Odd session error

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
ikazuchi
Forum Newbie
Posts: 5
Joined: Mon Apr 22, 2002 10:57 am

Odd session error

Post by ikazuchi »

When a user logs into the site I'm working on, the frontpage creates $_SESSION information if it does not already exist. Other pages on the site check the session variables to confirm authentication. However, in IE on remote machines (i.e. machines that are not the webserver hosting the site) when I go to another page (even the login page again) the session variables are not passed (the session information seems to vanish in to the ether).

Firefox everywhere and IE run in the webserver that hosts the site keep the session information and everything works fine.

Anyone run into this before and have a clue how to fix it (or just have an idea on what's wrong)?

It's a Win2k3 server running PHP 4.3.10 and IIS 6
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

If cookies are enabled on the machine you may find it working even if the code isn't quite right... otherwise all bets are off. Session done correctly should be server based so therefore browser independent (almost).

Could you maybe post some code?
ikazuchi
Forum Newbie
Posts: 5
Joined: Mon Apr 22, 2002 10:57 am

Post by ikazuchi »

The first line on each page is

Code: Select all

session_start()
and my login information goes as such

Code: Select all

// Login Area
	if($_SESSIONї'username'] == '') { // User is not logged in yet
		if($_SERVERї"REMOTE_USER"] == ''){ // Incorrent login information
			die('An error has occured retrieving your logon information.<br />Please contact the system administrator to gain access.');
		&#125; else &#123; // Good logon info
			$remUsr = $_SERVER&#1111;"REMOTE_USER"];
			$username = explode('\'', $remUsr);
			$sql = "SELECT * FROM SYS_staff WHERE username='$username&#1111;1]'";
			$whoami = $dbh->getRow($sql, DB_FETCHMODE_ASSOC); if (DB::isError($whoami)) &#123; die($whoami->getMessage()); &#125;
			if(count($whoami) == 9) &#123; // check if account exists
				// if it does, set session variables
				$_SESSION&#1111;'state'] = 'loggedIn';
				$_SESSION&#1111;'username'] = $whoami&#1111;'username'];
				$_SESSION&#1111;'nameLast'] = $whoami&#1111;'nameLast'];
				$_SESSION&#1111;'nameFirst'] = $whoami&#1111;'nameFirst'];
				$_SESSION&#1111;'nameMI'] = $whoami&#1111;'nameMI'];
				$_SESSION&#1111;'namePrefix'] = $whoami&#1111;'namePrefix'];
				$_SESSION&#1111;'nameSuffix'] = $whoami&#1111;'nameSuffix'];
				$_SESSION&#1111;'lastLogIn'] = $whoami&#1111;'lastLogIn'];
				$_SESSION&#1111;'permissions'] = $whoami&#1111;'system_permissions'];
			&#125; else &#123; // if not, deny access
				$diemsg = "You ($remUsr) do not appear to have an account in this system.<br />Please contact the system administrator to gain access.";
				die("$diemsg");
			&#125;
		&#125;
	&#125;
I am using IIS's NTLM automagic authentication (this is an intranet site).

The beginning of each page starts with:

Code: Select all

session_start();
	if($_SESSION&#1111;state] != 'loggedIn') &#123;
            die("You session has timed out.");
	&#125;
I'm not doing anything that complex, and Firefox has no problems, and IE from the webserver had so issues either. Only IE anywhere else.
User avatar
smpdawg
Forum Contributor
Posts: 292
Joined: Thu Jan 27, 2005 3:10 pm
Location: Houston, TX
Contact:

Post by smpdawg »

Out of curiousity, please place an echo $sql; after this line.

Code: Select all

$sql = "SELECT * FROM SYS_staff WHERE username='$username&#1111;1]'";
ikazuchi
Forum Newbie
Posts: 5
Joined: Mon Apr 22, 2002 10:57 am

Post by ikazuchi »

Code: Select all

SELECT * FROM SYS_staff WHERE username='VHATAMGubleD2'
User avatar
smpdawg
Forum Contributor
Posts: 292
Joined: Thu Jan 27, 2005 3:10 pm
Location: Houston, TX
Contact:

Post by smpdawg »

This is odd to say the least. I use code that is very similar to yours and haven't encountered this. Do you have a test area that we can log into to see what may be happening?
ikazuchi
Forum Newbie
Posts: 5
Joined: Mon Apr 22, 2002 10:57 am

Post by ikazuchi »

Unfortunately, this is all done on my company's firewall, and I can't set something up outside of it.
User avatar
smpdawg
Forum Contributor
Posts: 292
Joined: Thu Jan 27, 2005 3:10 pm
Location: Houston, TX
Contact:

Post by smpdawg »

Understandable.

Do you have error_reporting set to E_ALL and display_errors on?

Do you get any feedback from PHP about what is happening?
Post Reply