Session problems

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

marcklaser
Forum Newbie
Posts: 10
Joined: Fri May 19, 2006 12:10 pm

Session problems

Post by marcklaser »

I have a problem with the following code where whenever I click on a link, the session vars are not passed, but when I wait for the meta refresh, it gets passed. While this works on my local server, when uploaded to the production server it doesn't.

On my index.php

Code: Select all

...
...
		if ($auth) {
			require_once 'session.php';
			setcookie("login");

			$cookieValue = mt_rand() . "_" . $POST_username;
			setcookie('login',$cookieValue,time()+3600);
			$_SESSION['login'] = $cookieValue;

//			add_access_entry("Logged in as $POST_username");
			redir("YES","Login successful.","backend.php?page=general&subpage=news");
		}
session.php

Code: Select all

ini_set('register_globals','Off');
	ini_set('session.use_cookies',1);
	ini_set('session.use_only_cookies',1);
	ini_set('session.referer_check',1);
	ini_set('session.use_trans_sid',0);
	ini_set('url_rewriter.tags','');

	session_start();
	header("Cache-control: private"); // IE Fix
backend.php

Code: Select all

require_once 'session.php';

... other requires ...
...

	print_r($_SESSION);  //debug
	print_r($_COOKIE);  // debug

	if(isset($_COOKIE['login']) && isset($_SESSION['login'])) {
		if($_COOKIE['login'] == $_SESSION['login']) {
			$logged = true;
		} else {
			$logged = false;
		}
	} else {
		$logged = false;
	}

	if (!$logged)
	{
		setcookie('login');
		unset($_SESSION['login']);
		session_unset();
		session_destroy();
		redir("YES","Please login first.","index.php");
	}
The redir function which is in functions.php (functions.php is properly included on all the needed files)

Code: Select all

function redir($redir, $msg, $page, $time = 6) {
		if ($redir == "YES")
		{
			$msg .= "<br />
					 Click <a href=\"$page\">here</a> to continue.";
			$refresh = "				<meta http-equiv=\"refresh\" content=\"$time; url=$page\">";
			$title = "				<title>Redirecting to $page .. - MAO</title>";
		}
		else
		{
			$refresh = "				<meta http-equiv=\"refresh\" content=\"$time; url=$page\">";
			$title = "				<title>Page terminated .. - MAO</title>";
		}
		
		echo "
			<!DOCTYPE html 
			     PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"
			     \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">
			     
			<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">
			
			<head>
				<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-1252\" />
				$refresh
				<link rel=\"stylesheet\" type=\"text/css\" href=\"style.css\" />
				$title
			</head>
			
			<body>
				<div class=\"redir\" id=\"redir\">
				
					<p align=\"center\">
						<img border=\"0\" src=\"images/redirecting.jpg\" width=\"400\" height=\"100\">
					</p>
					
					<p align=\"center\">
						$msg <br />
					</p>
					
					<hr noshade size=\"1\" width=\"70%\" />
					
					<p align=\"center\">
						© 2006. Programmed and Designed by **
					</p>
					
				</div>
			</body>
			
			</html>";
		exit();
	}
Again, ok. On my local server, everything just works fine. But uploaded on the production server it doesn't. After logging in, it says "Login successful." using the redir() function. So in that Login Successful page, I have a choice to either wait for the meta refresh to take me to the next page or click the link. What happens is if I wait, it gets redirected fine, but if I click on the link, I get to a "Please login first." page using the redir() function and is executed in backend.php. And again, if I wait for the meta refresh, I get redirected to the main panel with more links (imagine an IPB acp). Clicking on the menu links gives me the "Please login first." page.

Again take note this all works fine on my local server and I did not intend for any advanced security on these pages as I still have alot to learn about it.

Kindly point out any errors in my code and I am happy to take criticism aswell. Thanks.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Re: Session problems

Post by RobertGonzalez »

marcklaser wrote:So in that Login Successful page, I have a choice to either wait for the meta refresh to take me to the next page or click the link.
Is the meta-refresh page the same url as the clickable link?
marcklaser
Forum Newbie
Posts: 10
Joined: Fri May 19, 2006 12:10 pm

Post by marcklaser »

function redir($redir, $msg, $page, $time = 6) {
if ($redir == "YES")
{
$msg .= "<br />
Click <a href=\"$page\">here</a> to continue.";
$refresh = " <meta http-equiv=\"refresh\" content=\"$time; url=$page\">";
$title = " <title>Redirecting to $page .. - MAO</title>";
}
When source is viewed in a browser it is also the same.
<meta http-equiv="refresh" content="6; url=backend.php?page=general&subpage=news">
Click <a href="backend.php?page=general&subpage=news">here</a> to continue. <br />
Yes.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Sorry, didn't even see that. That is odd. Clicking as opposed to headering should not make one lick of difference to the landing page. As long as the values are set, they should be available to the server regardless of how the page was arrived at. I think.

