Page 1 of 1

Problems passing the session ID

Posted: Mon Jan 14, 2008 11:36 am
by fradal
Hi all,

I'm :banghead: with this problem for a week and I really cannot understand how to solve it!

I've got a login script that works like that

Code: Select all

 
<?
session_name("utente");
session_start();
 
#now check if $_POST['username'] and $_POST['password'] are valid, then
 
$_SESSION['userid'] = $userid; #$userid comes from the database
 
# ok, let's go back
?>
<html><head><META HTTP-EQUIV="refresh" content="0;URL=<?= $_SERVER['HTTP_REFERER'] ?>"><body><center><big>Login OK</big></center></body></html>
 
The problem is that $_SESSION, in the second page, is empty and I cannot understand why.

I'm using PHP 5.2.1, configured with --enable-trans-sid
10 days ago it was working, I didn't make any changes to the php configuration, nor to the script and now it is not working

Can you help me figuring out what's wrong?

PS. Sorry for my bad english

Many thanks


Francesco


-----------
I think more information can help me, you and everyone that will read this post in the future

Trying to understand this problem I've made a few changes, and the working script looks like that

Code: Select all

 
<?
session_start();
 
#now check if $_POST['username'] and $_POST['password'] are valid, then
 
$_SESSION['userid'] = $userid; #$userid comes from the database
 
# ok, let's go back
?>
<html><head><META HTTP-EQUIV="refresh" content="0;URL=<?= $_SERVER['HTTP_REFERER'] ?>?<?php echo htmlspecialchars(SID);?>"><body><center><big>Login OK</big></center></body></html>
 
Passing the SID via GET all is working fine.

(Obviously, my costumer don't like the SID appended to all the urls of the site! :cry: )
---------------

Re: Problems passing the session ID

Posted: Mon Jan 14, 2008 11:48 am
by Kieran Huggins
session_start() should be the first thing you do, since it wants to send headers. Make sure there's NOTHING before that line in your script, not even white space!

Re: Problems passing the session ID

Posted: Mon Jan 14, 2008 11:54 am
by fradal
Thank you for the reply Kieran Huggins

There's nothing before session_start (a part from session_name), and I'm absolutely sure because adding the sid to the url sessions are working properly