By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
463,224 Members | 527 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 463,224 IT Pros & Developers. It's quick & easy.

Possible problem with session_start() not resuming session

P: 2
The essence of my problem is this.

1. I login to my website with user/password. [on index2.php]
2. I select any option, which effectively re-calls index2.php with some additional parameters, to control whats displayed next. Immediately at this point, it logs out the user.

It is logging out the user because after checking $_SESSION['LoginStatus'] == '1' - it finds that its not 1, and therefore displays login section again and a related message.

The website is being run on a shared host environment, which I thought might be a factor, as some people think that session data could be lost due to PHP being compiled with FastCGI instead of ISAPI.

Here is a segment of code at the start of index2.php which sets the session data initially:

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. ini_set("session.gc_maxlifetime", 3000);
  3. ini_set("session.use_cookies", 1);
  4. ini_set("session.use_trans_sid", 0);
  5. session_start();
  7. include("include/reg_variables.php");
  8. include("dbconnect.php");
  10. include("arrays/propdetails.php");
  11. include("arrays/countries.php");
  12. include("arrays/regions.php");
  13. include("arrays/services.php");
  14. include("include/functions.php");
  15. include("web_config.php");
  17. if ($_SESSION['LoginStatus'] != '1')
  18. {
  19.     if ($act == 'login') include("include/login.php");
  20. }
  23. $ow = $_SESSION['UserId'];
  24. $id = $_REQUEST['id'];
And here is the login.php:

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. if($act=="login")
  3. {
  4.     $dbq = "SELECT * FROM users WHERE username='$username' AND active='1' LIMIT 1";
  5.     $res = mysql_query($dbq) or die(mysql_error());
  6.     $obj = mysql_fetch_assoc($res);
  7.     $mdpass = $obj['password'];
  9.     if ($mdpass==md5($password))
  10.     {
  11.         //setcookie("UserId", $obj['id'], time()+3600);
  12.         //$_COOKIE['userid'] = $obj['id'];
  14.         $_SESSION['logged'] = 1; 
  15.         $_SESSION['ow'] = $obj['id'];
  16.         $_SESSION['firstname'] = $obj['firstname'];
  17.         $_SESSION['familyname'] = $obj['familyname'];
  18.         $_SESSION['email'] = $obj['email'];
  20.         $_SESSION['LoginStatus'] = 1; 
  21.         $_SESSION['UserId'] = $obj['id'];
  22.         $_SESSION['UserFirstName'] = $obj['firstname'];
  23.         $_SESSION['UserFamilyName'] = $obj['familyname'];
  24.         $_SESSION['UserEmail'] = $obj['email'];
  25.     }
  26. }
  29. if($act=="logout")
  30. {
  31.     //setcookie ("UserId", "", time() - 3600);
  32.     //session_unregister('logged');
  33.     //$_SESSION['logged'] = '';
  34.     $_SESSION['LoginStatus'] = '';
  35.     session_destroy();
  36.     session_unset();
  37.     header("Location: ".$domain."index2.php");
  38.     exit();
  39. }
  40. ?>
The problem occurs in both IE6 and FF2 consistently.

I have already changed the session save_path to a different directory on my webspace, and just running out of ideas.

I see that the server directory storing sessions, has 2 session files in it, even though I have only started ONE session. [And I am sure this isnt from a previous session as I deleted all the session files manually on the server as part of the test].

I have reason to believe that because index2.php is re-called with different arguments in the URL, that its calling session_start() again [as it should], and session_start is failing to resume the session and is instead creating a new session. Its therefore lost the details about the user being logged in.

Can anyone suggest any reasons why calling session_start() again would NOT resume the session?
May 22 '07 #1
Share this Question
Share on Google+
2 Replies

P: 2
I seem to have found the solution, as I tested 3 times and it was working:

I added the following code in my index2.php file:

ini_set('session.cookie_domain','') ;

Of course, I could also have edited the php.ini file to set the cookie_domain too.
Its possible that some browsers have a problem when the cookie_domain is just left empty.
Setting in php.ini would be the better 'full' solution I think.
May 22 '07 #2

Expert 5K+
P: 5,058
This can happen if the SessionID that is generated for you is lost as you refresh / redirect.

Try printing the session_id(), it should stay the same as long as you do not destroy the session. If it changes your browser is not able to keep track of it so your PHP is constantly creating new Sessions.
If this is the case I would assume that your PHP.ini is configured incorrectly, you might have to enable cookie support or set some temp file path. I know that on Windows some temp paths must be set.

I would also reccomend against using the session_destroy() function but rather unset each variable using the unset() function. It is far safer and less likely to cause "colleteral damage".
May 22 '07 #3

Post your reply

Sign in to post your reply or Sign up for a free account.