Page 1 of 2

Session problems

Posted: Fri May 19, 2006 5:46 pm
by marcklaser
I have a problem with the following code where whenever I click on a link, the session vars are not passed, but when I wait for the meta refresh, it gets passed. While this works on my local server, when uploaded to the production server it doesn't.

On my index.php

Code: Select all

...
...
		if ($auth) {
			require_once 'session.php';
			setcookie("login");

			$cookieValue = mt_rand() . "_" . $POST_username;
			setcookie('login',$cookieValue,time()+3600);
			$_SESSION['login'] = $cookieValue;

//			add_access_entry("Logged in as $POST_username");
			redir("YES","Login successful.","backend.php?page=general&subpage=news");
		}
session.php

Code: Select all

ini_set('register_globals','Off');
	ini_set('session.use_cookies',1);
	ini_set('session.use_only_cookies',1);
	ini_set('session.referer_check',1);
	ini_set('session.use_trans_sid',0);
	ini_set('url_rewriter.tags','');

	session_start();
	header("Cache-control: private"); // IE Fix
backend.php

Code: Select all

require_once 'session.php';

... other requires ...
...

	print_r($_SESSION);  //debug
	print_r($_COOKIE);  // debug

	if(isset($_COOKIE['login']) && isset($_SESSION['login'])) {
		if($_COOKIE['login'] == $_SESSION['login']) {
			$logged = true;
		} else {
			$logged = false;
		}
	} else {
		$logged = false;
	}

	if (!$logged)
	{
		setcookie('login');
		unset($_SESSION['login']);
		session_unset();
		session_destroy();
		redir("YES","Please login first.","index.php");
	}
The redir function which is in functions.php (functions.php is properly included on all the needed files)

Code: Select all

function redir($redir, $msg, $page, $time = 6) {
		if ($redir == "YES")
		{
			$msg .= "<br />
					 Click <a href=\"$page\">here</a> to continue.";
			$refresh = "				<meta http-equiv=\"refresh\" content=\"$time; url=$page\">";
			$title = "				<title>Redirecting to $page .. - MAO</title>";
		}
		else
		{
			$refresh = "				<meta http-equiv=\"refresh\" content=\"$time; url=$page\">";
			$title = "				<title>Page terminated .. - MAO</title>";
		}
		
		echo "
			<!DOCTYPE html 
			     PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"
			     \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">
			     
			<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">
			
			<head>
				<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-1252\" />
				$refresh
				<link rel=\"stylesheet\" type=\"text/css\" href=\"style.css\" />
				$title
			</head>
			
			<body>
				<div class=\"redir\" id=\"redir\">
				
					<p align=\"center\">
						<img border=\"0\" src=\"images/redirecting.jpg\" width=\"400\" height=\"100\">
					</p>
					
					<p align=\"center\">
						$msg <br />
					</p>
					
					<hr noshade size=\"1\" width=\"70%\" />
					
					<p align=\"center\">
						© 2006. Programmed and Designed by **
					</p>
					
				</div>
			</body>
			
			</html>";
		exit();
	}
Again, ok. On my local server, everything just works fine. But uploaded on the production server it doesn't. After logging in, it says "Login successful." using the redir() function. So in that Login Successful page, I have a choice to either wait for the meta refresh to take me to the next page or click the link. What happens is if I wait, it gets redirected fine, but if I click on the link, I get to a "Please login first." page using the redir() function and is executed in backend.php. And again, if I wait for the meta refresh, I get redirected to the main panel with more links (imagine an IPB acp). Clicking on the menu links gives me the "Please login first." page.

Again take note this all works fine on my local server and I did not intend for any advanced security on these pages as I still have alot to learn about it.

Kindly point out any errors in my code and I am happy to take criticism aswell. Thanks.

Re: Session problems

Posted: Fri May 19, 2006 6:13 pm
by RobertGonzalez
marcklaser wrote:So in that Login Successful page, I have a choice to either wait for the meta refresh to take me to the next page or click the link.
Is the meta-refresh page the same url as the clickable link?

Posted: Fri May 19, 2006 6:26 pm
by marcklaser
function redir($redir, $msg, $page, $time = 6) {
if ($redir == "YES")
{
$msg .= "<br />
Click <a href=\"$page\">here</a> to continue.";
$refresh = " <meta http-equiv=\"refresh\" content=\"$time; url=$page\">";
$title = " <title>Redirecting to $page .. - MAO</title>";
}
When source is viewed in a browser it is also the same.
<meta http-equiv="refresh" content="6; url=backend.php?page=general&subpage=news">
Click <a href="backend.php?page=general&subpage=news">here</a> to continue. <br />
Yes.

