Page 1 of 1

Odd session error

Posted: Mon Mar 07, 2005 1:52 pm
by ikazuchi
When a user logs into the site I'm working on, the frontpage creates $_SESSION information if it does not already exist. Other pages on the site check the session variables to confirm authentication. However, in IE on remote machines (i.e. machines that are not the webserver hosting the site) when I go to another page (even the login page again) the session variables are not passed (the session information seems to vanish in to the ether).

Firefox everywhere and IE run in the webserver that hosts the site keep the session information and everything works fine.

Anyone run into this before and have a clue how to fix it (or just have an idea on what's wrong)?

It's a Win2k3 server running PHP 4.3.10 and IIS 6

Posted: Mon Mar 07, 2005 2:02 pm
by Chris Corbyn
If cookies are enabled on the machine you may find it working even if the code isn't quite right... otherwise all bets are off. Session done correctly should be server based so therefore browser independent (almost).

Could you maybe post some code?

Posted: Mon Mar 07, 2005 2:48 pm
by ikazuchi
The first line on each page is

Code: Select all

session_start()
and my login information goes as such

Code: Select all

// Login Area
	if($_SESSIONї'username'] == '') { // User is not logged in yet
		if($_SERVERї"REMOTE_USER"] == ''){ // Incorrent login information
			die('An error has occured retrieving your logon information.<br />Please contact the system administrator to gain access.');
		&#125; else &#123; // Good logon info
			$remUsr = $_SERVER&#1111;"REMOTE_USER"];
			$username = explode('\'', $remUsr);
			$sql = "SELECT * FROM SYS_staff WHERE username='$username&#1111;1]'";
			$whoami = $dbh->getRow($sql, DB_FETCHMODE_ASSOC); if (DB::isError($whoami)) &#123; die($whoami->getMessage()); &#125;
			if(count($whoami) == 9) &#123; // check if account exists
				// if it does, set session variables
				$_SESSION&#1111;'state'] = 'loggedIn';
				$_SESSION&#1111;'username'] = $whoami&#1111;'username'];
				$_SESSION&#1111;'nameLast'] = $whoami&#1111;'nameLast'];
				$_SESSION&#1111;'nameFirst'] = $whoami&#1111;'nameFirst'];
				$_SESSION&#1111;'nameMI'] = $whoami&#1111;'nameMI'];
				$_SESSION&#1111;'namePrefix'] = $whoami&#1111;'namePrefix'];
				$_SESSION&#1111;'nameSuffix'] = $whoami&#1111;'nameSuffix'];
				$_SESSION&#1111;'lastLogIn'] = $whoami&#1111;'lastLogIn'];
				$_SESSION&#1111;'permissions'] = $whoami&#1111;'system_permissions'];
			&#125; else &#123; // if not, deny access
				$diemsg = "You ($remUsr) do not appear to have an account in this system.<br />Please contact the system administrator to gain access.";
				die("$diemsg");
			&#125;
		&#125;
	&#125;
I am using IIS's NTLM automagic authentication (this is an intranet site).

The beginning of each page starts with:

Code: Select all

session_start();
	if($_SESSION&#1111;state] != 'loggedIn') &#123;
            die("You session has timed out.");
	&#125;
I'm not doing anything that complex, and Firefox has no problems, and IE from the webserver had so issues either. Only IE anywhere else.

Posted: Mon Mar 07, 2005 2:53 pm
by smpdawg
Out of curiousity, please place an echo $sql; after this line.

Code: Select all

$sql = "SELECT * FROM SYS_staff WHERE username='$username&#1111;1]'";

Posted: Mon Mar 07, 2005 3:15 pm
by ikazuchi

Code: Select all

SELECT * FROM SYS_staff WHERE username='VHATAMGubleD2'

Posted: Mon Mar 07, 2005 3:26 pm
by smpdawg
This is odd to say the least. I use code that is very similar to yours and haven't encountered this. Do you have a test area that we can log into to see what may be happening?

Posted: Mon Mar 07, 2005 4:02 pm
by ikazuchi
Unfortunately, this is all done on my company's firewall, and I can't set something up outside of it.

Posted: Mon Mar 07, 2005 4:51 pm
by smpdawg
Understandable.

Do you have error_reporting set to E_ALL and display_errors on?

Do you get any feedback from PHP about what is happening?