Page 1 of 1

Session issue

Posted: Tue Aug 15, 2006 11:56 am
by t0ta11ed
Greetings,

I'm working on an application that uses sessions to store user info. When the user logs in by entering a name and password, a login page authenticates the user and then sets a session variable to store the username. However, since I was redirecting to the main page via the header() function after authentication, I was using session_write_close() to make sure the variable would be available to the page I redirected to. This worked fine until recently when a co-worker changed the php.ini file. Now that variable throws an undefinied error. The variable that was set on the login page no longer makes it to the redirected main page. Here's the relevant code:

login.php

Code: Select all

// If theres a match send them to main.php
if ($pw == $row[0]) {
	
	session_register("user");
	$_SESSION['user'] = $user; 
	session_write_close();

	header("Location: main.php");
}
When main.php loads, it throws an error stating the SESSION variable is undefined.

This all worked before the ini file was mucked with, so I'd really like some ideas on what is missing or whatever since I'm out of ideas. My only alternative is to rewrite the app to use cookies instead, which I really don't want to do since it was nearly ready for production in the first place.

Here's the Session info. I've also made sure the directory is writeable as well:

Session Support enabled
Registered save handlers files user

Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_lifetime 0 0
session.cookie_path /var/lib/php/session /var/lib/php/session
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path /tmp /tmp
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid Off Off

Posted: Tue Aug 15, 2006 12:01 pm
by feyd
session_start() is called on all pages?

Tips: Don't use session_register(). Don't use relative paths for header redirections, use the full URL. http://.. and all.

Posted: Tue Aug 15, 2006 12:41 pm
by t0ta11ed
feyd wrote:session_start() is called on all pages?

Tips: Don't use session_register(). Don't use relative paths for header redirections, use the full URL. http://.. and all.
Yes, session_start() is called on both pages. Thanks for the tips.

Posted: Tue Aug 15, 2006 12:51 pm
by feyd
You may need to insert the session id into your redirect. It's not pretty, but it is the easiest way to force the ID to transfer, since I don't know what your colleague changed in the ini.

Code: Select all

header('Location: http://somesuch.com/page.php?' . rawurlencode(session_name()) . '=' . rawurlencode(session_id()));
or similar.

Posted: Tue Aug 15, 2006 3:30 pm
by t0ta11ed
Ok, I discovered there was a non-standard ini file generated by what appeared to be a third party app. I replaced it with the standard php.ini distribution and now the login produces a completely blank page. I fixed this once but now how I did it escapes me....anyone? Buller? buller?

Posted: Tue Aug 15, 2006 3:35 pm
by feyd
Ahem, Bueller. ;)

There is likely an error of some fashion that's causing the script to halt and display errors is off. If you have access to the server logs, take a look in there for php errors. If that isn't fruitful, run the following in a new file and tell us the results please.

Code: Select all

<?php

$neg = array('off', 0, false, '', null);
$flags = array(
	'Register Globals' => 'register_globals',
	'Short Tags' => 'short_open_tag',
	'Display Errors' => 'display_errors',
	'Magic Quotes GPC' => 'magic_quotes_gpc',
	'Magic Quotes Runtime' => 'magic_quotes_runtime',
	'Magic Quotes Sybase' => 'magic_quotes_sybase',
);
$ve = phpversion();
$os = PHP_OS;
$er = intval(error_reporting());
foreach ($flags as $n => $v)
{
	$flags[$n] = (in_array(strtolower(ini_get($v)), $neg) ? 'Off' : 'On');
}
$cli = (php_sapi_name() == 'cli');
$eol = "\n";

$gle = get_loaded_extensions();
$rows = array();
$le = '';
$wide = 4;
$j = count($gle);
$pad = $wide - $j % $wide;
$len = max(array_map('strlen', $gle));
$func = create_function('$a', 'return str_pad($a, ' . intval($len) . ');');
$gle = array_map($func, $gle);
for($i = 0; $i < $j; $i += $wide)
{
	$le .= '   ' . implode('   ', array_slice($gle, $i, $wide)) . $eol;
}

$ec = array(
	'E_STRICT' => 2048, 'E_ALL' => 2047, 'E_USER_NOTICE' => 1024,
	'E_USER_WARNING' => 512, 'E_USER_ERROR' => 256, 'E_COMPILE_WARNING' => 128,
	'E_COMPILE_ERROR' => 64, 'E_CORE_WARNING' => 32, 'E_CORE_ERROR' => 16,
	'E_NOTICE' => 8, 'E_PARSE' => 4, 'E_WARNING' => 2, 'E_ERROR' => 1,
);

$e = array();
$t = $er;
foreach ($ec as $n => $v)
{
	if (($t & $v) == $v)
	{
		$e[] = $n;
		$t ^= $v;
	}
}
if (ceil(count($ec) / 2) + 1 < count($e))
{
	$e2 = array();
	foreach ($ec as $n => $v)
	{
		if (!in_array($n, $e) and $n != 'E_ALL')
		{
			$e2[] = $n;
		}
	}
	$er = $er . ' ((E_ALL | E_STRICT) ^ ' . implode(' ^ ', $e2) . '))';
}
else
{
	$er = $er . ' (' . implode(' | ', $e) . ')';
}

if (!$cli)
{
	echo '<html><head><title>quick info</title></head><body><pre>', $eol;
}

echo 'PHP Version: ', $ve, $eol;
echo 'PHP OS: ', $os, $eol;
echo 'Error Reporting: ', $er, $eol;
foreach ($flags as $n => $v)
{
	echo $n, ': ', $v, $eol;
}
echo 'Loaded Extensions:', $eol, $le, $eol;

if (!$cli)
{
	echo '</pre></body></html>', $eol;
}

?>