Page 1 of 1
losing session variables
Posted: Fri Oct 11, 2002 7:10 pm
by farberama
I have recently built a site using PHP 4.1.1 on a windows machine. My problem started when I uploaded it to my hosting provider's server. The site uses session variables to control access to the site. Everything works perfectly on my machine, but when I uploaded it to the server, it no longer retains the session variables from one page to the next. What's even stranger, is that about 1 out of 10 times it does! My hosting provider is running PHP 4.0.6 on a Unix box.
I use the following code at the top of each page:
require_once("tuxnotes_fns.php");
session_start();
check_valid_user();
//from tuxnotes_fns.php
function check_valid_user()
// see if somebody is logged in and notify them if not
{
global $valid_user;
if (session_is_registered("valid_user"))
{
return;
}
else
{
// they are not logged in
$error = "You must be logged in to view this page. Please log in and try again.";
include("error.php");
exit;
}
}
Can anyone help me and hopefully keep me from pulling out what's left of my hair!
Thanks in advance.
Posted: Fri Oct 11, 2002 8:25 pm
by volka
see what's registered in this session with
Code: Select all
echo '<pre>'; print_r($HTTP_SESSION_VARS); echo '</pre>';
after session_start()
$HTTP_SESSION_VARS should be available even on php-version < 4.1.0
Posted: Fri Oct 11, 2002 8:35 pm
by farberama
all I get is
Array
(
)
Posted: Fri Oct 11, 2002 8:45 pm
by volka
where and how should the array be filled/$valid_user be set? Do you have the code of this script?
Posted: Fri Oct 11, 2002 9:54 pm
by farberama
here's the code:
$valid_user = login($username, $password);
if ($valid_user)
{
// if they are in the database register the user id
session_register("valid_user");
}
else
{
// unsuccessful login
$error = "You could not be logged in. Please try again.<br><br>If you have just subscribed, your account will not be"
." activated until payment is received.";
include("error.php");
exit;
}
Posted: Fri Oct 11, 2002 9:58 pm
by volka
and you're sure it reaches
Code: Select all
// if they are in the database register the user id
session_register("valid_user");
?
Is there any entry in the webserver's error.log?
session_register returns a boolean, you may let your script check this and if it is ==FALSE output an error message, i.e.
Code: Select all
session_register("valid_user") or die('session_register failed');
also note
http://www.php.net/manual/en/function.session-register.php:
This registers a global variable. If you want to register a session variable from within a function, you need to make sure to make it global using the global keyword or the $GLOBALS[] array, or use the special session arrays as noted below.
Posted: Fri Oct 11, 2002 11:30 pm
by farberama
I added debugging code that outputs the session variables and the session ID into html comments and sometimes the session variables are there and sometimes not, but the PHPSESSID is always there. I can't figure out if there is a pattern to when the variables are there and when they are not.
Posted: Sat Oct 12, 2002 12:06 am
by volka
session data is stored (by default) in files.
The path is specified with
session.save_path in php.ini
The filename is sess_<sessionId>, i.e. sess_f558a5073bgf4d17d81b657e874fd44c
when you open such a file you will find something like
myVar|s:8:"whatever";myVar2|s:13:"somethingelse";
when the php-session disremembers a variable is it in the file or not?
Posted: Sat Oct 12, 2002 12:25 am
by farberama
On the copy on my local machine the variables are registered and destroyed as they should be. Unfortunately, the problem is with the copy on my hosting provider's server and I don't have access to that directory.
Posted: Sat Oct 12, 2002 12:38 am
by farberama
if you would like, you could check out the site firsthand.
http://www.tuxnotes.com/index2.php
username: testers
password: testers
if you check out the pages' source you will see some html comments at the top that are for debugging showing the different variables. The session variable, valid_user, has a value of 3 for this identity.
Posted: Sat Oct 12, 2002 5:21 am
by volka
only way for me to see the red "you are not logged in" page was to provide an invalid password. Despite this it worked and I tried it about 30 times.
Posted: Sat Oct 12, 2002 5:31 am
by ReDucTor
I recommend doing the following for username/password checking, well this is how i do it.
Code: Select all
function Login()
{
global $_SESSION, $_REQUEST;
session_start();
if(!session_is_registered("username"))
session_register("username");
if(!session_is_registered("password"))
session_register("password");
if(!empty($_REQUESTї'username'])&&!empty($_REQUESTї'password']))
{
$username = $_REQUESTї'username'];
$password = $_REQUESTї'password'];
}
else if(!empty($_SESSIONї'username'])&&!empty($_SESSIONї'password']))
{
$username = $_SESSIONї'username'];
$password = $_SESSIONї'password'];
}
else
{
// Check if this is a page to login on, if not just return
}
$_SESSIONї'username'] = $username;
$_SESSIONї'password'] = $password;
// Check the username and password in the database, and the access level of the user
}
Posted: Sat Oct 12, 2002 7:25 am
by farberama
volka, did you navigate throught the rest of the site after logging in? That's when the problem usuallu occurs. Sometime right away and sometimes after a few pages I get the "you are not logged in page". I then have to navigate back to the membeHome page using the back button. There it asks me to refresh the page and it tends to work for a while again. another thing I noticed looking at the debugging comments in the html source was sometimes the valid_user value changed to a value of an identity I had previously logged in and logged out with.
Posted: Sat Oct 12, 2002 10:30 am
by volka
browsing a little bit arround I found that it always worked on
Mission Statement and
Contact Us but never for
News or
Archived News 
Posted: Sat Oct 12, 2002 11:48 am
by farberama
actually it doesn't always work for mission statement and contact. The subtle difference is in the navigational buttons. If it recognized the session variable it would use the navigation for a member with the news and archive news buttons on it. If it didn't, it would use the basic navigation with the login and subscribe buttons. Either way those pages would be displayed and not the "you must be logged in" message because people not logged in can also use these pages.