Session Problem in IE

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
phulla
Forum Newbie
Posts: 5
Joined: Thu Mar 10, 2005 5:06 am

Session Problem in IE

Post by phulla »

I will be using session variables to control who and how long users are logged in.

The problem is the script below works fine in FF, but not in IE.

In IE, as soon as you login the welcome page is displayed, but as soon as you continue to another page, it returns back to the login page and there is no session_id!!!

Is there something wrong with IE or is it a setting i need to change?




session.php

Code: Select all

<?
	session_start();
	header("Cache-control: private");
	/*session_register('sid');
	session_register('username');
	session_register('userlevel');*/
?>
admin.php

Code: Select all

<?
	include_once ('resources/session.inc');
	include_once ('resources/constants.inc');
	include_once ('resources/classes/Database.pclass');
	include_once ('resources/classes/CreateForm.pclass');
	
	$dbConn = new Database();
	$conn = $dbConn->dbConnect();
	
	//session_unset();
	print_r($_SESSION);
	
	if (!isset($_SESSION['sid']) && !empty($_POST['username']) && !empty($_POST['password'])) {
			if ($conn) {
				$userLogin = $dbConn->getLoginDetails($_POST['username'], $_POST['password']);
					if (!is_array($userLogin)) {
						$loginError="There is a problem with the login details you have entered";
					} else {
						$_SESSION['userlevel'] = $userLogin['userlevel']; 
						$_SESSION['username'] = $userLogin['username'];
						$_SESSION['sid'] = session_id();
					}
			}
	}

	if(isset($_SESSION['sid'])) {
		if (!isset($_GET['page'])) {
			$page = 'welcome';
		} else {
			$page = $_GET['page'];
		}
	} else {
		$page = 'login';
	}

	include_once('admin/head.php');
	include_once('admin/nav.php');

	if (file_exists('admin/'.$page.'.php')) {
		$cfForm = new CreateForm();
		include_once('admin/'.$page.'.php');
	} else {
		include_once('include/missing.php');
	}

	include_once('admin/foot.php');

	// close the database connection
	$dbConn->closeConn($conn);

?>


login.php

Code: Select all

<form name="logon" action="admin.php" method="post">
<table width="90%">
<tr><td>&nbsp;</td></tr>
<tr>
	<td style="color:#FF0000; font-weight:bold; " colspan="2">&nbsp;<?
		if(isset($loginError)) print $loginError;
	?></td>
</tr>
<tr><td>&nbsp;</td></tr>
</table>
<table>
<tr><td style="color:#777;" colspan="2">Your username and password is case sensitive.<br/>
<span style="color:#f77; ">If you forget your password, please see your adminstrator.</span></td></tr>
<tr><td>&nbsp;</td></tr>
<tr>
	<td style="text-align:right; vertical-align:top;"><strong>Username:</strong></td>
	<td><input name='username' type='text' size='40' value='<? if(isset($_POST['username'])) print $_POST['username']; ?>' /></td>
</tr>
<tr>
	<td style="text-align:right; vertical-align:top;"><strong>Password:</strong></td>
	<td><input name='password' type='password' size='40' value='<? if(isset($_POST['password'])) print $_POST['password']; ?>' /></td>
</tr>
<tr><td>&nbsp;</td></tr>
<tr>
	<td>&nbsp;</td>
	<td><input type='submit' name='submit' value='Login' /></td>
</tr>
</table>
</form>
Last edited by phulla on Wed Mar 23, 2005 11:15 am, edited 2 times in total.
User avatar
phpScott
DevNet Resident
Posts: 1206
Joined: Wed Oct 09, 2002 6:51 pm
Location: Keele, U.K.

Post by phpScott »

The only thing that seems a bit off is the use of $_GET['page'] when you are using $_POST['username'] earlier in the page. Plus you are checking only checking on $_Session['uid'] and never check for $_Session['username'];
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

mixing session_register() and $_SESSION is a no-no:
session_register() wrote:Caution

If you want your script to work regardless of register_globals, you need to instead use the $_SESSION array as $_SESSION entries are automatically registered. If your script uses session_register(), it will not work in environments where the PHP directive register_globals is disabled.

register_globals: important note: Since PHP 4.2.0, the default value for the PHP directive register_globals is off. The PHP community encourages all to not rely on this directive but instead use other means, such as the superglobals.

Caution

This registers a global variable. If you want to register a session variable from within a function, you need to make sure to make it global using the global keyword or the $GLOBALS[] array, or use the special session arrays as noted below.

Caution

If you are using $_SESSION (or $HTTP_SESSION_VARS), do not use session_register(), session_is_registered(), and session_unregister().

a reminder:

Code: Select all

and

Code: Select all

support labeling.
phulla
Forum Newbie
Posts: 5
Joined: Thu Mar 10, 2005 5:06 am

Post by phulla »

ok, so i have fixed my little fundamental error with mixing $_SESSION and session_register(), but i still have the problem with IE.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

where in the directory structure is the session cookie getting set? what is your ini settings for the session bits? Do you change protocols, subdomains, or directories after the session is set? .. Where do you change to and from what?
phulla
Forum Newbie
Posts: 5
Joined: Thu Mar 10, 2005 5:06 am

Post by phulla »

feyd wrote:where in the directory structure is the session cookie getting set? what is your ini settings for the session bits? Do you change protocols, subdomains, or directories after the session is set? .. Where do you change to and from what?
Session is set in base directory ./admin.php

Session settings are default as per install of PHP 4.3.10

Code: Select all

Session Support 	enabled
Registered save handlers 	files user

Directive	Local Value	Master Value
session.auto_start	Off	Off
session.bug_compat_42	On	On
session.bug_compat_warn	On	On
session.cache_expire	180	180
session.cache_limiter	nocache	nocache
session.cookie_domain	no value	no value
session.cookie_lifetime	0	0
session.cookie_path	/	/
session.cookie_secure	Off	Off
session.entropy_file	no value	no value
session.entropy_length	0	0
session.gc_divisor	100	100
session.gc_maxlifetime	1440	1440
session.gc_probability	1	1
session.name	PHPSESSID	PHPSESSID
session.referer_check	no value	no value
session.save_handler	files	files
session.save_path	C:\PHP\sessiondata	C:\PHP\sessiondata
session.serialize_handler	php	php
session.use_cookies	On	On
session.use_only_cookies	Off	Off
session.use_trans_sid	Off	Off
I do not change protocol, directory or subdomain.
The base directory loads the file admin.php with an include for each module, as shown in the admin.php file in my first post.
phulla
Forum Newbie
Posts: 5
Joined: Thu Mar 10, 2005 5:06 am

Post by phulla »

Doesn't anybody know?
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Do you have a live version of the problematic code so that I can see if I can replicate the error? I find it strange that PHP (which is completely server based) is causing incompatibilities between FireFox and Internet Explorer: it's probably something about headers or something.
Post Reply