SitePoint Sponsor |
|
User Tag List
Results 1 to 10 of 10
Thread: Problem with session
-
Jan 24, 2009, 19:33 #1
- Join Date
- Oct 2008
- Posts
- 24
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Problem with session
Hello everybody,
I have weird situation with starting session on my site. Locally, everything works fine, but on remote server, when I try to login, session is not started. Actually, when I put a message to see session id, it was not empty, but $_SESSION variables are empty.
Here is my code:
Code:<?php session_start(); session_regenerate_id(); $logovan = $_GET['ime']; $proizvod = $_GET['proizv']; if ($logovan != '') { $_SESSION['sesija_sesname'] = session_id(); $_SESSION['sesija_loguser'] = $logovan; $_SESSION['sesija_tekuca_kat'] = 0; $_SESSION['sesija_artikal'] = $proizvod; $_SESSION['sesija_korpa'] = ''; $_SESSION['sesija_ukupna_cena'] = 0; $_SESSION['sesija_ukupno_artikala'] = 0; if ($proizvod == '') {go page1} else {go page2} } ?>
Any help would be apriciated.
Tnx in advance,
Nati
-
Jan 25, 2009, 00:25 #2
- Join Date
- Jul 2008
- Posts
- 5,757
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Turn up error reporting
PHP Code:<?php
// top of script
ini_set('display_errors', 1);
error_reporting(E_ALL);
-
Jan 25, 2009, 06:32 #3
- Join Date
- Oct 2008
- Posts
- 24
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Two lines of my code "go page1" and "go page2" should be header commands for going on certain pages depending on condition, but SitePoint didn't allow me to post links
.
I put a code for error reporting and nothing happend, no errors at all.
I still don't understand why session variables are empty.
-
Jan 25, 2009, 06:52 #4
- Join Date
- Oct 2008
- Posts
- 24
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Hi again,
I've added two echo commands (with error reporting), to see if I'll get some information.
Here is my new code:
PHP Code:<?php
ini_set('display_errors', 1);
error_reporting(E_ALL);
session_start();
session_regenerate_id();
$logovan = $_GET['ime'];
$proizvod = $_GET['proizv'];
if ($logovan != '')
{
$_SESSION['sesija_sesname'] = session_id();
echo "Session id: ".session_id();
echo "Variable session is: ".$sesija_sesname;
$_SESSION['sesija_loguser'] = $logovan;
$_SESSION['sesija_tekuca_kat'] = 0;
$_SESSION['sesija_artikal'] = $proizvod;
$_SESSION['sesija_korpa'] = '';
$_SESSION['sesija_ukupna_cena'] = 0;
$_SESSION['sesija_ukupno_artikala'] = 0;
if ($proizvod == '')
{header('Location: index.php');}
else
{header('Location: detail.php');}
}
?>
Session id: b5fabfc37ac58788f89641fb28db0ffb
Notice: Undefined variable: sesija_sesname in /home/fuzzy/domains/djordjeweb.nl/public_html/compshop/sesija.php on line 12
Variable session is:
Warning: Cannot modify header information - headers already sent by (output started at /home/fuzzy/domains/djordjeweb.nl/public_html/compshop/sesija.php:11) in /home/fuzzy/domains/djordjeweb.nl/public_html/compshop/sesija.php on line 20
Header warning is because of echo command, so it doesn't metter.
What is important is that session_id exists, but $_SESSION variables are empty.
Any conclusion?
Tnx,
Nati
-
Jan 25, 2009, 07:47 #5
- Join Date
- Oct 2008
- Posts
- 24
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Here I am one more time
.
I found what made my session didn't work, but I still don't understand why.
Firstly I've changed a line of code in my previous post:
PHP Code:echo "Variable session is: ".$sesija_sesname;
PHP Code:echo "Variable session is: ".$_SESSION['sesija_sesname'];
What I am confused about is that I thought (obviously wrong) session variables should be declared as $_SESSION['blabla'] once and lately could be referenced to as $blabla. That worked fine at my local enviroment.
What can cause that works in one enviroment and doesn't work in another?
And what is correct way to do?
Tnx a lot!
Nati
-
Jan 25, 2009, 09:13 #6
- Join Date
- Jul 2008
- Posts
- 5,757
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
when register_globals is on, $_SESSION['blabla'] and $blabla behave as the same variable. Changing one changes the other.
-
Jan 25, 2009, 09:24 #7
- Join Date
- Oct 2008
- Posts
- 24
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
So, as I don't have access to php.ini on remote server and I don't know if register_globals is on or off, it's clear I should always use $_SESSION['blabla'].
Tnx for help!
Nati
-
Jan 25, 2009, 12:07 #8
- Join Date
- May 2006
- Location
- Lancaster University, UK
- Posts
- 7,062
- Mentioned
- 2 Post(s)
- Tagged
- 0 Thread(s)
Correct.
Please turn off Register_Globals on your sever; for your sake.Jake Arkinstall
"Sometimes you don't need to reinvent the wheel;
Sometimes its enough to make that wheel more rounded"-Molona
-
Jan 25, 2009, 23:27 #9
i have a pages which is hit by around 100 user at a given instance..
is it ideal to use...
session_regenerate_id();
blindly as done in this script..
what will be its effects to the server performance...
ok it may step to mitigate session hijacking but...
-
Jan 26, 2009, 02:27 #10
- Join Date
- Dec 2008
- Location
- Australia
- Posts
- 389
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
You don't need server access to turn off RegisterGlobals.
You can do it serverside by editing .htaccess -
Code:php_flag register_globals 0
Code:php_flag register_globals off
Also, if your SESSION variables are empty, check it is getting the info from the URL.
PHP Code:<? echo $proizvod; ?>
:-)
Bookmarks