PHP Sessions not created until second attempt??? Help

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mindbender
Forum Newbie
Posts: 5
Joined: Thu Oct 28, 2004 4:02 pm

PHP Sessions not created until second attempt??? Help

Post by mindbender »

I'm running into a problem with PHP Sessions where the set session variables are not passed to another PHP page at first. The funny thing is that the sessions work on the second try when I resubmit my login info *after* failing the original login attempt and being returned to the login page.

The PHP session starts on the second page ("action_page.php"), if the login & password match what's stored on a mySQL database. The PHP database code works fine, and I am able to determine that PHP successfully creates a session following that. After a session is created, PHP forwards the user to the "viewing" page via a PHP "header Location" command.

The problem occurs on the viewing page (third stage), where the PHP code doesn't detect a session or the previously set session variables. However, if I set the viewing page's PHP code to revert back to the original login page, a second login attempt works. A PHP session is detected and the previously set session variables are present. And yes, I do have "session_start( )" set at the top of the page before everything else.

How is this happening? I have another set of PHP pages in a different directory that allows PHP sessions to work, and those PHP pages are nearly identical to these. I've tested these pages on a linux server running PHP and Apache, and these files also fail on the box as well.

I'm all out of ideas, and I'll try to provide what I can here.


Login Process:
------------------
1. login_page.html --> 2. action_page.php --> 3. viewing_page.php


Server info:
---------------
Server OS: Win2000
PHP version: 4.3.6


PHP.ini settings:
---------------------

register_globals = On
session.auto_start = 1
session.use_cookies = 1


action_page.php (this page works correctly and creates a session which is confirmed):
-------------------------------------------------------------------------------------------------------------

Code: Select all

<?
	include ("../scripts/common_db.php");

	// *** LOGIN STRING FROM LOGIN PAGE
	if (strlen(trim($_POSTї'login']))>0) {
		$strLOGIN = trim($_POSTї'login']);
	} else {
		header ("Location: login_page.html");
	}

	// *** PASSWORD STRING FROM LOGIN PAGE
	if (strlen(trim($_POSTї'password']))>0) {
		$strPASSWORD = trim($_POSTї'password']);
	} else {
		header ("Location: login_page.html");
	}

	if (! mysql_connect($dbhost, $dbusername, $dbuserpassword)) {
		die('Failed to connect to host "' . $dbhost . '" . ');
	}

	mysql_select_db("selected_db");

	$sql = "SELECT access_level, empl_number FROM employee_table WHERE"
		. " login = " . CHR(39) . trim($strLOGIN) . CHR(39)
		. " AND password = PASSWORD(" . CHR(39) . trim($strPASSWORD) . CHR(39) . ")"
		. " AND access_level = 1";

	$rs = mysql_query($sql) or die("Could not execute SQL query");
	$rsCOUNT = mysql_num_rows($rs);
	$row = mysql_fetch_array($rs);

	if ($rsCOUNT>0) {
		session_start();
		$_SESSIONї'access_level'] = $rowї'access_level'];
		$_SESSIONї'empl_number'] = $rowї'empl_number'];
		header ("Location: main.php");
	} else {
		header ("Location: login_page.html");
	}
?>

viewing_page.php:
------------------------

Code: Select all

<?
	session_start();
	header("Cache-control: private"); // IE 6 Fix
//	phpinfo();

echo "<b>\$_SESSIONї'access_level'] = " . $_SESSIONї'access_level'] . "</b><br />";
echo "<b>\$_SESSIONї'empl_number'] = " . $_SESSIONї'empl_number'] . "</b><br />";

	include ("../scripts/common_db.php");

	if (strlen(trim($_SESSIONї'access_level']))) {
		$intLEVEL = $_SESSIONї'access_level'];
	} else {
//		header ("Location: login_page.html");
	}

	if (strlen(trim($_SESSIONї'empl_number']))) {
		$INTSESSION_EMPL_NUMBER = $_SESSIONї'empl_number'];
	} else {
//		header ("Location: login_page.html");
	}

echo "<b>\$_SESSIONї'access_level'] = " . $_SESSIONї'access_level'] . "</b><br />";
echo "<b>\$_SESSIONї'empl_number'] = " . $_SESSIONї'empl_number'] . "</b><br />";
?>
If anyone could provide any answers, I'd greatly appreciate them. Thanks again.
rehfeld
Forum Regular
Posts: 741
Joined: Mon Oct 18, 2004 8:14 pm

Post by rehfeld »

only thing that comes to mind is that your using session_start(), but you have session.auto_start enabled.

w/ auto start on, you dont need to use session_start anymore. i beleive doing so will send a new sid to the user, maybe(?) making a second session


i have an unrelated question


why are you using chr(39) ?

why not just type ' ???



also, i think you could get rid of the strlen(trim($var)) peices,
do you expect people to be submitting whitespace for some reason?
or is it just to help correct them if they enter a space after thier userid?

Code: Select all

if (!empty($_POST['login'])) {
    // will fail on string 0, but you prob arent using that as a userid or password....
}
mindbender
Forum Newbie
Posts: 5
Joined: Thu Oct 28, 2004 4:02 pm

Post by mindbender »

rehfeld wrote:only thing that comes to mind is that your using session_start(), but you have session.auto_start enabled.

w/ auto start on, you dont need to use session_start anymore. i beleive doing so will send a new sid to the user, maybe(?) making a second session
Thanks for your response. I've removed the "session_start" from the top of the page, but the same problem happens. I am still able to recognize the previously set session variables after a second login.

rehfeld wrote:why are you using chr(39) ?
why not just type ' ???
That's actually an old habit from years of coding ASP, where a single-quote is used for commenting code - like "/ /" or "/ * * /"

rehfeld wrote:also, i think you could get rid of the strlen(trim($var)) peices, do you expect people to be submitting whitespace for some reason?
or is it just to help correct them if they enter a space after thier userid?
I've actually had users submit vars with a trailing space before, so I've used a trim( ) for some time (especially with database calls).
rehfeld
Forum Regular
Posts: 741
Joined: Mon Oct 18, 2004 8:14 pm

Post by rehfeld »

i saw session start twice, did you axe em both?
rehfeld
Forum Regular
Posts: 741
Joined: Mon Oct 18, 2004 8:14 pm

Post by rehfeld »

also, have you tried looking to see if/when your browser is receiving the sid cookie? w/ session.auto_start on, you should get one on any php page, but im wondering if your getting more than 1....
mindbender
Forum Newbie
Posts: 5
Joined: Thu Oct 28, 2004 4:02 pm

Post by mindbender »

rehfeld wrote:i saw session start twice, did you axe em both?
Yup. Same problem though.
mindbender
Forum Newbie
Posts: 5
Joined: Thu Oct 28, 2004 4:02 pm

Post by mindbender »

rehfeld wrote:also, have you tried looking to see if/when your browser is receiving the sid cookie? w/ session.auto_start on, you should get one on any php page, but im wondering if your getting more than 1....
Hmm... how would I be able to display the number of sid cookies?
mindbender
Forum Newbie
Posts: 5
Joined: Thu Oct 28, 2004 4:02 pm

Post by mindbender »

Problem solved!

There seems to be a problem w/ using IIS and the

Code: Select all

header ("someUrl.php");
function. I'd read somewhere that IIS has a problem w/ PHP sessions if you use the header function, and it's recommended to use a JavaScript meta-refresh instead. Sure enough, it worked.

Of course, all of this could probably be avoided by using Apache... but sometimes we don't have a choice, I suppose. Thanks to "Rehfeld" for his help.
Post Reply