Posted: Fri May 19, 2006 6:33 pm
by RobertGonzalez
Sorry, didn't even see that. That is odd. Clicking as opposed to headering should not make one lick of difference to the landing page. As long as the values are set, they should be available to the server regardless of how the page was arrived at. I think.

Can you print_r($_SESSION) on the redirect page to see what is being output to it?

Posted: Fri May 19, 2006 6:36 pm
by marcklaser
On my local server:
Array
(
[login] => 70853230_Marc
)
Array
(
[login] => 70853230_Marc
[SID] => 4qvaf05elvtugib6iv2cnvdtu5
)
On the production server:
Array ( )
Array
(
[login] => 1908111952_Marc
[PHPSESSID] => aaac66765a0512e5a1493ab06832ac61
)
Note: First array is $_SESSION and the second is from $_COOKIE.

Posted: Fri May 19, 2006 6:48 pm
by RobertGonzalez
OK, next question... what are your two server setups? Also, is the var $POST_username actually named that. Just wondering if that might be causing problems. Not that it would, but at this point, without seeing the server information, I am at a loss.

Posted: Fri May 19, 2006 6:52 pm
by marcklaser
Well, which part of the server setup would you like to know?
Local is on php5+ and production is on php4+.

About the POST:

Code: Select all

extract($CONFIG, EXTR_PREFIX_ALL, "CONFIG");
	extract($_POST, EXTR_PREFIX_ALL, "POST");
I just use it for my arrays so I can access them easier.

Posted: Sun May 21, 2006 2:02 am
by marcklaser
*bump*
Anyone?

Posted: Sun May 21, 2006 2:22 am
by RobertGonzalez
Have you tried removing the extract function? It might not make a difference, but I ran into a similar issue when using array_map a few months ago.

Posted: Sun May 21, 2006 10:42 am
by marcklaser
Ok, I've completely removed all the includes to extract.inc, deleted extract.inc itself and converted all the extracted vars back into their originals. Still nothing. :(

Posted: Sun May 21, 2006 11:42 am
by RobertGonzalez
Man, you got me. Keep bumping if you get no other responses. I'm sure someone here has an answer for you.

Posted: Mon May 22, 2006 10:12 am
by marcklaser
Ok. Thanks for trying though.
Anyone else have an idea? :D

Posted: Mon May 22, 2006 10:26 am
by RobertGonzalez
I was thinking, can you try a simple session tester and see what the results are?
thispage.php

Code: Select all

<?php
session_start();
$test_var = 0;
$_SESSION['testvar'] = $test_var;
$test_var_1 = $_SESSION['testvar'];
?>
<html>
<head><title>SessionTester</title>
</head>
<body>
<p><?php echo $test_var_1; ?></p>
<p><a href="nextpage.php">Let's see what we get next...</a></p>
</body>
</html>
nextpage.php

Code: Select all

<?php
session_start();
if (isset($_SESSION['testvar']))
{
	$test_var = $_SESSION['testvar'];
	$test_var_1 = $test_var + 1;
}
else
{
	$test_var_1 = 'The session var was not set';
}
?>
<html>
<head><title>SessionTester - NextPage.php</title>
</head>
<body>
<p><?php echo $test_var_1; ?></p>
</body>
</html>
This will tell you if there is a system problem with handling sessions or if it is in your original code. Test this and see what it does...

Posted: Thu May 25, 2006 2:21 am
by marcklaser
http://localhost/thispage.php -> View Source:

Code: Select all

<html>
<head><title>SessionTester</title>
</head>
<body>
<p>0</p>
<p><a href="nextpage.php">Let's see what we get next...</a></p>
</body>
</html>
Actual browser output:
0

Let's see what we get next...
http://localhost/nextpage.php -> View Source:

Code: Select all

<html>
<head><title>SessionTester - NextPage.php</title>
</head>
<body>
<p>1</p>
</body>
</html>
Actual browser output:
1

Posted: Thu May 25, 2006 10:04 am
by RobertGonzalez
OK, that means sessions are working. I would guess there is something in your code that is preventing your session data from actually being set or recognized. You might have to go through your code line by line to see what is happening. But based on your last response, sessions working and session vars are being set.