sessions propblem?

[Mandes]

ok, I tried that and I get a click here link, now what? please?

And what happens when you click the button that says click here ??

[chris davies]

what happens? I get a blank page.

I now have a version of sorts working, by adding the SID the the anchor link and testing for SID on the following page, but this still echoes the SID to the URL. Not as bad echoing the username and password, I'm just not sure if it's correct or not, please look at my code and advise?
link for next page:

Code:

echo "<p><a href=\"enterPropertyData.php?".SID."\"> Enter Property/Seller Information</a></p>";

code for next page:

Code:

<?php
//start the session
session_start();

//is the session set up?
if($_SESSION['SID']!="")
   {
      echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"style.css\"/>";
      echo "<div class=\"outer\">";
      echo "<div class=\"img\"><img src=\"images/valleys.jpg\" alt=\"Valleys Real Estate\"/></div>";
      echo " <div class=\"formstyle\"><h4>Sorry, incorrect login information, redirecting you...</h4>
      <img src=\"images\waiting.gif\"></div>";
      echo "<meta http-equiv=\"refresh\" content=\"5;url=admin.htm\">";
      echo"</div></div></div>";
      exit();
   } else
        {
           echo "<h4>Today's administrator is ".$_SESSION['username']."</h4>";
        }
?>

I know testing if the session is not equal to null appears backward in its logic but its working.
My brain is hurting

[Mandes]

what happens? I get a blank page.

Then sessions are not working on your server !!

make a file with the following code

PHP Code:

<?php
phpinfo();
?>

then call it, scroll down the results until you come to a heading called SESSIONS, post whats there.

[Mandes]

I now have a version of sorts working, by adding the SID the the anchor link and testing for SID on the following page, but this still echoes the SID to the URL.

This isnt working how you think it is, in fact it wont be working at all, you cannot pass a value in URL and then check for it like this.

if($_SESSION['SID']!="") {
}

will always execute the code because the variable doesnt exist therefore it cant equal "".

[chris davies]

This is why I asked. Using phpinfo() I have:

Session Support enabled
Registered save handlers files user

Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_lifetime 0 0
session.cookie_path root root
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path c:/sessions c:/sessions
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid Off Off


this is a cut 'n' paste jobbie so no typos. I am running this on my home system at present, but the intended systems gives the same results. I thought you should know

[Mandes]

I cant see anything there thats out of the ordinary.

I also meant to ask you to tell me the version of PHP your using, tells you at the top of the phpinfo page.

[chris davies]

PHP Version 4.3.8

[Skookum]

I have found with that version session_start() has to be at the top of the page the first line, otherwise some session header error occurs and the session array is not created.

[chris davies]

tried that, have echoed SID on each page and each time it's different UNLESS I add the SID to the anchor link in the previous page. grrrrrr lol
The darn sessions aint working lol

[Mandes]

I have found with that version session_start() has to be at the top of the page the first line, otherwise some session header error occurs and the session array is not created.

The test code that Chris ran (see post 5) has the session_start as the first line.

I'm stumped, his phpinfo looks to be OK.

@Chris

you said

but the intended systems gives the same results.

have you tried my test code on your intended system ??

[chris davies]

your test code works on the intended site, but get this, I checked phpinfo() on the intended site and the session_save_path has no value? what does that mean? that it hasn't been set?

Also, although your test code works there, my sessions don't, pass me a long rope lolol

another thing, if the sessions aren't working, why is is I can echo session data to the page? even if it is different for each page? here is an example:

PHPSESSID=d44c3896fe4cdda97ccc38b3e25b06fc

[Skookum]

your test code works on the intended site, but get this, I checked phpinfo() on the intended site and the session_save_path has no value? what does that mean? that it hasn't been set?

Also, although your test code works there, my sessions don't, pass me a long rope lolol

another thing, if the sessions aren't working, why is is I can echo session data to the page? even if it is different for each page? here is an example:

PHPSESSID=d44c3896fe4cdda97ccc38b3e25b06fc

The reason that you can echo the sessions data is because a new session is being started each time that you open a page. The session is not being passed through the browser, and it is not remaining on the server.

It is possible that the session_save_path is causing this. As if the session does not have proper rights to write a file there then the sessions may not be remaining. Try blanking that out so it is default and see if that helps.

[Mandes]

Yes , didnt spot that, by default its set to /tmp, find your php.ini file and troll through to find the session.save_path bit change to /tmp.

Then you'll need to shut PHP down and restart, (or just restart your computer) before it changes the value.