Can you print_r($_SESSION) on the redirect page to see what is being output to it?
marcklaser
Forum Newbie
Posts: 10
Joined: Fri May 19, 2006 12:10 pm

Post by marcklaser »

On my local server:
Array
(
[login] => 70853230_Marc
)
Array
(
[login] => 70853230_Marc
[SID] => 4qvaf05elvtugib6iv2cnvdtu5
)
On the production server:
Array ( )
Array
(
[login] => 1908111952_Marc
[PHPSESSID] => aaac66765a0512e5a1493ab06832ac61
)
Note: First array is $_SESSION and the second is from $_COOKIE.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

OK, next question... what are your two server setups? Also, is the var $POST_username actually named that. Just wondering if that might be causing problems. Not that it would, but at this point, without seeing the server information, I am at a loss.
marcklaser
Forum Newbie
Posts: 10
Joined: Fri May 19, 2006 12:10 pm

Post by marcklaser »

Well, which part of the server setup would you like to know?
Local is on php5+ and production is on php4+.

About the POST:

Code: Select all

extract($CONFIG, EXTR_PREFIX_ALL, "CONFIG");
	extract($_POST, EXTR_PREFIX_ALL, "POST");
I just use it for my arrays so I can access them easier.
marcklaser
Forum Newbie
Posts: 10
Joined: Fri May 19, 2006 12:10 pm

Post by marcklaser »

*bump*
Anyone?
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Have you tried removing the extract function? It might not make a difference, but I ran into a similar issue when using array_map a few months ago.
marcklaser
Forum Newbie
Posts: 10
Joined: Fri May 19, 2006 12:10 pm

Post by marcklaser »

Ok, I've completely removed all the includes to extract.inc, deleted extract.inc itself and converted all the extracted vars back into their originals. Still nothing. :(
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Man, you got me. Keep bumping if you get no other responses. I'm sure someone here has an answer for you.
marcklaser
Forum Newbie
Posts: 10
Joined: Fri May 19, 2006 12:10 pm

Post by marcklaser »

Ok. Thanks for trying though.
Anyone else have an idea? :D
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

I was thinking, can you try a simple session tester and see what the results are?
thispage.php

Code: Select all

<?php
session_start();
$test_var = 0;
$_SESSION['testvar'] = $test_var;
$test_var_1 = $_SESSION['testvar'];
?>
<html>
<head><title>SessionTester</title>
</head>
<body>
<p><?php echo $test_var_1; ?></p>
<p><a href="nextpage.php">Let's see what we get next...</a></p>
</body>
</html>
nextpage.php

Code: Select all

<?php
session_start();
if (isset($_SESSION['testvar']))
{
	$test_var = $_SESSION['testvar'];
	$test_var_1 = $test_var + 1;
}
else
{
	$test_var_1 = 'The session var was not set';
}
?>
<html>
<head><title>SessionTester - NextPage.php</title>
</head>
<body>
<p><?php echo $test_var_1; ?></p>
</body>
</html>
This will tell you if there is a system problem with handling sessions or if it is in your original code. Test this and see what it does...
marcklaser
Forum Newbie
Posts: 10
Joined: Fri May 19, 2006 12:10 pm

Post by marcklaser »

http://localhost/thispage.php -> View Source:

Code: Select all

<html>
<head><title>SessionTester</title>
</head>
<body>
<p>0</p>
<p><a href="nextpage.php">Let's see what we get next...</a></p>
</body>
</html>
Actual browser output:
0

Let's see what we get next...
http://localhost/nextpage.php -> View Source:

Code: Select all

<html>
<head><title>SessionTester - NextPage.php</title>
</head>
<body>
<p>1</p>
</body>
</html>
Actual browser output:
1
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

OK, that means sessions are working. I would guess there is something in your code that is preventing your session data from actually being set or recognized. You might have to go through your code line by line to see what is happening. But based on your last response, sessions working and session vars are being set.
Post Reply