losing session variables

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
farberama
Forum Newbie
Posts: 8
Joined: Fri Oct 11, 2002 7:10 pm

losing session variables

Post by farberama »

I have recently built a site using PHP 4.1.1 on a windows machine. My problem started when I uploaded it to my hosting provider's server. The site uses session variables to control access to the site. Everything works perfectly on my machine, but when I uploaded it to the server, it no longer retains the session variables from one page to the next. What's even stranger, is that about 1 out of 10 times it does! My hosting provider is running PHP 4.0.6 on a Unix box.

I use the following code at the top of each page:

require_once("tuxnotes_fns.php");
session_start();

check_valid_user();



//from tuxnotes_fns.php
function check_valid_user()
// see if somebody is logged in and notify them if not
{
global $valid_user;

if (session_is_registered("valid_user"))
{
return;
}
else
{
// they are not logged in
$error = "You must be logged in to view this page. Please log in and try again.";
include("error.php");
exit;
}
}

Can anyone help me and hopefully keep me from pulling out what's left of my hair!

Thanks in advance.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

see what's registered in this session with

Code: Select all

echo '<pre>'; print_r($HTTP_SESSION_VARS); echo '</pre>';
after session_start()
$HTTP_SESSION_VARS should be available even on php-version < 4.1.0
farberama
Forum Newbie
Posts: 8
Joined: Fri Oct 11, 2002 7:10 pm

Post by farberama »

all I get is

Array
(
)
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

where and how should the array be filled/$valid_user be set? Do you have the code of this script?
farberama
Forum Newbie
Posts: 8
Joined: Fri Oct 11, 2002 7:10 pm

Post by farberama »

here's the code:

$valid_user = login($username, $password);
if ($valid_user)
{
// if they are in the database register the user id
session_register("valid_user");
}
else
{
// unsuccessful login
$error = "You could not be logged in. Please try again.<br><br>If you have just subscribed, your account will not be"
." activated until payment is received.";
include("error.php");
exit;
}
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

and you're sure it reaches

Code: Select all

// if they are in the database register the user id 
session_register("valid_user");
?
Is there any entry in the webserver's error.log?
session_register returns a boolean, you may let your script check this and if it is ==FALSE output an error message, i.e.

Code: Select all

session_register("valid_user") or die('session_register failed');
also note http://www.php.net/manual/en/function.session-register.php:
This registers a global variable. If you want to register a session variable from within a function, you need to make sure to make it global using the global keyword or the $GLOBALS[] array, or use the special session arrays as noted below.
farberama
Forum Newbie
Posts: 8
Joined: Fri Oct 11, 2002 7:10 pm

Post by farberama »

I added debugging code that outputs the session variables and the session ID into html comments and sometimes the session variables are there and sometimes not, but the PHPSESSID is always there. I can't figure out if there is a pattern to when the variables are there and when they are not.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

session data is stored (by default) in files.
The path is specified with session.save_path in php.ini
The filename is sess_<sessionId>, i.e. sess_f558a5073bgf4d17d81b657e874fd44c
when you open such a file you will find something like
myVar|s:8:"whatever";myVar2|s:13:"somethingelse";
when the php-session disremembers a variable is it in the file or not?
farberama
Forum Newbie
Posts: 8
Joined: Fri Oct 11, 2002 7:10 pm

Post by farberama »

On the copy on my local machine the variables are registered and destroyed as they should be. Unfortunately, the problem is with the copy on my hosting provider's server and I don't have access to that directory.
farberama
Forum Newbie
Posts: 8
Joined: Fri Oct 11, 2002 7:10 pm

Post by farberama »

if you would like, you could check out the site firsthand.

http://www.tuxnotes.com/index2.php

username: testers
password: testers

if you check out the pages' source you will see some html comments at the top that are for debugging showing the different variables. The session variable, valid_user, has a value of 3 for this identity.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

only way for me to see the red "you are not logged in" page was to provide an invalid password. Despite this it worked and I tried it about 30 times.
ReDucTor
Forum Commoner
Posts: 90
Joined: Thu Aug 15, 2002 6:13 am

Post by ReDucTor »

I recommend doing the following for username/password checking, well this is how i do it.

Code: Select all

function Login()
{
global $_SESSION, $_REQUEST;
session_start();
if(!session_is_registered("username"))
  session_register("username");
if(!session_is_registered("password"))
  session_register("password");
if(!empty($_REQUEST&#1111;'username'])&amp;&amp;!empty($_REQUEST&#1111;'password']))
{
$username = $_REQUEST&#1111;'username'];
$password = $_REQUEST&#1111;'password'];
}
else if(!empty($_SESSION&#1111;'username'])&amp;&amp;!empty($_SESSION&#1111;'password']))
{
$username = $_SESSION&#1111;'username'];
$password = $_SESSION&#1111;'password'];
}
else
{
// Check if this is a page to login on, if not just return
}
$_SESSION&#1111;'username'] = $username;
$_SESSION&#1111;'password'] = $password;
// Check the username and password in the database, and the access level of the user 
}
farberama
Forum Newbie
Posts: 8
Joined: Fri Oct 11, 2002 7:10 pm

Post by farberama »

volka, did you navigate throught the rest of the site after logging in? That's when the problem usuallu occurs. Sometime right away and sometimes after a few pages I get the "you are not logged in page". I then have to navigate back to the membeHome page using the back button. There it asks me to refresh the page and it tends to work for a while again. another thing I noticed looking at the debugging comments in the html source was sometimes the valid_user value changed to a value of an identity I had previously logged in and logged out with.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

browsing a little bit arround I found that it always worked on Mission Statement and Contact Us but never for News or Archived News :?:
farberama
Forum Newbie
Posts: 8
Joined: Fri Oct 11, 2002 7:10 pm

Post by farberama »

actually it doesn't always work for mission statement and contact. The subtle difference is in the navigational buttons. If it recognized the session variable it would use the navigation for a member with the news and archive news buttons on it. If it didn't, it would use the basic navigation with the login and subscribe buttons. Either way those pages would be displayed and not the "you must be logged in" message because people not logged in can also use these pages.
Post Reply