Do the phpinfo() after to make sure its set

[chris davies]

did that and restarted my machine as follows:

session.save_path = "/tmp"

and all I get is:

Warning: session_start(): open(/tmp\sess_9dc446bdb6fb74e13681725b379cae92, O_RDWR) failed: No such file or directory (2) in c:\inetpub\wwwroot\mysql_client\SimpleSuggest\showsess.php on line 2


Should I include the absolute path? or should the tmp directory be local to the script as opposed to being in the root directory?

Or is it, as I suspect, the fact that I am running PHP in an IIS environment and tht it will never work lolol, and yes, I have set the permissions for the folder.

also tried removeing the quotes:
session.save_path=/tmp

and still nothing, pass me the anti-depressants somebody lol

[chris davies]

OK, here we go again,
I opened the session folder and accessed the test script you gave, as I clicked on the link, I can observe the session data being written, this is the content of the session file:

variable|s:33:"This should be stored in sessions";

so it would appear that sessions are working, so it this an access privilege issue maybe?

I have set full control to all users and even set the folder up for sharing

[pkSML]

If you're still having problems with where session data is being saved, give it an absolute filepath (like c:/php/tmp).

You might try creating a persistent session (read this --> http://www.daniweb.com/techtalkforums/thread69350.html). A regular session will cease to be used when a browser is closed. A persistent session will last as long as you wish. To create a persistent session, just give a life-span to the cookie. In your first page (login page), use this code:

PHP Code:

<?php
session_set_cookie_params(216000); // Sets cookie to expire in 1 day
session_start();
?>

-----
Are all three of your pages on the same server? I might get ieHTTPheaders and see what happens to the actual session ID number between your three pages. This will help you debug greatly.

Sessions are frustrating sometimes!

[chris davies]

Hi, The daniweb link you gave does not exist lol, and as for the Blunk web site I got this:

Error 504 (Gateway Timeout) 'www.blunck.info' could not be found.

Thanks for trying to help, but I don't think it's a case of session persistence as I was given this piece of code to test:

Code:

<?php
Session_start();
if (isset($_GET['show'])) {
echo $_SESSION['variable'];
exit;
}
$_SESSION['variable'] = 'This should be stored in sessions';
echo '<a href="' . $_SERVER['PHP_SELF'] . '?show" >click here</a>';
?>

which echoes the session variable to the same page and it comes up blank,
just added your suggestion for:

Code:

 session_set_cookie_params(216000);

and still blank no result
I've been echoing the session id and on every page it is different.

[pkSML]

You might try this --> http://stephen.calvarybucyrus.org/se...ication+system

-OR-

just use cookies to store login information. Use a hash to store in the cookie.

Example:
logic of authenticate.php

• password passed to script: testingfoo ($_POST['password'])
• this script sets cookie with this value: $_COOKIE['postpw'] = md5($_POST['password']);
• this script checks database for password (which is already md5'd)
• this script checks to see if md5($_POST['password']) == database password
  
  • if they match, add cookie variable ($_COOKIE['logged_in' = true;)
  • if they don't match, add cookie variable ($_COOKIE['logged_in'] = false;)

In your protected pages, just run the check again to make sure $_COOKIE['logged_in'] == true.

-OR-

You might let someone else do the dirty work for you -->

• http://freshmeat.net/projects/adminpro/
  The download's at http://freshmeat.net/redir/adminpro/...4-09-30.tar.gz
• http://www.wholehogsoftware.com/inde...tection_readme
• Bunch of links: http://www.phpfreaks.com/scripts/Use...ication/16.php

[pkSML]

The work's been done for you --> http://codewalkers.com/tutorials/32/3.html

[chris davies]

while I appreciate your help, you're missing the point here, which is why aren't the sessions persistent. If I set up a session, it should be available for the duration, be passable to another page etc etc. Like I said previously, every time I open a page, a new session is created. session_start() is supposed to recognise a session which has already started. This is what I want to solve.

what I mean is, I don't want to copy someone else's login code, I want to be able to create my own.

I won't learn anything by cutting and pasting, I need to understand why I can't get sessions to work. I hope you can appreciate that.

[Mandes]

Have you tried leaving session.save_path blank ?

[chris davies]

as its almost midnight here, I'll try that tomorrow, thanks Mandes. Time for bed

[chris davies]

tried leaving it blank still no luck, pheww my head hurts

[chris davies]

is it because I am running IIS as opposed to Apache? I have tried creating a sessions folder inside and outside of the web tree ie directly on the root and even on c:\sessions. Is my session.save_path syntax incorrect maybe? Then if it was, why can I physically see the session data being written?

[Mandes]

A quick google

http://www.google.com/search?hl=uk&q...s+problems+IIS

Seems your not the only one with these problems, switch to apache