SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Zealot
    Join Date
    Oct 2003
    Location
    P Town
    Posts
    167
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Some users losing session

    I have a login system that I built that uses urls and cookies to pass the session data. A lot of my users are reporting that they log in fine but when they browse to another page they appear to be logged out.

    This has been a very frustrating bug to try to squash since no matter what I do I cannot reproduce the error and everything works exactly like it is supposed to. I have even went as far as completely blocking cookies and useing the exact same browsers they are (which range from IE to Firefox) and everything still works fine.

    Does anyone know why some users would have problems with their sessions getting dropped and others would not? I am sure I could fix the problem if only I could reproduce it.

    Some users report their age changing to the date or their name changing to the DB username

  2. #2
    SitePoint Zealot metho's Avatar
    Join Date
    Feb 2005
    Posts
    132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    e.g. code plz

  3. #3
    SitePoint Zealot
    Join Date
    Oct 2003
    Location
    P Town
    Posts
    167
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This is included in all login based pages
    Code:
    <?php
    session_start();
    header("Cache-control: private");
    
    
    //require the PEAR::DB classes.
    require_once 'DB.php';
    
    $db_engine = 'mysql';
    $db_user = '***';
    $db_pass = '***';
    $db_host = 'localhost';
    $db_name = '***';
    
    $datasource = $db_engine.'://'.
    			  $db_user.':'.
    			  $db_pass.'@'.
    		 	  $db_host.'/'.
    	  		  $db_name;
    
    
    $db_object = DB::connect($datasource, TRUE);
    
    /* assign database object in $db_object, 
    
    if the connection fails $db_object will contain
    
    the error message. */
    
    // If $db_object contains an error:
    
    // error and exit.
    
    if(DB::isError($db_object)) {
    	die($db_object->getMessage());
    }
    
    $db_object->setFetchMode(DB_FETCHMODE_ASSOC);
    
    // we write this later on, ignore for now.
    
    /* check login script, included in db_connect.php. */
    if (!isset($_SESSION['site_username']) || !isset($_SESSION['site_password'])) {
    	$logged_in = 0;
    	return;
    } else {
    $site_username = $_SESSION['site_username'];
    $site_password = $_SESSION['site_password'];
    
    	// remember, $_SESSION['password'] will be encrypted.
    
    	if(!get_magic_quotes_gpc()) {
    		$site_username = addslashes($site_username);
    	}
    
    
    	// addslashes to session username before using in a query.
    	$pass = $db_object->query("SELECT password FROM author_profiles WHERE username = '$site_username'");
    
    	if(DB::isError($pass)) {
    		$logged_in = 0;
    		unset($_SESSION['site_username']);
    		unset($_SESSION['site_password']);
    		// kill incorrect session variables.
    	}
    
    	$db_pass = $pass->fetchRow();
    
    	// now we have encrypted pass from DB in 
    	//$db_pass['password'], stripslashes() just incase:
    
    	$db_pass['password'] = stripslashes($db_pass['password']);
    	$site_password = stripslashes($_SESSION['site_password']);
    
    
    
    	//compare:
    
    
    
    	if($site_password == $db_pass['password']) { 
    		// valid password for username
    		$logged_in = 1; // they have correct info
    					// in session variables.
    	} else {
    		$logged_in = 0;
    		unset($_SESSION['site_username']);
    		unset($_SESSION['site_password']);
    		// kill incorrect session variables.
    	}
    }
    
    
    // clean up
    unset($db_pass['password']);
    
    $site_username = stripslashes($site_username);
    
    ?>
    I use these to make mysql queries etc
    $logged_in
    $site_username
    $site_password

  4. #4
    Are You There? KDesigns's Avatar
    Join Date
    Oct 2003
    Location
    Your Monitor
    Posts
    1,146
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Just a thought, but you may want to check into the hosting company. I had a similar problem where sessions seemed to be just dropping. Turns out the host had the site piped through 5 different servers.
    ChooseDaily.com - Follow on Twitter
    Top Resources for Web Designers and Developers Every Day!

  5. #5
    SitePoint Zealot
    Join Date
    Oct 2003
    Location
    P Town
    Posts
    167
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    That should not be a problem since I operate my own servers

  6. #6
    SitePoint Member
    Join Date
    Apr 2005
    Posts
    2
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Did you ever find an answer to this session dropping problem? I am now having the same problem.

    Thanks,
    Sam

  7. #7
    SitePoint Wizard wonshikee's Avatar
    Join Date
    Jan 2007
    Posts
    1,223
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    Have you asked if they enabled cookies for your site?

  8. #8
    SitePoint Evangelist superuser2's Avatar
    Join Date
    Aug 2006
    Posts
    598
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    IE5 can't keep track of a vBulletin session without a remember-me cookie - perhaps it's browser related?

    Try perhaps using database-powered sessions?

    You can follow those instructions and make sure the code runs before session_start on every page - try using auto_prepend_file if there's too many to edit manually.

    Keeping sessions in the database obviously doesn't fix the problem with your default session mechanism but it does solve your problem and is no less clean than regular sessions - go ahead and use it.

  9. #9
    SitePoint Evangelist
    Join Date
    Jun 2003
    Location
    Melbourne, Australia
    Posts
    440
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Err... the obvious question is under what circumstances are users' sessions being lost? Perhaps when they get up from their machines and don't come back for a while? The default session timeout is 1440 seconds (24 minutes).

    To implement session expiry, a Db-based session handler will have to have a either for expiry or for the last request.
    Zealotry is contingent upon 100 posts and addiction 200?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •