[web] session data being dropped(almost figured it out)[php]
Hello,
All my session data is being dropped from the $_SESSION global var, in other words, some pages can't access data set in the variable from other pages. Do all pages need a session_start() function at the beginning, or just ones that use session data?
Thanks for any help[smile],
exorcist_bob
[Edited by - exorcist_bob on January 9, 2007 5:38:29 PM]
Only the one's that use session data should need session_start(). PHP sessions use session cookies to store a session identifyer. Are you sure that you have cookies properly enabled?
Yes, all pages which want to read or write session data must call session_start(). I recommend that for convenience, you do this in all pages.
You can write a function which sets whatever options are desired (using ini_set), then calls session_start. Call this function in some common header file, thus causing it to be executed everywhere.
Common problems with sessions are:
- If you're using query strings to transport the session ID, many bad things could happen. Just don't. Set session.use_only_cookies
- If you're using cookies, ensure that all your pages are served from one and exactly one domain name - remember that www.example.com and example.com are different names!
- If set, ensure that the cookie domain and path are correct (hint: It's generally easier not to specify them)
- URL canonicalisation is a very good idea - have *exactly* one URL for every page, and don't let people get it by any other URL (Either redirect or give them an error if they use the wrong one).
Make sure that PHP is recording errors, even ones which happen during page startup - check that there are none.
Does this error happen in development and production or just in production?
Mark
You can write a function which sets whatever options are desired (using ini_set), then calls session_start. Call this function in some common header file, thus causing it to be executed everywhere.
Common problems with sessions are:
- If you're using query strings to transport the session ID, many bad things could happen. Just don't. Set session.use_only_cookies
- If you're using cookies, ensure that all your pages are served from one and exactly one domain name - remember that www.example.com and example.com are different names!
- If set, ensure that the cookie domain and path are correct (hint: It's generally easier not to specify them)
- URL canonicalisation is a very good idea - have *exactly* one URL for every page, and don't let people get it by any other URL (Either redirect or give them an error if they use the wrong one).
Make sure that PHP is recording errors, even ones which happen during page startup - check that there are none.
Does this error happen in development and production or just in production?
Mark
Also, make sure session_start() is before any text goes out. not just the first line of php, but the first of ANYthing. even before the <html> tag at the top.
Edit:
Also, make sure you use a browser (may need to get a plugin etc) that can monitor all the HTTP headers. This may show that every time your session vars are dropped, it's because it sent out a different sessionid for the cookie. That might be due to one of the reasons mentioned above.
Edit:
Also, make sure you use a browser (may need to get a plugin etc) that can monitor all the HTTP headers. This may show that every time your session vars are dropped, it's because it sent out a different sessionid for the cookie. That might be due to one of the reasons mentioned above.
Quote:Original post by trapdoor
Also, make sure session_start() is before any text goes out. not just the first line of php, but the first of ANYthing. even before the <html> tag at the top.
Or worse, because you added an accidebtal newline or space after the ?> of an include file. The simplest and fasterst way to deal with those are to use output buffers (see ob_start() on php.net) that will capture all output.
Hello,
Thanks for the speedy replies, but I still cannot seem to get it to work.
Here is one of the modules which writes the session data:
And here is one of the modules that reads the data:
The first three lines of each were what I did in response to the previous discussion.
Thanks for any assistance[smile],
exorcist_bob
Thanks for the speedy replies, but I still cannot seem to get it to work.
