Page 1 of 1

Session Issues

Posted: Tue Nov 19, 2002 8:58 pm
by abromfield
Hello,

I'm having a problem with my session handling script. Here's the situation:

1.) Users come to my site and are asked to login using their credentials.

2.) The user enters their credentials into textboxes, which are located on the index.php page. The user presses the submit button and the textbox values are posted back to the index.php page. <form method=post action='index.php'>)

3.) The credentials are authenticated against a mySQL database and a session variable is created:

$query = "select * from members "
."where UserName='$userid' "
." and Password='$password'";
$result = mysql_query($query, $db_conn);
if (mysql_num_rows($result) >0 )
{
// if they are in the database register the user id
$valid_user = $userid;
session_register("valid_user");

4.) Once authenticated, the textboxes are removed and a menu is presented on the index.php page. One of the menu items displayed on the index page is "Documentation".

5.) The user clicks on the "Documentation" link, which transfers them to the documents.php page. The documents.php page starts by checking if a session varible exists:

<?
session_start();
// check session variable

if (session_is_registered("valid_user"))
{
?>
<html>
<head>
<title>Documentation</title>..........

The documents.php page will always load correctly if the user was authenticated.

6.) It's in this next step where I am experiencing the problem. When the user click's on any of the document links contained on the documents.php page they will receive a message (I wrote), indicating that the page they're trying to load is for members only, therefore they'll need to log into the site to view the page.

For some reason the session gets destroyed between the documents.php page (which checks to see if the a session variable exists) and the pages that are linked to the documents.php page.

The STRANGE part is that it works perfectly the second time you log into the site...every time!. Is this problem caused by my ISP, or my script that checks to see if a session variable is registered for the user:

<?
session_start();
// check session variable

if (session_is_registered("valid_user"))
{
?>
<html>
<head>
<title>Documentation</title>.......

Why does it always work the second time I log into the site, but never the first time? I've tried logging in from several different machines at various locations, and the result is always the same.

PLEASE HELP ME!

Thanks,

Andrew

Posted: Tue Nov 19, 2002 10:23 pm
by hedge
Could I see an example of one of the scripts called via the links built by documens.php

Posted: Wed Nov 20, 2002 5:45 am
by abromfield
Hey Hedge,

The documents.php page contains standard links to word documents that have been converted to HTML pages, using Word's "Save as Web Page" feature.

Therefore, on the documents page you would have the following:

<center>
<font face="Arial, Helvetica, sans-serif">
<a href="http://www.xyz.ca/documents/UP_Modeling.php">Unified
Process Modeling</a>
</font>
</center>

and the start of the UP_Modeling.php page would look like this:

<?
session_start();
// check session variable

if (session_is_registered("valid_user"))
{
?>

<html xmlns:o="urn:schemas-microsoft-com:office:office"
xmlns:w="urn:schemas-microsoft-com:office:word"
xmlns="http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
<meta name=ProgId content=Word.Document>
<meta name=Generator content="Microsoft Word 9">
<meta name=Originator content="Microsoft Word 9">
<link rel=File-List href="./UP_%20Modeling_files/filelist.xml">
<title>UP Modeling</title>
<!--[if gte mso 9]><xml>
<o:DocumentProperties>
.......
.......

I hope this is what you were looking for. Any suggestions would be much appreciated.

Andrew

Posted: Wed Nov 20, 2002 9:11 am
by hedge
Well your code looks correct to me. How are you propagating the sessionid, I am assuming via cookies.

1 other thing, I never could get things to work using if session_registered, I ended up checking by using isset.

Also if you are using 4.1+ you can set session variables by just setting them in the $_SESSION array and you don't need to register the vars. I have yet to find any problems with this method.

Posted: Wed Nov 20, 2002 9:35 am
by kcomer
I also have not had good luck with session_registered. I usually use

Code: Select all

&lt;?php
if (isset($_SESSION&#1111;'SOME_VALUE']) {
?&gt;
Keith

Posted: Wed Nov 20, 2002 10:28 am
by abromfield
I'll try the $_SESSION method instead. I'll let you now if this works.

Thanks,

Andrew