session.use_trans_sid = 1 in my php.ini file. Index.php contains:
----------------------------------------------------------------------------
<?php
ini_set("session.use_cookies", "off");
ini_set("session.use_trans_sid", "on");
session_start();
$_SESSION['entered_username'] = "";
$_SESSION['login'] = "";
echo "<form method='POST' action='login.php'>
Username:</b>
<input type='text' name='username'
<b>Password:</b>
<input type='password' name='password'
<input type='submit' value='Login'><b>Not a member?</b> Sign up <a
href='register.html'>here</a>
<b>Forgotten your password?</b> <a href='password_reminder.php'>Click
here</a> to have it e-mailed to you.
</form>";
?>
----------------------------------------------------------------------------
Viewing source from browser reveals:
----------------------------------------------------------------------------
<html>
<head>
<title>Welcome</title>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1"></head>
<form method='POST' action='login.php'>
<b>Username:</b>
<input type='text' name='username'>
<b>Password</b>
<input type='password' name='password'>
<input type='submit' value='Login'>
<b>Not a member?</b> Sign up <a href='register.html'>here</a>
<b>Forgotten your password?</b> <a href='password_reminder.php'>Click
here</a> to have it e-mailed to you.
</form><H1>Header 1</H1>
<H2>Text about something</H2>
</map>
</body>
</html>
----------------------------------------------------------------------------
As you can see, no hidden field. I'm not sure what I've done wrong here. The
PHP on the login page contains session_start(); at the beginning, as does
member.php but on the member.php page, I get: Notice: Undefined index:
login in C:\Web\member.php on line 12
Line 12 contains the following:
----------------------------------------------------------------------------
if ($_SESSION['login'] != 'yes')
{
echo "You haven't logged on!<p>
<a href='index.php'>Click Here</a> to return to the login page";
exit();
}
----------------------------------------------------------------------------
$_SESSION['login'] isn't being passed even though it was set
in login.php using the following:
----------------------------------------------------------------------------
if(mysql_num_rows($result) == 1)
{
$_SESSION['entered_username'] = $_POST['username'];
$_SESSION['login'] = 'yes';
header('refresh: 3; url=member.php');
echo "<h2><center>You have been validated. Please wait, logging you in. .
..</h2><br>
<center>If your browser doesn't support redirection and you're still here in
3 seconds, <a href='member.php'>click here</a></center>";
}
----------------------------------------------------------------------------
The $_SESSION data is available if I use mysql_fetch_array as I used below
to get $entered_username from the $_SESSION array, but can I use something
like this to extract the ['login'] variable from the array and then test it?
----------------------------------------------------------------------------
$query="SELECT firstname, lastname from $Table WHERE
username='$entered_username'";
$result=mysql_query($query)
or die(mysql_error());
while($row = mysql_fetch_array($result))
{
echo "<b>Welcome ". $row['firstname'] . ' ' . $row['lastname'] . '</b>';
}
----------------------------------------------------------------------------
Am I right in thinking that I should be setting the $_SESSIONs up on the
index.php page? I have read that this is the correct way to do it and I
can't personally see anything wrong with doing it this way.
This problem has turned into a bit of a quest as I have spent so long trying
to get it to work! I could just surrender and tell users that they will have
to use cookies but I really want to know why this doesn't work.
Thanks for any help you can offer.
----------------------------------------------------------------------------
Shouldn't, unless your host has session.auto_start on.
--
--
Peter James
Editor-in-Chief, php|architect Magazine
pe***@phparch.com
php|architect
The Magazine for PHP Professionals
http://www.phparch.com
"Paul" <Pa**@here.com> wrote in message
news:bh**********@hercules.btinternet.com...
1 last question (promise!!) I've just been looking up ini_set at php.net.
Thats pretty cool how you can temporarily change php settings. At present I am writing my webpage on my local machine but in time will upload it to my
host. My question is, if session.use_cookies and session.use_trans_sid are
enabled on the server and I enter ini_set("session.use_cookies", "off"); and ini_set("session.use_trans_sid", "on"); on the top of each of my web pages, will it have any unexpected effects?
Thanks again.
"Paul" <Pa**@here.com> wrote in message
news:bh**********@titan.btinternet.com...Thats slightly overcast with a strong chance of some sunshine later :-)
That kinda cleared things up. Time, error and play will help me figure outexactly whats happening but I get the jist of it now.
Thanks for your help.
"Peter James" <pe***@shaman.ca> wrote in message
news:vj***********@corp.supernews.com...If you have access to the php.ini file, then set these session.use_cookies and session.use_trans_sid values in the php.ini file.
auto_start means that a session is started every time... it is very common to leave this off, and just use session_start() when you need sessions. Ifyou use auto_start, you should also set the use_cookies, etc values in the php.ini file.If
As far as appending the session id, PHP will handle it all for you.youstart a session (either auto_start or session_start() ) and create a formona page that's using trans_sid, and then check your page source in the
browser, you should see a hidden field called PHPSESSID in your form.. Onethat you _didn't_ add yourself. It's very cool. Relative URL's are
essentially just URLs that don't have a host in them. http://foo.com
is nota relative url, but /bar/index.php is.you set
If you have trans_sid on, and you submit the above form and start the
session on the submitted-to page, then all the $_SESSION vars thaton the previous page will be available to you on your submitted-topage.
