Page 1 of 1
Odd session error
Posted: Mon Mar 07, 2005 1:52 pm
by ikazuchi
When a user logs into the site I'm working on, the frontpage creates $_SESSION information if it does not already exist. Other pages on the site check the session variables to confirm authentication. However, in IE on remote machines (i.e. machines that are not the webserver hosting the site) when I go to another page (even the login page again) the session variables are not passed (the session information seems to vanish in to the ether).
Firefox everywhere and IE run in the webserver that hosts the site keep the session information and everything works fine.
Anyone run into this before and have a clue how to fix it (or just have an idea on what's wrong)?
It's a Win2k3 server running PHP 4.3.10 and IIS 6
Posted: Mon Mar 07, 2005 2:02 pm
by Chris Corbyn
If cookies are enabled on the machine you may find it working even if the code isn't quite right... otherwise all bets are off. Session done correctly should be server based so therefore browser independent (almost).
Could you maybe post some code?
Posted: Mon Mar 07, 2005 2:48 pm
by ikazuchi
The first line on each page is
and my login information goes as such
Code: Select all
// Login Area
if($_SESSIONї'username'] == '') { // User is not logged in yet
if($_SERVERї"REMOTE_USER"] == ''){ // Incorrent login information
die('An error has occured retrieving your logon information.<br />Please contact the system administrator to gain access.');
} else { // Good logon info
$remUsr = $_SERVERї"REMOTE_USER"];
$username = explode('\'', $remUsr);
$sql = "SELECT * FROM SYS_staff WHERE username='$usernameї1]'";
$whoami = $dbh->getRow($sql, DB_FETCHMODE_ASSOC); if (DB::isError($whoami)) { die($whoami->getMessage()); }
if(count($whoami) == 9) { // check if account exists
// if it does, set session variables
$_SESSIONї'state'] = 'loggedIn';
$_SESSIONї'username'] = $whoamiї'username'];
$_SESSIONї'nameLast'] = $whoamiї'nameLast'];
$_SESSIONї'nameFirst'] = $whoamiї'nameFirst'];
$_SESSIONї'nameMI'] = $whoamiї'nameMI'];
$_SESSIONї'namePrefix'] = $whoamiї'namePrefix'];
$_SESSIONї'nameSuffix'] = $whoamiї'nameSuffix'];
$_SESSIONї'lastLogIn'] = $whoamiї'lastLogIn'];
$_SESSIONї'permissions'] = $whoamiї'system_permissions'];
} else { // if not, deny access
$diemsg = "You ($remUsr) do not appear to have an account in this system.<br />Please contact the system administrator to gain access.";
die("$diemsg");
}
}
}
I am using IIS's NTLM automagic authentication (this is an intranet site).
The beginning of each page starts with:
Code: Select all
session_start();
if($_SESSIONїstate] != 'loggedIn') {
die("You session has timed out.");
}
I'm not doing anything that complex, and Firefox has no problems, and IE from the webserver had so issues either. Only IE anywhere else.
Posted: Mon Mar 07, 2005 2:53 pm
by smpdawg
Out of curiousity, please place an echo $sql; after this line.
Code: Select all
$sql = "SELECT * FROM SYS_staff WHERE username='$usernameї1]'";
Posted: Mon Mar 07, 2005 3:15 pm
by ikazuchi
Code: Select all
SELECT * FROM SYS_staff WHERE username='VHATAMGubleD2'
Posted: Mon Mar 07, 2005 3:26 pm
by smpdawg
This is odd to say the least. I use code that is very similar to yours and haven't encountered this. Do you have a test area that we can log into to see what may be happening?
Posted: Mon Mar 07, 2005 4:02 pm
by ikazuchi
Unfortunately, this is all done on my company's firewall, and I can't set something up outside of it.
Posted: Mon Mar 07, 2005 4:51 pm
by smpdawg
Understandable.
Do you have error_reporting set to E_ALL and display_errors on?
Do you get any feedback from PHP about what is happening?