Weird problem unsetting session variable

[joejoeknows]

Checking whether a session variable is set returns false if unset($_SESSION[var]) is anywhere in the script. As soon as I take the unset call out of the script completely, it will return true.

PHP Code:

if(isset($_SESSION['error']))
{
  $login_form .= "<p>".$_SESSION['error']['message']."</p>\n";
  unset($_SESSION['error']);
}
  unset($_SESSION['error']); // causes same behavior 


I need to unset the session variable after assigning the message to this script any ideas?

[simshaun]

if you are already unsetting it within the condition, why unset it again outside the condition?

And are you using any type of caching?

[forkaya]

Maybe your problem is in the error you are getting... What is it?

[simshaun]

This works fine..

PHP Code:

<?
session_start();

$_SESSION['error']['message'] = 'test';
$login_form = '';

echo "<pre>";
echo "Before isset:\n";
print_r($_SESSION);
echo "</pre>";

if(isset($_SESSION['error']))
{
  $login_form .= "<p>".$_SESSION['error']['message']."</p>\n";
  unset($_SESSION['error']);
}

echo "<pre>";
echo "After isset (Should be blank):\n";
print_r($_SESSION);
echo "</pre>";

unset($_SESSION['error']); // causes same behavior

echo "<pre>";
echo "After unset (Should still be blank):\n";
print_r($_SESSION);
echo "</pre>";

echo "<pre>";
echo '$login_form:', "\n";
echo htmlentities($login_form);
echo "</pre>";

session_destroy();
?>

The issue is not in that part of the code. You have a logic error somewhere probably.

[joejoeknows]

simshaun: I repeated the unset outside the condition to show it doesn't matter where the unset is. Does PHP do some sort of caching? I am not using any custom caching.

Forkaya: The error is nothing but and array that contains text that is received from the conditions on the form processing script.

To elaborate more:
This is on a script that produces the form for user login. If there is an error on the php script that processes the post from this form, it sets this session variable. Then using header() redirects the browser back to the login form where the error is displayed then, hopefully, unset.

[simshaun]

Test the PHP code I posted above in a standalone page (ex: test_sess.php).
It works just fine on my end.

There is a logical error somewhere in the rest of your code. I highly doubt it's PHP's fault.

The only way we'll be able to debug it is for you to post the full code.

[joejoeknows]

Before isset:
Array
(
[user] => Array
(
[id] => test
[logged_in] => 1
)

[banner] => Login Successful!
[error] => Array
(
[message] => test
)

)

After isset (Should be blank):
Array
(
[user] => Array
(
[id] => test
[logged_in] => 1
)

[banner] => Login Successful!
)

After unset (Should still be blank):
Array
(
[user] => Array
(
[id] => test
[logged_in] => 1
)

[banner] => Login Successful!
)

$login_form:
<p>test</p>

[simshaun]

Its working as expected then.
Notice how the error array is being unset.

The error is definitely somewhere in the rest of your code.

[joejoeknows]

messy code, I know! (school project)

form script:

PHP Code:

<?php
 include('config.php');

//start session
if (session_id() == "") session_start();
 
 $login_form = "
        <div id='login'>
        <form name='login' action='$web_root/member/login/login.php' method='post'>
            <span>Username:<input type='text' size='20' name='user' /></span>
            <span>Password:<input type='password' size='20' name='pass' /></span>
            <span><input type='submit' value='Login' name='login' /><input type='reset' value='Reset' name='reset' /></span>
        </form>
                <p>Not a member? <a href='signup'>Register Free</a></p>
                  \n";

if(isset($_SESSION['error']))
{
  $message = $_SESSION['error']['message'];
  $login_form .= "<p>$message</p>\n";
  //unset($_SESSION['error']);
}

$login_form .= "        </div>
";

if(isset($_SESSION['user']))
  $user = $_SESSION['user']['id'];
else
  $user = "Guest";

$logged_in = "
        <div id='login'>
          <div class='shadowbox'>
            <div class='shadowcontent'>
            <div class='t'></div><!-- END: div.t -->
                <h3>Hello, $user</h3>
                 Visit <a href='$web_root/member/'>Your Account</a>
                <p>Not $user? <a href='$web_root/member/login/logout.php'>Log out</a></p>
            </div><!-- END: div.shadowcontent -->
            <div class='b'><div></div></div><!-- END: div.b -->
          </div><!-- END: div.shadowbox -->
        </div>
";

 if(isset($_SESSION['user']['logged_in']) && $_SESSION['user']['logged_in'] == 1)
 {
   $user = $_SESSION['user']['id'];
   $user_status = $logged_in;
 }
 else
 {
   $user_status = $login_form;
 }

?>

process script:

PHP Code:

<?php
 require_once("config.php");
 require_once("$lib/mysql/mysql.class.php");
 require_once("$lib/mysql/query.class.php");
 require_once("$lib/mysql/config.mysql.php");
 require_once("$lib/error.php");


if (session_id() == "") session_start();

 $username = $_POST['user'];
 $password = $_POST['pass'];

 if(empty($username) || empty($password))
 {
   $_SESSION['error'] = array('message' => "Both fields must be filled", 'action' => "MEMBER_LOGIN");
    errorHandle();
 }

 $db = new MySQL($config);

