Re: [PHP] PHP SESSSION Not Behaving

Fri, 17 Oct 2003 17:50:40 -0700

Did you try it with another browser? Make some really simple example and see if this is still happening.

[-^-!-%- wrote:
Environment: Linux , PHP 4.2.3,MySql 3.23.39,Apache, and so on

The Problem:
I have a user authentication script that uses sessions to track the user
id. Everything works fine with HTTP, but $_SESSIONS['var'] renders nothing
under a secure connection (SSL). Using $_SESSION['myVar']=
'myValueGoesHere' loses its value, once I move to another page. Even when
I use SESSION_START() before accessing the value (like echo
$_SESSION['myVar']).

The PUZZLE:
If I print a character before starting the session (as we all know is
illegal), the secured page will access $_SESSION['myVar'] with no
problems - minus the warning messages for printing chars before
session_start(). print_r($_SESSION) will display all of its
content properly, but will be lost when I move to another page.


Any suggestions?

===Sample CODE =====


===Class_Page.php has ===

 //this is a general class that handles the general site
 //it pretty much holds all the application's functions
 ...
 //the function AuthenticateUser() is used to valid a user's access.
 //if $_SESSION['userid'] exist, then the user is logged in.
 //otherwise, the user is prompted to login

class Page {

var $INFO;

   function Page(){
      session_start();
      ...
   }

   .
   .
   .

   function AuthenticateUser(){
     if(isset($_SESSION['userid']) and !empty($_SESSION['userid']) ...){
       //user is already logged in

$this->INFO = $this->getUserInfo($_SESSION['clientid']);

       return True;
     }else{
        $usr = $_POST['username'];  //simplified code. no security.
        $pas = $_POST['password'];

        $qry = mysql_query('select * from users where usr=$usr and
pass=$as ...) or die($this->ErrorDisplay);

        if(mysql_num_rows($qry)>0){
          $validUser = mysql_fetch_object($qry);

          session_start();
          $_SESSION['userid'] = $validUser->uid;
          $_SESSION['username'] =$validUser->uname;
          ...
          return True;
       }else{
         $_SESSION=Array();
         session_destroy();
         $this->ErrorDisplay('invaliduser');
         return False;

}

}


} //end of class




//==== Privatepage.php

include(class_Page.php);

$page = new Page;

//access control

if($page->AuthenticateUser()=='True'){ //a valid user

//display content

print_r($_SESSION) //test session contents

}else{
   $page->ErrorDisplay('noaccess');
}





The above code fails when runned as-is. However, if I print any character
before testing the sesion values, it will run.

Like:
 function AuthenticateUser(){

   //normal: DOES NOT WORK
   session_start();
   print_r($_SESSION);    //prints empty array

   //weird: WORKS with HEADER() warnings...
   echo ' ';
   session_start();
   print_r($_SESSION);   //prints SESSION content

...

}






=P e p i e  D e s i g n s
 www.pepiedesigns.com
 Providing Solutions That Increase Productivity

Web Developement. Database. Hosting. Multimedia.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to