1. I login to my website with user/password. [on index2.php]
2. I select any option, which effectively re-calls index2.php with some additional parameters, to control whats displayed next. Immediately at this point, it logs out the user.
It is logging out the user because after checking $_SESSION['LoginStatus'] == '1' - it finds that its not 1, and therefore displays login section again and a related message.
The website is being run on a shared host environment, which I thought might be a factor, as some people think that session data could be lost due to PHP being compiled with FastCGI instead of ISAPI.
Here is a segment of code at the start of index2.php which sets the session data initially:
Expand|Select|Wrap|Line Numbers
- <?php
- ini_set("session.gc_maxlifetime", 3000);
- ini_set("session.use_cookies", 1);
- ini_set("session.use_trans_sid", 0);
- session_start();
- include("include/reg_variables.php");
- include("dbconnect.php");
- include("arrays/propdetails.php");
- include("arrays/countries.php");
- include("arrays/regions.php");
- include("arrays/services.php");
- include("include/functions.php");
- include("web_config.php");
- if ($_SESSION['LoginStatus'] != '1')
- {
- if ($act == 'login') include("include/login.php");
- }
- $ow = $_SESSION['UserId'];
- $id = $_REQUEST['id'];
Expand|Select|Wrap|Line Numbers
- <?php
- if($act=="login")
- {
- $dbq = "SELECT * FROM users WHERE username='$username' AND active='1' LIMIT 1";
- $res = mysql_query($dbq) or die(mysql_error());
- $obj = mysql_fetch_assoc($res);
- $mdpass = $obj['password'];
- if ($mdpass==md5($password))
- {
- //setcookie("UserId", $obj['id'], time()+3600);
- //$_COOKIE['userid'] = $obj['id'];
- $_SESSION['logged'] = 1;
- $_SESSION['ow'] = $obj['id'];
- $_SESSION['firstname'] = $obj['firstname'];
- $_SESSION['familyname'] = $obj['familyname'];
- $_SESSION['email'] = $obj['email'];
- $_SESSION['LoginStatus'] = 1;
- $_SESSION['UserId'] = $obj['id'];
- $_SESSION['UserFirstName'] = $obj['firstname'];
- $_SESSION['UserFamilyName'] = $obj['familyname'];
- $_SESSION['UserEmail'] = $obj['email'];
- }
- }
- if($act=="logout")
- {
- //setcookie ("UserId", "", time() - 3600);
- //session_unregister('logged');
- //$_SESSION['logged'] = '';
- $_SESSION['LoginStatus'] = '';
- session_destroy();
- session_unset();
- header("Location: ".$domain."index2.php");
- exit();
- }
- ?>
I have already changed the session save_path to a different directory on my webspace, and just running out of ideas.
I see that the server directory storing sessions, has 2 session files in it, even though I have only started ONE session. [And I am sure this isnt from a previous session as I deleted all the session files manually on the server as part of the test].
I have reason to believe that because index2.php is re-called with different arguments in the URL, that its calling session_start() again [as it should], and session_start is failing to resume the session and is instead creating a new session. Its therefore lost the details about the user being logged in.
Can anyone suggest any reasons why calling session_start() again would NOT resume the session?