Page 1 of 1

Session Problem in IE

Posted: Wed Mar 23, 2005 9:45 am
by phulla
I will be using session variables to control who and how long users are logged in.

The problem is the script below works fine in FF, but not in IE.

In IE, as soon as you login the welcome page is displayed, but as soon as you continue to another page, it returns back to the login page and there is no session_id!!!

Is there something wrong with IE or is it a setting i need to change?




session.php

Code: Select all

<?
	session_start();
	header("Cache-control: private");
	/*session_register('sid');
	session_register('username');
	session_register('userlevel');*/
?>
admin.php

Code: Select all

<?
	include_once ('resources/session.inc');
	include_once ('resources/constants.inc');
	include_once ('resources/classes/Database.pclass');
	include_once ('resources/classes/CreateForm.pclass');
	
	$dbConn = new Database();
	$conn = $dbConn->dbConnect();
	
	//session_unset();
	print_r($_SESSION);
	
	if (!isset($_SESSION['sid']) && !empty($_POST['username']) && !empty($_POST['password'])) {
			if ($conn) {
				$userLogin = $dbConn->getLoginDetails($_POST['username'], $_POST['password']);
					if (!is_array($userLogin)) {
						$loginError="There is a problem with the login details you have entered";
					} else {
						$_SESSION['userlevel'] = $userLogin['userlevel']; 
						$_SESSION['username'] = $userLogin['username'];
						$_SESSION['sid'] = session_id();
					}
			}
	}

	if(isset($_SESSION['sid'])) {
		if (!isset($_GET['page'])) {
			$page = 'welcome';
		} else {
			$page = $_GET['page'];
		}
	} else {
		$page = 'login';
	}

	include_once('admin/head.php');
	include_once('admin/nav.php');

	if (file_exists('admin/'.$page.'.php')) {
		$cfForm = new CreateForm();
		include_once('admin/'.$page.'.php');
	} else {
		include_once('include/missing.php');
	}

	include_once('admin/foot.php');

	// close the database connection
	$dbConn->closeConn($conn);

?>


login.php

Code: Select all

<form name="logon" action="admin.php" method="post">
<table width="90%">
<tr><td>&nbsp;</td></tr>
<tr>
	<td style="color:#FF0000; font-weight:bold; " colspan="2">&nbsp;<?
		if(isset($loginError)) print $loginError;
	?></td>
</tr>
<tr><td>&nbsp;</td></tr>
</table>
<table>
<tr><td style="color:#777;" colspan="2">Your username and password is case sensitive.<br/>
<span style="color:#f77; ">If you forget your password, please see your adminstrator.</span></td></tr>
<tr><td>&nbsp;</td></tr>
<tr>
	<td style="text-align:right; vertical-align:top;"><strong>Username:</strong></td>
	<td><input name='username' type='text' size='40' value='<? if(isset($_POST['username'])) print $_POST['username']; ?>' /></td>
</tr>
<tr>
	<td style="text-align:right; vertical-align:top;"><strong>Password:</strong></td>
	<td><input name='password' type='password' size='40' value='<? if(isset($_POST['password'])) print $_POST['password']; ?>' /></td>
</tr>
<tr><td>&nbsp;</td></tr>
<tr>
	<td>&nbsp;</td>
	<td><input type='submit' name='submit' value='Login' /></td>
</tr>
</table>
</form>

Posted: Wed Mar 23, 2005 9:51 am
by phpScott
The only thing that seems a bit off is the use of $_GET['page'] when you are using $_POST['username'] earlier in the page. Plus you are checking only checking on $_Session['uid'] and never check for $_Session['username'];

Posted: Wed Mar 23, 2005 9:52 am
by feyd
mixing session_register() and $_SESSION is a no-no:
session_register() wrote:Caution

If you want your script to work regardless of register_globals, you need to instead use the $_SESSION array as $_SESSION entries are automatically registered. If your script uses session_register(), it will not work in environments where the PHP directive register_globals is disabled.

register_globals: important note: Since PHP 4.2.0, the default value for the PHP directive register_globals is off. The PHP community encourages all to not rely on this directive but instead use other means, such as the superglobals.

Caution

This registers a global variable. If you want to register a session variable from within a function, you need to make sure to make it global using the global keyword or the $GLOBALS[] array, or use the special session arrays as noted below.

Caution

If you are using $_SESSION (or $HTTP_SESSION_VARS), do not use session_register(), session_is_registered(), and session_unregister().

a reminder:

Code: Select all

and

Code: Select all

support labeling.

Posted: Wed Mar 23, 2005 10:09 am
by phulla
ok, so i have fixed my little fundamental error with mixing $_SESSION and session_register(), but i still have the problem with IE.

Posted: Wed Mar 23, 2005 10:15 am
by feyd
where in the directory structure is the session cookie getting set? what is your ini settings for the session bits? Do you change protocols, subdomains, or directories after the session is set? .. Where do you change to and from what?

Posted: Wed Mar 23, 2005 11:13 am
by phulla
feyd wrote:where in the directory structure is the session cookie getting set? what is your ini settings for the session bits? Do you change protocols, subdomains, or directories after the session is set? .. Where do you change to and from what?
Session is set in base directory ./admin.php

Session settings are default as per install of PHP 4.3.10

Code: Select all

Session Support 	enabled
Registered save handlers 	files user

Directive	Local Value	Master Value
session.auto_start	Off	Off
session.bug_compat_42	On	On
session.bug_compat_warn	On	On
session.cache_expire	180	180
session.cache_limiter	nocache	nocache
session.cookie_domain	no value	no value
session.cookie_lifetime	0	0
session.cookie_path	/	/
session.cookie_secure	Off	Off
session.entropy_file	no value	no value
session.entropy_length	0	0
session.gc_divisor	100	100
session.gc_maxlifetime	1440	1440
session.gc_probability	1	1
session.name	PHPSESSID	PHPSESSID
session.referer_check	no value	no value
session.save_handler	files	files
session.save_path	C:\PHP\sessiondata	C:\PHP\sessiondata
session.serialize_handler	php	php
session.use_cookies	On	On
session.use_only_cookies	Off	Off
session.use_trans_sid	Off	Off
I do not change protocol, directory or subdomain.
The base directory loads the file admin.php with an include for each module, as shown in the admin.php file in my first post.

Posted: Thu Mar 24, 2005 1:36 am
by phulla
Doesn't anybody know?

Posted: Thu Mar 24, 2005 3:36 pm
by Ambush Commander
Do you have a live version of the problematic code so that I can see if I can replicate the error? I find it strange that PHP (which is completely server based) is causing incompatibilities between FireFox and Internet Explorer: it's probably something about headers or something.