Page 1 of 1

Working with sessions

Posted: Mon Jun 04, 2007 12:46 pm
by AvalonMel
We've just set up PHP on our new web server however I can't seem to get sessions working properly. The session ID gets created and carried over from page to page but the variables seem to get wiped out. Does this sound like a configuration thing or a code thing?

verifyuser.php

Code: Select all

<?php
session_start();
// Report simple running errors
error_reporting  (E_ERROR | E_WARNING | E_PARSE);

$username = $_POST['username'];
$password = $_POST['password'];

$db_name = "CurtisDawe";
$table_name = "curtisdawe_admin";

$connection = @mysql_connect("localhost", "root", "pw") or die("Couldn't connect.");
$db = @mysql_select_db($db_name, $connection) or die("Couldn't select database.");
$sql = "SELECT USERNAME, PASSWORD From $table_name WHERE username = \"$username\" AND password = \"$password\"";

$result = @mysql_query($sql,$connection) or die("Couldn't execute query.");
$num = mysql_num_rows($result);	

If ($num > 0)
	{
	$_SESSION['loggedin'] = true;
	header("Location: menu.php");
	exit;
	}
	
else
	{
	header("Location: index.php");
	exit;
	}
?>
menu.php

Code: Select all

<?php
session_start();
// Report simple running errors
error_reporting  (E_ERROR | E_WARNING | E_PARSE);

print "Your session ID is: " . session_id();
if($_SESSION['loggedin']) echo "Logged in";
else echo "Not logged in";
The menu.php page print a session id but always printed "Not logged in" despite the var having been set to true in the verifyuser.php page. I've inherited most of this code but have been hacking away at it most of today trying to get it to work. Any ideas??

Re: Working with sessions

Posted: Mon Jun 04, 2007 1:06 pm
by maliskoleather
it appears to me that it isnt setting the session variable. I'd do a

Code: Select all

echo $_SESSION['loggedin'];
on your menu.php page, and see what is output.
You may also want to change

Code: Select all

if($_SESSION['loggedin']) echo "Logged in";
to

Code: Select all

if($_SESSION['loggedin'] == TRUE) echo "Logged in";
on another note, i'd change

Code: Select all

If ($num > 0)
	{
to

Code: Select all

If ($num === 1)
	{
becuase if for some reason the database returns more than one result, you probably dont want them logging in, because you dont know which account/user it really is. (the possibilities of this happening are slim to none, but better safe than sorry)

Posted: Mon Jun 04, 2007 1:08 pm
by RobertGonzalez
When you say the session id is carried from page to page, do you mean that the session id is being passed by the query string? Are there any cookies being set?

Posted: Mon Jun 04, 2007 1:27 pm
by AvalonMel
I'm not explicitly passing through a query and I haven't set any cookies. This turned out to be a permissions problem with the temp folder where the sessions are stored. *facepalm*

Posted: Mon Jun 04, 2007 1:30 pm
by RobertGonzalez
Glad you got it sorted out.

Posted: Mon Jun 04, 2007 5:44 pm
by feyd
Don't ignore notices, fix the problems.

It is resolved?

Posted: Thu Jun 14, 2007 9:27 pm
by rozvinbm_jp
I cannot find the resolution for this post?

Please teach me.

rozvin
student
Shizuoka-ken, Fuji-shi, Japan

Posted: Fri Jun 15, 2007 10:55 am
by RobertGonzalez
@ rozvinbm_jp: START YOUR OWN THREAD PLEASE.