DB_PASS);
if (!$connection)
{
die("Database connection failed: " . mysql_error());
}
// select database
$db_select = mysql_select_db(DB_NAME,$connection);
if (!$db_select)
{
die("Database selection failed: " . mysql_error());
}
//check if logged in
$result = mysql_query("SELECT * FROM admin");
if (!$result)
{
die("Database query failed: " . mysql_error());
}
// get table names as mysql feedback
$i=0;
while ($row = mysql_fetch_array($result))
{
$name[$i]=$row['name'];
$password[$i]=$row['password'];
$rank[$i]=$row['rank'];
//echo "\$name[$i]=".$row['name'];
//echo "\$password[$i]=".$row['password'];
//echo "\$rank[$i]=".$row['rank'];
$i++;
}
//check if logged in
$log=false;
for($j=0;$j<$i;$j++)
{
//echo "<p>(".$name[$j]."==".$_SESSION['name'].")and(".$password[$j]."==".$_SESSION['password'].")</p>";
if(($name[$j]==$_SESSION['name'])and($password[$j]==$_SESSION['password']))
{
$log=true;
echo logged." ".$log;
}
}
if($log==true)
{
Re: sessions destroyed instantly
Posted: Thu Nov 28, 2013 4:35 am
by chopficaro
im 99.99% sure the problem is with php.ini or my host, i just need ur help to know what to ask him to change. please check my php.ini
http://cksgrill.net/phpinfo.php
Re: sessions destroyed instantly
Posted: Thu Nov 28, 2013 5:03 am
by requinix
No, it's not your php.ini or host. You can't call session_start() after you've outputted something. There is no session in the first place.
Re: sessions destroyed instantly
Posted: Thu Nov 28, 2013 5:40 pm
by Eric!
chopficaro wrote:thats not true
nevermind ill ask somewhere else
Classic.
Re: sessions destroyed instantly
Posted: Thu Nov 28, 2013 7:42 pm
by chopficaro
it makes no difference if there is code above session start as long as it does not involve session variables
i tried it ur way to humor u but the result is the same
Code: Select all
<?
session_start();
ob_start();
//session_set_cookie_params(3000);
ini_set('session.gc_maxlifetime', 6 * 60 * 60);
echo "<!DOCTYPE html>";
echo "<script src=\"/javascript/header.js\"></script>";
$session_expiration = time() + 3600 * 24 * 2;
Re: sessions destroyed instantly
Posted: Thu Nov 28, 2013 10:10 pm
by Eric!
chopficaro wrote:it makes no difference if there is code above session start as long as it does not involve session variables
i tried it ur way to humor u
Oh snap! Could it be your code has more than one problem? Thanks for humoring us again.
By the way it does make a difference when you are dealing with http headers. You can't output html and then expect to modify the http headers...major error. But then what do we know?
Re: sessions destroyed instantly
Posted: Sun Dec 01, 2013 5:46 pm
by Weiry
I hate to need to ask the obvious question here.
Does your php setup allow for PHP shorthand tags?
I purposefully never work in PHP shorthand and have it disabled on my development environment. So i copied a very basic example of your code and added a quick html form and experienced the same issue where the session was never set. I switched your shorthand tags out for the full <?php tag and it worked fine.
phpsession.php
Code: Select all
<?php
session_start();
session_set_cookie_params( 3000 );
//ob_start();
ini_set( 'session.gc_maxlifetime' , 6 * 60 * 60 );
$session_expiration = time() + 3600 * 24 * 2;
if ( !empty( $_POST['name'] ) && !empty( $_POST['password'] ) ) {
$_SESSION['name'] = $_POST['name'];
$_SESSION['password'] = $_POST['password'];
}
?>
<!DOCTYPE html>
<script src="/javascript/header.js"></script>
<body>
<form method="post" action="phpsession.php">
<label>Username</label>
<input type="text" name="name" size="20" value=""/>
<label>Password</label>
<input type="text" name="password" size="20" value=""/>
<p>
<input name="submit" type="submit" value="Submit"/>
</p>
</form>
<?php
print "POST:";
print "<pre>";print_r( $_POST );print "</pre>";
print "SESSION:";
print "<pre>";print_r( $_SESSION );print "</pre>";
?>
</body>
I would also like to add that requinix was 100% correct with the session_start() function. If you check the PHP notes on the function you will find:
Note:
To use cookie-based sessions, session_start() must be called before outputing anything to the browser.
Can i also make a quick suggestion to reduce the amount of code required
Code: Select all
<?php
// We can check the username and password safely directly from mysql as long as the input is sanitised.
$query = sprintf(
"SELECT * FROM `admin` where `name` = '%s' and `password` = '%s'",
mysql_real_escape_string($_POST['name']),
mysql_real_escape_string($_POST['password'])
);
$result = mysql_query( $query ) or die( "Database query failed: " . mysql_error() );
// We dont have to loop if here if we expect a single row, but we can.
$userdata = array();
while( $row = mysql_fetch_assoc($result) ){
// Assign user data to an available array
$userdata[] = $row;
}
Re: sessions destroyed instantly
Posted: Sun Dec 01, 2013 11:37 pm
by Eric!
Weiry, if you follow the link that requinx posted several users there offered similar help and were equally offended by the user's abusive tone when trying to get free help. Good to see you take the high road unlike me who couldn't bring myself to make additional corrections/suggestions.