Page 1 of 1

PHP Session Not Saving?

Posted: Sun Mar 01, 2009 1:20 pm
by Ek0nomik
Here is my processLogin.php page which processes the login information:

Code: Select all

<?php
require_once("clsUser.php");
require_once("clsUserDB.php");
 
$strUsername = $_POST['txtUsername'];
$strPassword = $_POST['txtPassword'];
 
#creating the database object.
$objUserDB = new clsUserDB;
 
#creating a user object, and setting it equal to the object returned by the function GetUserData.
$objUser = $objUserDB->GetUserData($strUsername);
 
if ($objUser->getPassword() == md5($strPassword)) {
    
    #starts a session for the user.
    [b]session_start();[/b]
 
    #sets a session variable called username equal to the username they used to login.
    [b]$_SESSION['username'] = $objUser->getUsername();[/b]
    
    #redirect the user to the index page.
    header('Location: index.php');
    exit;
}
 
?>
Then, my simple test.php page to see if the Session is working:

Code: Select all

<?php
session_start();
echo $_SESSION['username'];
?>
Note: I also tried removing session_start() from the test.php page, but that didn't get the session variable to display correctly.

Nothing is getting displayed on the test page. I have used

Code: Select all

echo $_SESSION['username'];
on my processLogin.php page, and it displayed the information correctly. However, it seems as though the session variable is only being set for that one page view, as once I move away from the page it isn't being saved. I currently believe this is a web host problem, as I don't see anything wrong with my code. But, perhaps someone here can spot something?

Thanks!

Re: PHP Session Not Saving?

Posted: Sun Mar 01, 2009 2:47 pm
by php_east
You are missing a crucial part.

the session ID (PHPSESSID) or its sister SID must be sent from your browser to your test page in order for your test page to recognise the access as being of the same session ( and hence the same user etc.), and will then present to you with the session values. Otherwise, session is null and when you do a new start() in your test page, it is of course a fresh new session without user data.

This is done via a $_GET i.e. http://www.mysite.com/test.php?PHPSESSID=XXXXXXXXXXXXXX
format. ( automatically done by PHP for the links ). They call it magic.

Alternatively, you may use cookies, which is much better and cleaner, which will present SID in cookie form, which eliminates the need to include SID in the overhead access $_GET.
You access is then simply http://www.mysite.com/test.php, PHPSESSID is sent in the header text and not normally displayed in browser.

CXLVII. Session Handling Functions from the PHP Manual is a good read.

so you need to check if this functionality is done by either of the classes you invoked,
i.e.

# require_once("clsUser.php");
# require_once("clsUserDB.php");

if not then you have to add it in, else you will not have a proper session handling, only user db handling.

p/s it isn't yet a webhost problem. don't go running after them, they will just probably just laugh. if they have session handling issues the entire server will be affected.

Re: PHP Session Not Saving?

Posted: Sun Mar 01, 2009 3:46 pm
by watson516
You don't need to supply the session id. I never do. Might be bad coding practices but it works.

As for the problem. Maybe the session works and its the assigning of the value that doesn't. Does your function return a value when you assign the session variable? Have you checked it by simply echoing it?

Re: PHP Session Not Saving?

Posted: Sun Mar 01, 2009 5:58 pm
by Ek0nomik
watson516 wrote:You don't need to supply the session id. I never do. Might be bad coding practices but it works.

As for the problem. Maybe the session works and its the assigning of the value that doesn't. Does your function return a value when you assign the session variable? Have you checked it by simply echoing it?
My function returns a value, I've tested that.
php_east wrote:You are missing a crucial part.

the session ID (PHPSESSID) or its sister SID must be sent from your browser to your test page in order for your test page to recognise the access as being of the same session ( and hence the same user etc.), and will then present to you with the session values. Otherwise, session is null and when you do a new start() in your test page, it is of course a fresh new session without user data.

This is done via a $_GET i.e. http://www.mysite.com/test.php?PHPSESSID=XXXXXXXXXXXXXX
format. ( automatically done by PHP for the links ). They call it magic.

Alternatively, you may use cookies, which is much better and cleaner, which will present SID in cookie form, which eliminates the need to include SID in the overhead access $_GET.
You access is then simply http://www.mysite.com/test.php, PHPSESSID is sent in the header text and not normally displayed in browser.

CXLVII. Session Handling Functions from the PHP Manual is a good read.

so you need to check if this functionality is done by either of the classes you invoked,
i.e.

# require_once("clsUser.php");
# require_once("clsUserDB.php");

if not then you have to add it in, else you will not have a proper session handling, only user db handling.

p/s it isn't yet a webhost problem. don't go running after them, they will just probably just laugh. if they have session handling issues the entire server will be affected.
I understand how Sessions work, and I'd like to go down the route of using cookies. You are saying that right now a cookie is not being set so I have no way of identifying a user to a particular session?

Is there a good example that you can provide of how to set the cookie and manage session data related to the SID?

Re: PHP Session Not Saving?

Posted: Sun Mar 01, 2009 7:04 pm
by Ek0nomik
Here is a simplified example of my session variable testing:

test.php:

Code: Select all

<?php
session_start();
$_SESSION['x'] = foo;
echo $_SESSION['x'];
?>
test2.php:

Code: Select all

<?php
echo $_SESSION['x'];
?>
test.php sets the session variable x, equal to foo. It then echoes the session variable properly on the screen.

test2.php displays nothing on the screen.

It's as if the session variable is only alive during the processing of the one page. Any ideas?

Thanks!

Re: PHP Session Not Saving?

Posted: Mon Mar 02, 2009 1:37 pm
by php_east
Ek0nomik wrote: I understand how Sessions work, and I'd like to go down the route of using cookies. You are saying that right now a cookie is not being set so I have no way of identifying a user to a particular session?
i would not know you are familair with session as such. i did not want to assume so.
what i am saying is that one normally assumes the cookies work behind the curtains and assumes that there is no need to send SID, but in fact, SID must always be sent, either by cookie or by $_GET for session based handling. how else would the server know of what session ID the particular request is coming from ?

so yes, that's what i'm saying. there are three parts to the equation, one is that cookies are not sent from server to client. the other is the reverse and finally no cookies at all. your situation could be either one of the three.

you don't see SID in the URLs nowdays simpy because all browsers support cookies and usually have them on. Just login to any site that handles session and turn your cookies off, and you will be asked to login again, verifying that the session cookies are needed.
Ek0nomik wrote: Is there a good example that you can provide of how to set the cookie and manage session data related to the SID?
not from the top of my head, but i do know that you can check the headers sent by the browser and server to see if the cookie info is sent. also what you can check is if the php ini settings in the server do specifically instruct cookie usage. if the server does not do so, cookies will not be used (am referring to session cookies, which is special ) and thus you loose track of the incoming sessions even if they are started. what i do is i use FireFox and display the session cookies to verify it. easy.

can't think of anything else that would prevent your test2.php from recognising the current session as being of the same id as the previous session, making it restore the previous values.

Re: PHP Session Not Saving?

Posted: Mon Mar 02, 2009 1:41 pm
by php_east
watson516 wrote:You don't need to supply the session id. I never do. Might be bad coding practices but it works.
nah, of course you do ! it is how you supply it that differs.
it's nothing to do with coding practices. it's not coding, it's protocol. :drunk: