PHP Sessions dissapear temporarily

@theuedimasterJan 06.2006

I have a site that uses sessions. Now these are maintained from page to page, and they are used to maintain identity. If one of them, status, is false, then you are returned back to the login page.

The first time you login, you can go to every page, except one. This page is very weird….. you see, at the top of every page i have the tester to see if status is false. It’s tested before the html tag.

Now on that page I put another tester, in the body. If status was false, then it would display some message. Of course, if status was false, you shouldn’t even be able to visit the page.

There’s a button that sends a post back to the same page, and some information is SUPPOSED to show. However, when the post is sent the first time, you are shot back to the login page.

The next time you login and do the same thing, it works out, and the tester on the problem page says that the session is true. I really don’t get it. It keeps working every time you login and logoff after that.

Does anyone know what might be going on?

to post a comment

PHP

5 Comments(s) _↴

@chickenlandJan 06.2006 — #could be a cached page ?

@Reli4ntJan 06.2006 — #Show the code.

Do you recreate the session when a user logs in?

@theuedimasterauthorJan 06.2006 — #This is the login code:

[code=php]
  $attention="";
 include("no_cache.php");
 session_start();
 $_SESSION['user'] = "";
 $_SESSION['admin'] = "";
 $_SESSION['status'] = "";
 
  /*****************************************************************************************
  *********** LOGIN SCRIPT *****************************************************************
  *****************************************************************************************/
  if ("" != $_POST['username'] && "" != $_POST['password'])
  {
   include("config.php");
   $login_sql = mysql_query("SELECT * FROM users WHERE users.username = "" .$_POST['username']. "" AND users.passwd = "" .$_POST['password']. "";");
   if ($row = mysql_fetch_array($login_sql)) {
   session_start();
   $_SESSION['status'] = TRUE;
   $_SESSION['user'] = $row['ID'];
   $_SESSION['admin'] = $row['admin'];
   $_SESSION['message'] = "Welcome ".$row['first']." ".$row['last']."!<br />You have succesfully logged in.<br /><br /><a href="home.php" style="text-decoration: underline">Continue</a>";
   $_SESSION['delay'] = "<meta http-equiv="refresh" content="1; url=http://nhs2.sigmaseven.net/home.php">";
   header("Location: http://nhs2.sigmaseven.net/display.php");
   exit;
   }
   else {
   $attention="Password or Username is incorrect.";
   }
  }
 [/code]

This is the code at the top of every page:

[code=php]
 /*****************************************************************************************
 *********** SESSION CHECK SCRIPT *********************************************************
 *****************************************************************************************/
 session_start();
 if (FALSE == $_SESSION['status'] or !isset($_SESSION['status'])) {
 header("Location: http://nhs2.sigmaseven.net/index.php");
 }
 /*****************************************************************************************
 *********** END SCRIPT *******************************************************************
 *****************************************************************************************/
 [/code]

@theuedimasterauthorJan 07.2006 — #*bump*

@theuedimasterauthorJan 08.2006 — #Thanks for all the help guys ?.

Anyways, with some crazy searching, I've found out what the problem was. Even though this really doesn't make sense at all, my global cookies were getting messed up with my local variables. I had a $_SESSION['status'], and later on in the body of the code... i had a variable called $status. For some reason, it put the value of status in session status.... but it somehow didn't do that the next time (weird?!?).

Anyways, by changing $status to $status_user, everything got fixed ?. Just take this into consideration, it took me like 2 weeks to figure out what was wrong! Don't let it happen to you!

Also in #PHP _↴

http + https hostdomain $_POST Stealing if (isset)'s !!!!!!How hard would this be?

Success!

Help @theuedimaster spread the word by sharing this article on Twitter...

Tweet This

about: ({
version: 0.1.9 — BETA 6.2,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});

changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...

recent_tips: (
tipper: @meenaratha,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,

tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,
)...

PHP Sessions dissapear temporarily

5 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

PHP Sessions dissapear temporarily

5 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

5 Comments(s) _↴

Also in #PHP _↴