Here is one of the modules which writes the session data:
<?php session_start();?><?xml version="1.0"?><!doctype html public "-//w3c//dtd xhtml 1.0 frameset//en" "http://www.w3.org/tr/xhtml1/dtd/xhtml1-frameset.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <link rel=stylesheet href="center.css" type="text/css"> </head> <script language="javascript"> function LoadURL(URL) { parent.sidebar.location = URL; }; function LoadCenter(URL) { parent.center.location = URL; }; </script> <body leftmargin=0 topmargin=0 background="../images/gradient.png"> <h1> Home </h1> <?php include 'config.php'; $con = mysql_connect($dbhost,$dbuser,$dbpass); if (!$con) { die('Error Could Not Connect: '.mysql_error().'<br>'); }; mysql_select_db($dbname) or die('!!!Error Cannot Select Database '.$dbname.'<br>'); $username = $_POST['username']; $password = $_POST['password']; $query = "SELECT * from userdb"; $result = mysql_query($query); if(!result) { die('Error in FROM query: ' . mysql_error().'<br>'); }; $num = mysql_numrows($result); $i=0; $worked = false; while ($i < $num) { $dbusername = mysql_result($result, $i, "username"); $dbpassword = mysql_result($result, $i, "password"); $dbisbuyer = mysql_result($result, $i, "isbuyer"); $dbisseller = mysql_result($result, $i, "isseller"); $dbisadmin = mysql_result($result, $i, "isadmin"); if(($dbusername == $username) && ($dbpassword == $password) && ($dbisbuyer == '1')) { if($dbisbuyer == '1') $_SESSION['buyer'] = true; if($dbisseller == '1') $_SESSION['seller'] = true; if($dbisadmin == '1') $_SESSION['admin'] = true; $_SESSION['username'] = $dbusername; $_SESSION['isloggedin'] = true; $worked = true; break; }; $i++; } if($worked == true) echo "<script language='javascript'>javascript:LoadCenter('../Valid Password.html')</script>"; else echo "<script language='javascript'>javascript:LoadCenter('../Invalid Password.html')</script>"; echo $_SESSION['username']; mysql_close($con); ?> </body></html>
And here is one of the modules that reads the data:
<?php session_start();?><?xml version="1.0"?><!doctype html public "-//w3c//dtd xhtml 1.0 frameset//en" "http://www.w3.org/tr/xhtml1/dtd/xhtml1-frameset.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <link rel=stylesheet href="../center.css" type="text/css"> </head> <script language="javascript"> function LoadURL(URL) { parent.sidebar.location = URL; }; </script> <body leftmargin=0 topmargin=0 background="../images/gradient.png"> <h1> Buyers </h1> <?php if(isset($_SESSION['isloggedin'])) echo 'You are logged in, '.$_SESSION['username']; else echo 'You are not logged in '.$_SESSION['username']; echo $_SESSION['isloggedin']; ?> <script language="javascript">javascript:LoadURL('../Buyer Sidebar.html')</script> </body></html>
The first three lines of each were what I did in response to the previous discussion.
Thanks for any assistance[smile],
exorcist_bob
Quote:Original post by markr
Yes, all pages which want to read or write session data must call session_start(). I recommend that for convenience, you do this in all pages.
You can write a function which sets whatever options are desired (using ini_set), then calls session_start. Call this function in some common header file, thus causing it to be executed everywhere.
Common problems with sessions are:
- If you're using query strings to transport the session ID, many bad things could happen. Just don't. Set session.use_only_cookies
- If you're using cookies, ensure that all your pages are served from one and exactly one domain name - remember that www.example.com and example.com are different names!
- If set, ensure that the cookie domain and path are correct (hint: It's generally easier not to specify them)
- URL canonicalization is a very good idea - have *exactly* one URL for every page, and don't let people get it by any other URL (Either redirect or give them an error if they use the wrong one).
Make sure that PHP is recording errors, even ones which happen during page startup - check that there are none.
Does this error happen in development and production or just in production?
Mark
1)I'm not. How can I set session.use_only_cookies?
2)Right now, I'm using http://localhost/.
3)What do you mean?
4)Does it matter that the page is inside an iframe? Every page is unique.
How can I check/set that?
Right now, only in production. Might have to do with the domain name being http://localhost/.
Hello,
How can I create a global variable that won't be reinitialized every time I include a file that declares it with new?
I want to use the following routine to store session data, which actually works, but I want the session variable to be accessible throughout all the modules that include it.
EDIT: I request this because I want to do away with the setcookie() call.
Thank for any help,
exorcist_bob
How can I create a global variable that won't be reinitialized every time I include a file that declares it with new?
I want to use the following routine to store session data, which actually works, but I want the session variable to be accessible throughout all the modules that include it.
<?php include 'config.php'; class Session { function CreateID() { $time = time(); $ip = $_SERVER["REMOTE_ADDR"]; $agent = $_SERVER["HTTP_USER_AGENT"]; $md5 = md5($time.$ip.$agent); setcookie("SClass", $md5); return($md5); } function GetID() { $md5 = $_COOKIE['SClass']; return($md5); } function Start() { $id = $this->GetID(); if (!$id) { $id = $this->CreateID(); } } function GetFile() { $file = $this->GetID(); $file .= ".ssn"; $file = $sessionroot.$file; return($file); } function SetData($data) { $file = $this->GetFile(); $fs = @fopen($file, w); if ($fs) { fwrite($fs, $data); fclose($fs);} if (!$fs) { return(FALSE); } } function GetData() { $file = $this->GetFile(); $fs = @fopen($file, 'r'); if ($fs) { $data = fread($fs, filesize($file)); fclose($fs); return $data; } if (!$fs) { return(FALSE); } } function SetKey($key, $value) { $data = $this->GetData(); $data = base64_decode($data); $array = unserialize($data); $array["$key"] = $value; $newdata = serialize($array); $newdata = base64_encode($newdata); $this->SetData($newdata); } function GetKey($key) { $data = $this->GetData(); $data = base64_decode($data); $array = unserialize($data); return($array[$key]); } };?>
EDIT: I request this because I want to do away with the setcookie() call.
Thank for any help,
exorcist_bob
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement