Page 1 of 1

sessions not working for some users

Posted: Thu Mar 29, 2007 4:42 am
by hame22
Hi

I use sessions for my user authentication. This works perfectly fine on my machine however a number of users are being randomly "logged" out of the site when they navigate pages.

My login script is below - any ideas as to why this is happening and how it can be solved?

Thanks in adavance

Code: Select all

function login($username, $password)
{
	global $SITE_PATH;
	
	if(isset($_SESSION['valid_user']))
	{
		$login = 'Y';
		
		//$_SESSION['valid_user']	=	$member_id;
		$member_id = $_SESSION['valid_user'];
					
		$row 				= member_query($member_id);
		$last_login 			= $row['last_login'];
		$firstname			= $row['firstname'];
		$surname				= $row['surname'];
		$digest_format			= $row['digest_format'];
		
		if(empty($firstname) || empty($surname) || empty($digest_format))
				{
					//if first login or user has not completed details redirect to their account page
					if($_SERVER['REQUEST_URI'] != "/accounts/change-details.php?member_id=$member_id")
					{
						//only redirect if they are not on that page at present
						header('location: '.$SITE_PATH.'accounts/change-details.php?member_id='.$member_id.'');
					}
				}
		}
	else {
		if ($username && $password)
		{
			//they have tried to login in
			if (login_query($username, $password))
			{
				$member_id 		= get_memberid_query($username);
				$_SESSION['valid_user']	=	$member_id;
				
				
				$row 					= member_query($_SESSION['valid_user']);
				$last_login 			= $row['last_login'];
				$firstname				= $row['firstname'];
				$surname				= $row['surname'];
				$digest_format			= $row['digest_format'];
								
				update_lastlogin_query($member_id); //update when member last logged in
				
				if(empty($last_login) || empty($firstname) || empty($surname) ||  empty($digest_format))
				{
					//if first login or user has not completed details redirect to their account page
					if($_SERVER['REQUEST_URI'] != "/accounts/change-details.php?member_id=$member_id")
					{
						//only redirect if they are not on that page at present
						header('location: '.$SITE_PATH.'accounts/change-details.php?member_id='.$member_id.'');
					}
				}
				$login = 'Y';
			}
			else {
				//unsuccessful login
				//print '<p>You could not be logged in</p>';
				//return false;
				$login = 'N';
			}
		}	
	}
	return $login;
}

Posted: Thu Mar 29, 2007 7:44 am
by Benjamin
Your code is a bit messy. Without seriously looking at it, do you think that perhaps one of these could be evaluating to false?

Code: Select all

if(empty($firstname) || empty($surname) || empty($digest_format))

Posted: Thu Mar 29, 2007 8:01 am
by hame22
i dont think it is that,

the user can login fine and move around the pages of the site. However on random pages the script does not pick up the user session so it appears that they are logged out.

I have used session_start(); on each of my pages