 $q_check = new Query('select');
 $q_check->setTable('members');
 $q_check->addSelection('password');
 $q_check->addCondition('username','=',$username,'s');

 if($db->executeQuery($q_check))
   if($q_check->num_rows < 1)
   {
     //print_r($_POST);
     $_SESSION['error'] = array('message' => "Username or password incorrect.", 'action' => "MEMBER_LOGIN");
   }
   else
   {
     $check = $q_check->results[0]['password'];
     if($check == md5($password))
     {
       $_SESSION['user']= array('id' => $username, 'logged_in' => true);
       $_SESSION['banner'] = "Login Successful!";
       unset($_SESSION['error']);
       $host  = $_SERVER['HTTP_HOST'];
       header("Location: http://$host/$web_root/member");//need to change to self
     }
     else
     {
       $_SESSION['error'] = array('message' => "Username or password does not match", 'action' => "MEMBER_LOGIN");
     }
   }
 
 if(isset($_SESSION['error']))
 {
    errorHandle();
 }

?>

error.php

PHP Code:

<?php 
 error_reporting(E_ALL);
 require_once("config.php");

function errorHandle()
{
  if(isset($_SESSION['error']))
  {
     $action = $_SESSION['error']['action'];
     global $web_root;
     switch($action)
     {
    case "MEMBER_LOGIN":
          $host  = $_SERVER['HTTP_HOST'];
          header("Location: http://$host/$web_root/wdp3-ms3");
      break;
    case "UPLOAD_FORM":
          $host  = $_SERVER['HTTP_HOST'];
          header("Location: http://$host/$web_root/wdp3-ms3/upload");
      break;
    case "USER_CREATE":
          $host  = $_SERVER['HTTP_HOST'];
          header("Location: http://$host/$web_root/wdp3-ms3/signup");
      break;
     }
  }
}
?>

config only has $lib and $*_root variables

[simshaun]

Try this out:

form script:

PHP Code:

<?php
include('config.php');

//start session
session_start();

$login_form = "
        <div id='login'>
        <form name='login' action='$web_root/member/login/login.php' method='post'>
            <span>Username:<input type='text' size='20' name='user' /></span>
            <span>Password:<input type='password' size='20' name='pass' /></span>
            <span><input type='submit' value='Login' name='login' /><input type='reset' value='Reset' name='reset' /></span>
        </form>
                <p>Not a member? <a href='signup'>Register Free</a></p>
                  \n";

if (isset($_SESSION['error'])) {
    $message = $_SESSION['error']['message'];
    $login_form .= "<p>$message</p>\n";
    unset($_SESSION['error']);
}

$login_form .= "        </div>
";

if (isset($_SESSION['user'])) { // good idea to always have curly braces, even though there is only 1 line of logic
    $user = $_SESSION['user']['id'];
} else {
    $user = "Guest";
    $logged_in = "
        <div id='login'>
          <div class='shadowbox'>
            <div class='shadowcontent'>
            <div class='t'></div><!-- END: div.t -->
                <h3>Hello, $user</h3>
                 Visit <a href='$web_root/member/'>Your Account</a>
                <p>Not $user? <a href='$web_root/member/login/logout.php'>Log out</a></p>
            </div><!-- END: div.shadowcontent -->
            <div class='b'><div></div></div><!-- END: div.b -->
          </div><!-- END: div.shadowbox -->
        </div>
";

//if (isset($_SESSION['user']['logged_in']) && $_SESSION['user']['logged_in'] == 1) {
if (isset($_SESSION['user']['logged_in']) && $_SESSION['user']['logged_in']) { // == 1 is redundant.
    $user = $_SESSION['user']['id'];
    $user_status = $logged_in;
} else {
    $user_status = $login_form;
}
?>

process script:

PHP Code:

<?php
require_once("config.php");
require_once("$lib/mysql/mysql.class.php");
require_once("$lib/mysql/query.class.php");
require_once("$lib/mysql/config.mysql.php");
require_once("$lib/error.php");

session_start();
$username = $_POST['user'];
$password = $_POST['pass'];

if (empty($username) || empty($password)) {
    $_SESSION['error'] = array('message' => "Both fields must be filled", 'action' => "MEMBER_LOGIN");
    errorHandle();
}

$db = new MySQL($config);
$q_check = new Query('select');
$q_check->setTable('members');
$q_check->addSelection('password');
$q_check->addCondition('username','=',$username,'s');
$db->executeQuery($q_check);

if ($q_check->num_rows < 1) {
    //print_r($_POST);
    $_SESSION['error'] = array('message' => "Username or password incorrect.",
                               'action' => "MEMBER_LOGIN");
} else {
    $check = $q_check->results[0]['password'];
    if ($check == md5($password)) {
        $_SESSION['user'] = array('id' => $username,
                                  'logged_in' => TRUE);
        $_SESSION['banner'] = "Login Successful!";

        unset($_SESSION['error']);
        $host = $_SERVER['HTTP_HOST'];
        header("Location: http://$host/$web_root/member"); //need to change to self
        exit;
    } else {
        $_SESSION['error'] = array('message' => "Username or password does not match",
                                   'action' => "MEMBER_LOGIN");
    }
}

if (isset($_SESSION['error'])) {
    errorHandle();
}
?>

error.php

PHP Code:

<?php 
error_reporting(E_ALL);
require_once("config.php");

function errorHandle()
{
    if (isset($_SESSION['error'])) {
        $action = $_SESSION['error']['action'];
        global $web_root; // globals are bad practice.  Make $web_root a function argument.

        switch($action) {
            case "MEMBER_LOGIN":
                $host = $_SERVER['HTTP_HOST'];
                header("Location: http://$host/$web_root/wdp3-ms3");
                exit;
                break;

            case "UPLOAD_FORM":
                $host = $_SERVER['HTTP_HOST'];
                header("Location: http://$host/$web_root/wdp3-ms3/upload");
                exit;
                break;

            case "USER_CREATE":
                $host = $_SERVER['HTTP_HOST'];
                header("Location: http://$host/$web_root/wdp3-ms3/signup");
                exit;
                break;
        }
    }
}
?>