Page 1 of 1
Sessions not being transmitted across web pages
Posted: Fri Jan 30, 2009 5:33 am
by smixcer
Pls I have a problem on my hand.
MY site uses database to implement sessions.
When a user logs in a session is created by attaching the users id to a $_SESSION['id'] variable.
Navigating along some pages, the session goes perfectly well but once i hit some other pages i loose that session and cant track who is logged on.
the code i have in the header section of my pages where i loose the session is listed below:
<?php
ob_start
include(functions file);
include(sessions class);
session = new (sessionclass);
check if user is a valid user using his status in the database
if no redirect him to index page;
?>
Thats just how simple the code snippet idea is yet it redirects a user even when his status is valid to the index page and logs him out automatically (by destroying his session).
Please its getting me crazy and my head is losing its hairs.
Help me out
Re: Sessions not being transmitted across web pages
Posted: Fri Jan 30, 2009 8:03 am
by kaisellgren
We would need to see your session class and "check if user is a valid user using his status in the database".
Re: Sessions not being transmitted across web pages
Posted: Mon Feb 02, 2009 3:35 am
by smixcer
Thanks for your reply.
The session class is this code snippet below stored in a class.dbsession.php file
class dbSession
{
/**
* Constructor of class
*
* Initializes the class and starts a new session
*
* There is no need to call start_session() after instantiating this class
*
* @param integer $gc_maxlifetime the number of seconds after which data will be seen as 'garbage' and
* cleaned up on the next run of the gc (garbage collection) routine
*
* Default is specified in php.ini file
*
* @param integer $gc_probability used in conjunction with gc_divisor, is used to manage probability that
* the gc routine is started. the probability is expressed by the formula
*
* probability = $gc_probability / $gc_divisor
*
* So if $gc_probability is 1 and $gc_divisor is 100 means that there is
* a 1% chance the the gc routine will be called on each request
*
* Default is specified in php.ini file
*
* @param integer $gc_divisor used in conjunction with gc_probability, is used to manage probability
* that the gc routine is started. the probability is expressed by the formula
*
* probability = $gc_probability / $gc_divisor
*
* So if $gc_probability is 1 and $gc_divisor is 100 means that there is
* a 1% chance the the gc routine will be called on each request
*
* Default is specified in php.ini file
*
* @return void
*/
function dbSession($gc_maxlifetime = "", $gc_probability = "", $gc_divisor = "")
{
// if $gc_maxlifetime is specified and is an integer number
if ($gc_maxlifetime != "" && is_integer($gc_maxlifetime)) {
// set the new value
@ini_set('session.gc_maxlifetime', $gc_maxlifetime);
}
// if $gc_probability is specified and is an integer number
if ($gc_probability != "" && is_integer($gc_probability)) {
// set the new value
@ini_set('session.gc_probability', $gc_probability);
}
// if $gc_divisor is specified and is an integer number
if ($gc_divisor != "" && is_integer($gc_divisor)) {
// set the new value
@ini_set('session.gc_divisor', $gc_divisor);
}
// get session lifetime
$this->sessionLifetime = ini_get("session.gc_maxlifetime");
// register the new handler
require_once("sesshand.php");
register_shutdown_function('session_write_close');
// start the session
session_start();
}
/**
* Deletes all data related to the session
*
* @return void
*/
function stop()
{
$this->regenerate_id();
session_unset();
session_destroy();
}
/**
* Regenerates the session id.
*
* <b>Call this method whenever you do a privilege change!</b>
*
* @return void
*/
function regenerate_id()
{
// saves the old session's id
$oldSessionID = session_id();
// regenerates the id
// this function will create a new session, with a new id and containing the data from the old session
// but will not delete the old session
session_regenerate_id();
// because the session_regenerate_id() function does not delete the old session,
// we have to delete it manually
$this->destroy($oldSessionID);
}
/**
* Get the number of online users
*
* This is not 100% accurate. It depends on how often the garbage collector is run
*
* @return integer approximate number of users currently online
*/
function get_users_online()
{
// counts the rows from the database
$result = @mysql_fetch_assoc(@mysql_query("
SELECT
COUNT(session_id) as count
FROM session_data
"));
// return the number of found rows
return $result["count"];
}
/**
* Custom open() function
*
* @access private
*/
function open($save_path, $session_name)
{
return true;
}
/**
* Custom close() function
*
* @access private
*/
function close()
{
return true;
}
/**
* Custom read() function
*
* @access private
*/
function read($session_id)
{
// reads session data associated with the session id
// but only if the HTTP_USER_AGENT is the same as the one who had previously written to this session
// and if session has not expired
$result = @mysql_query("
SELECT
session_data
FROM
session_data
WHERE
session_id = '".$session_id."' AND
http_user_agent = '".$_SERVER["HTTP_USER_AGENT"]."' AND
session_expire > '".time()."'
");
// if anything was found
if (is_resource($result) && @mysql_num_rows($result) > 0) {
// return found data
$fields = @mysql_fetch_assoc($result);
// don't bother with the unserialization - PHP handles this automatically
return $fields["session_data"];
}
// if there was an error return an empty string - this HAS to be an empty string
return "";
}
/**
* Custom write() function
*
* @access private
*/
function write($session_id, $session_data)
{
// first checks if there is a session with this id
$result = @mysql_query("
SELECT
*
FROM
session_data
WHERE
session_id = '".$session_id."'
");
// if there is
if (@mysql_num_rows($result) > 0) {
// update the existing session's data
// and set new expiry time
$result = @mysql_query("
UPDATE
session_data
SET
session_data = '".$session_data."',
session_expire = '".(time() + $this->sessionLifetime)."'
WHERE
session_id = '".$session_id."'
");
// if anything happened
if (@mysql_affected_rows()) {
// return true
return true;
}
// if this session id is not in the database
} else {
// insert a new record
$result = @mysql_query("
INSERT INTO
session_data
(
session_id,
http_user_agent,
session_data,
session_expire
)
VALUES
(
'".$session_id."',
'".$_SERVER["HTTP_USER_AGENT"]."',
'".$session_data."',
'".(time() + $this->sessionLifetime)."'
)
");
// if anything happened
if (@mysql_affected_rows()) {
// return an empty string
return "";
}
}
// if something went wrong, return false
return false;
}
/**
* Custom destroy() function
*
* @access private
*/
function destroy($session_id)
{
// deletes the current session id from the database
$result = @mysql_query("
DELETE FROM
session_data
WHERE
session_id = '".$session_id."'
");
// if anything happened
if (@mysql_affected_rows()) {
// return true
return true;
}
// if something went wrong, return false
return false;
}
/**
* Custom gc() function (garbage collector)
*
* @access private
*/
function gc($maxlifetime)
{
// it deletes expired sessions from database
$result = @mysql_query("
DELETE FROM
session_data
WHERE
session_expire < '".(time() - $maxlifetime)."'
");
}
}
in the files making use of the session the following below is placed in the header section of the files
ob_start();
//include 'session.inc';
require "class.dbsession.php";
$session = new dbsession();