Does that clear anything up, or make it cloudier? :-)
Pete.
--
--
Peter James
Editor-in-Chief, php|architect Magazine
pe***@phparch.com
php|architect
The Magazine for PHP Professionals
http://www.phparch.com
"Paul" <Pa**@here.com> wrote in message
news:bh**********@hercules.btinternet.com...
> I know I'm going to sound stupid now, but could you just clarify what > exactly is happening here. At the moment, I am using
session.auto_start=0
> in php.ini. Should I now switch this back to 0?
> And if I add ini_set("session.use_cookies", "off"); and
> ini_set("session.use_trans_sid", "on"); to the start of each page,
doesit> temporary turn on trans_sid for that browsing session?
> Lastly, when you say "This will automagically append the session id to all> relative URL's that it can identify, as well as adding it into a hidden form
> variable for you", how is the session ID passed then? Where am I
defininga
> variable that can be used on the next page? How does it identify
"relative> URLs"? I've only been at this a month so I'm a bit green.URL's tha
>
> Thanks for your help.
>
>
> "Peter James" <pe***@shaman.ca> wrote in message
> news:vj************@corp.supernews.com...
> > First, rather than manually passing the session id around, just do an > > ini_set() at the beginning of each page...
> >
> > ini_set("session.use_cookies", "off");
> > ini_set("session.use_trans_sid", "on");
> >
> > This will automagically append the session id to all relativeit
> > can identify, as well as adding it into a hidden form variable for
you.> You
> > don't need to do it manually.
> >
> > Second, you're not passing the session id when you redirect. Writing the
> > header like that doesn't get rewritten by PHP or your routine. If you are
> > not using cookies, you won't have access to the session id on the next > page
> > (the one you redirect to). Even with trans_sid, you'll have to
manually> > include your session id in the header.
> >
> > HTH.
> > Pete.
> >
> > --
> >
> > --
> > Peter James
> > Editor-in-Chief, php|architect Magazine
> > pe***@phparch.com
> >
> > php|architect
> > The Magazine for PHP Professionals
> > http://www.phparch.com
> >
> >
> > "Paul" <Pa**@here.com> wrote in message
> > news:bh**********@titan.btinternet.com...
> > > I want to use sessions to cover myself in case the user switches off > > cookies
> > > so I am passing the session ID manually through a hidden input
field.> Thiscan see
> > > is what I have so far.
> > >
> > > index.php page contains:
> > >
> > > <?php
> > >
> > > $_SESSION['entered_username'] = "";
> > > $_SESSION['login'] = "";
> > > $PHPSESSID = session_id();
> > >
> > > echo "<form method='POST' action='login.php'>
> > > <b>Username:</b>
> > > <input type='text' name='username'>
> > > <b>Password:</b>
> > > <input type='password' name='password'>
> > > <input type='hidden' name='PHPSESSID' value='$PHPSESSID'>
> > > <input type='submit' value='Login'>
> > > </form>";
> > >
> > > ?>
> > >
> > > Now, viewing the source with this page open in the browser, I> thatprogramming from
> > > the session ID is in the hidden field. According to the book I'm
> reading,
> > > "PHP will automatically get $PHPSESSID without anymore
> > you
> > > on the login page"
> > > The part of the next page (login.php) that is processing the login isas
> > > follows:
> > >
> > > if(mysql_num_rows($result) == 1)
> > > {
> > > $_SESSION['entered_username'] = $_POST['username'];
> > > $_SESSION['login'] = 'yes';
> > > header('refresh: 3; url=member.php');
> > > echo "<h2><center>You have been validated. Please wait, logging
you in.
> .
> > > .</h2><br>
> > > <center>If your browser doesn't support redirection and you're still > here
> > in
> > > 3 seconds, <a href='member.php'>click here</a></center>";
> > > }
> > > else
> > > {
> > > header('refresh: 5; url=index.php');
> > > echo "<b><u><center>Login failure </b></u><br>Username/Password
> mismatch.
> > > Sit tight, we're sending you back to the login page in 5
seconds.<br>> > > If your browser doesn't support redirection and you're stillhere in5> > > seconds, <a href='index.php'>click here</a></center>";
> > > }
> > >
> > > Now we get to the member.php page and the following happens:
> > >
> > > Notice: Undefined index: login in C:\Web\member.php on line 10
> > >
> > > Line 10 reads:
> > >
> > > if ($_SESSION['login'] != 'yes')
> > > {
> > > echo "<b><u><center>You haven't logged on!</b></u><p>
> > > <a href='index.php'>Click Here</a> to return to the login page";
> > > exit();
> > > }
> > >
> > > This is where it kicks me out. The code on the member.php page
is > designed
> > > to stop users doing anything before they log in but unless I can
pass> the
> > > session data between pages, the result of the if statement will
always> be
> > > false.
> > >
> > > Even more odd is the fact that it works in Internet Explorer and
not > > > Mozilla. Now I trust Mozilla's standards far more than IE so I
really> want
> > > to make it work in Mozilla.
> > >
> > > Sorry this is such a long post, I tried to keep it as short as
possible
> > but
> > > give enough information to make it make sense.
> > >
> > > So what am I missing? And what is IE doing that Moz isn't?
> > >
> > > Thanks for any suggestions.