Page 1 of 1

Problems with session

Posted: Fri Sep 01, 2006 4:47 am
by pkmleo
Hi,

I am developing a small website using PHP 4.4.2, MySQL 5.0 and Apache 2.0 on Windows XP Professioanl platform. When I check the login the session is created and I can see the session id being created also, but I cannot get the session value in the redirected page. When I try to print the stored session value, its not printing and I can that the session id being displayed in the address bar, but its not getting printed. I am not sure whats the actual problem is. I even checked the tmp folder and I can see some session files being created. register_globals option in the php.ini file is turned off. I have attached the code for logincheck.php, display.php and part of php.ini file also. Any help with this will be highly appreciated.

logincheck.php

Code: Select all

<?php 
session_start();
header("Cache-control: private");
require_once($_SERVER['DOCUMENT_ROOT'].'/books/db_config/db_config.php');

$login_name = $_POST['login_name'];
$password = $_POST['password'];
$password = md5($password);
$sql = "SELECT * FROM users WHERE login_name='$login_name' AND password='$password'";
$result = mysql_query($sql) or die("Unable to execute $sql query: " . mysql_error());
$count = mysql_num_rows($result);
if($count == 1)
{
	$_SESSION['login_name'] = $login_name;
	$sessionId = session_id();
	$query = "UPDATE users SET sid = '$sessionId' WHERE login_name = '$_SESSION[login_name]'";
	@mysql_query($query) or die("Unable to execute $query query: " . mysql_error());
	header("Location:./member/display.php?user=$_SESSION[login_name]&sid=$sessionId");
}
else
{
	header("Location: relogin.php");
}
?>
display.php

Code: Select all

<?php 
session_start();
header("Cache-control: private");
$login_name = $_SESSION['login_name'];
if(!isset($login_name))
{
	echo "Session not stored";
}
else
{
	echo "Session stored and the session is: $login_name";
}
?>
php.ini

Code: Select all

[Session]
; Handler used to store/retrieve data.
session.save_handler = files

; Argument passed to save_handler.  In the case of files, this is the path
; where data files are stored. Note: Windows users have to change this 
; variable in order to use PHP's session functions.
session.save_path = /tmp

; Whether to use cookies.
session.use_cookies = 1

; This option enables administrators to make their users invulnerable to 
; attacks which involve passing session ids in URLs; defaults to 0.
; session.use_only_cookies = 1

; Name of the session (used as cookie name).
session.name = PHPSESSID

; Initialize session on request startup.
session.auto_start = 0

; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_lifetime = 0

; The path for which the cookie is valid.
session.cookie_path = /

; The domain for which the cookie is valid.
session.cookie_domain =

; Handler used to serialize data.  php is the standard serializer of PHP.
session.serialize_handler = php

; Define the probability that the 'garbage collection' process is started
; on every session initialization.
; The probability is calculated by using gc_probability/gc_divisor,
; e.g. 1/100 means there is a 1% chance that the GC process starts
; on each request.

session.gc_probability = 1
session.gc_divisor     = 1000

; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
session.gc_maxlifetime = 1440

; PHP 4.2 and less have an undocumented feature/bug that allows you to
; to initialize a session variable in the global scope, albeit register_globals
; is disabled.  PHP 4.3 and later will warn you, if this feature is used.
; You can disable the feature and the warning separately. At this time,
; the warning is only displayed, if bug_compat_42 is enabled.

session.bug_compat_42 = 0
session.bug_compat_warn = 1

; Check HTTP Referer to invalidate externally stored URLs containing ids.
; HTTP_REFERER has to contain this substring for the session to be
; considered as valid.
session.referer_check =

; How many bytes to read from the file.
session.entropy_length = 0

; Specified here to create the session id.
session.entropy_file =

;session.entropy_length = 16

;session.entropy_file = /dev/urandom

; Set to {nocache,private,public,} to determine HTTP caching aspects.
; or leave this empty to avoid sending anti-caching headers.
session.cache_limiter = nocache

; Document expires after n minutes.
session.cache_expire = 180

; trans sid support is disabled by default.
; Use of trans sid may risk your users security.
; Use this option with caution.
; - User may send URL contains active session ID
;   to other person via. email/irc/etc.
; - URL that contains active session ID may be stored
;   in publically accessible computer. 
; - User may access your site with the same session ID
;   always using URL stored in browser's history or bookmarks.
session.use_trans_sid = 0

; The URL rewriter will look for URLs in a defined set of HTML tags.
; form/fieldset are special; if you include them here, the rewriter will
; add a hidden <input> field with the info which is otherwise appended
; to URLs.  If you want XHTML conformity, remove the form entry.
; Note that all valid entries require a "=", even if no value follows.
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
Thanks,
pkmleo

Posted: Fri Sep 01, 2006 6:57 am
by Jenk
for your second page, you should change to

Code: Select all

<?php 
session_start(); 
header("Cache-control: private"); 

if(!isset($_SESSION['login_name'])) 
{ 
        echo "Session not stored"; 
} 
else 
{ 
        echo "Session stored and the session is: $login_name"; 
} 
?>
also note the removal of the whitespace before the <?php as that will prevent session_start(); from working.