473,320 Members | 1,862 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

PHP session variables randomly work/don't work

Hello,

I have a website for which users need to login/register. They fill in a login form on index.php page. If login information is correct, I set a session variable. The script that checks the login information:

session_start();
[...check user and pass and if ok do:]
$_SESSION['logged_in'] = 'yes';
$_SESSION['utilizator'] = $utilizator;
$_SESSION['cont']="elev";
header("Location: elev.php?pg=acasa&user=".$utilizator);
die();
[...]

The above code always gets to setting the session variables if the account information was correct, I tested this.

On the pages available only to logged in users, I check if that session variable is set:
<?php
session_start();
if ( $_SESSION['logged_in'] != 'yes') {
header("Location: index.php?err=neautentificat");
}
?>

The login sometimes works, sometimes doesn't. If I insist on logging in time after time, at some point the variable stays set and the login works. Sometimes it works from the first attempt. When I enter the account, when browsing from one page to another, sometimes I get redirected to index.php as if the session variable was not set anymore. But if I hit the "Back" button, I appear to still be logged in.

This happens both in IE and Mozilla Firefox.

Any ideas for this strange behavior ?
Mar 13 '09 #1
7 7829
TheServant
1,168 Expert 1GB
Hmmm, very strange. I did have a similar problem quite a while ago and after re-coding everything it started working, but still not 100% sure what changed. Have you changed/looked at your $_SESSION lifetime? Is there any browser where this doesn't happen?

Your best bet is to debug by putting echo's under all the relative conditional statements. Check all your variables are being set as $_SESSION variables after login and if any are still set once it thinks you are logged out.

Can I just confirm an observation: You said sometimes you are logged in, you go to another page then you're logged out. Then you press back which says you are logged in (mybe because the page is chached) and then you go to another page and you are still logged in? If so I am very confused and it's your browser(s) acting up.
Mar 13 '09 #2
I haven't looked at the lifetime. But since I check the login information, set the session variable, redirect to account page and it doesn't work...it can't be about the lifetime.

About the pages being in cache when I hit 'Back'...I can't be sure..the website has only a few pages...now when i tried the login again, I got to browsing through all the pages without being redirected to the login page...so it's a little hard to test if the behavior is random. I only tried it in mozilla firefox 3 and 2 and IE 6 on 2 computers...can't be the browser...

I already tried the echoing. The variables are all set when the login is approved. When it thinks I'm not logged in anymore, the variables are no longer set.

Some possible scenario for this, please...
Mar 13 '09 #3
TheServant
1,168 Expert 1GB
Well, that's a toughie then. Really without going through your whole code there's not much we can do besides suggesting things to check. Your $_SESSION is obviously being cleared, which means that something is clearing it for some reason. Do you have session_start() above every page before any output? Is your login script only on the login page? If it's on every page, it's possible that it's still checking for the $_POST values and not finding them so resetting everything. Do you have session_destory or the like anywhere? Is that being triggered for some reason? Maybe in a logout script?
Mar 13 '09 #4
It's a lot of code...a lot of files. I was hoping for this...suggesting things that might cause the problem.

I have session_start at the beginning of every page.

The login script is only called to handle the login form, when the user hits submit.

I have session_unset and session_destroy only in the logout script, which is called only when the user presses the logout button.

What other causes could be for the session variables to be unset ?
Mar 13 '09 #5
Markus
6,050 Expert 4TB
This is a common problem, and I'm sure I've had it a couple of times. Anyway, this php.net page has some discussion on the problem, and may give you a solution (read the comments).
Mar 13 '09 #6
There is nothing wrong with the session variables when I test it in my apache web server on my computer. Only when hosted on the internet the session has the above mentioned problems. Any idea now? :) Change hosting? :)
Mar 13 '09 #7
Markus
6,050 Expert 4TB
@annonymous

Get in touch with your hosting provider, see if they can fix the problem.
Mar 13 '09 #8

Sign in to post your reply or Sign up for a free account.

Similar topics

1
by: Dave Smithz | last post by:
Hi there, I have implemented a login sequence using session variables for a PHP/MySQL DB which I took over development. I read some books and this NG and it seemed straight forward. However the...
5
by: Larry Woods | last post by:
I am losing Session variables, but only those that are set in the page previous to a redirect to a secure page. Anyone seen ANY situation where Session variables just "disappear?" Note that...
2
by: Terry | last post by:
When launching our application with Internet Explorer already opened, but not pointing to our web server, the session variables disappear. If you open I.E. after launching our app, it works fine....
14
by: Paul Yanzick | last post by:
Hello, I am trying to develop a book tracking application for my capstone in school, and am running into a problem. The application is an ASP.Net application written in C#. The first page you...
4
by: tshad | last post by:
I am writing some library routines to use in my asp.net pages. They need to access my session variables, but I don't know what namespaces/libraries to access to make it work. Asp.net already does...
4
by: Paul Rogers | last post by:
I have an existing .NET ( 1.1) application, and I ran Microsoft's FxCop on it, and it screamed at me about directly using textbox.text values instead of session values. So, I tried to re-write...
18
by: BillE | last post by:
When a user opens a new IE browser window using File-New-Window the integrity of an application which relies on session state is COMPLETELY undermined. Anyone who overlooks the fact that...
5
by: Terry On Windigo | last post by:
I think I have figured out my problem but I don't know how to solve it. We are going to start using a forums package and do not want our users to have to login to both our site, and then again to...
12
by: MrHelpMe | last post by:
Hello again all, I've finished my whole application and now I don't like the whole session variables that I am using. I have a form, user fills in info clicks submit and using CDOSYSMail an...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
0
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.