Yep. Tried it with IE / NS / and Mozilla Firebird. Same problem.
=P e p i e D e s i g n s
www.pepiedesigns.com
Providing Solutions That Increase Productivity
Web Developement. Database. Hosting. Multimedia.
On Sat, 18 Oct 2003, Marek Kilimajer wrote:
> Did you try it with another browser? Make some really simple example and
> see if this is still happening.
>
> [-^-!-%- wrote:
> > Environment: Linux , PHP 4.2.3,MySql 3.23.39,Apache, and so on
> >
> > The Problem:
> > I have a user authentication script that uses sessions to track the user
> > id. Everything works fine with HTTP, but $_SESSIONS['var'] renders nothing
> > under a secure connection (SSL). Using $_SESSION['myVar']=
> > 'myValueGoesHere' loses its value, once I move to another page. Even when
> > I use SESSION_START() before accessing the value (like echo
> > $_SESSION['myVar']).
> >
> > The PUZZLE:
> > If I print a character before starting the session (as we all know is
> > illegal), the secured page will access $_SESSION['myVar'] with no
> > problems - minus the warning messages for printing chars before
> > session_start(). print_r($_SESSION) will display all of its
> > content properly, but will be lost when I move to another page.
> >
> >
> > Any suggestions?
> >
> > ===Sample CODE =====
> >
> >
> > ===Class_Page.php has ===
> >
> > //this is a general class that handles the general site
> > //it pretty much holds all the application's functions
> > ...
> > //the function AuthenticateUser() is used to valid a user's access.
> > //if $_SESSION['userid'] exist, then the user is logged in.
> > //otherwise, the user is prompted to login
> >
> > class Page {
> >
> > var $INFO;
> >
> > function Page(){
> > session_start();
> > ...
> > }
> >
> > .
> > .
> > .
> >
> > function AuthenticateUser(){
> > if(isset($_SESSION['userid']) and !empty($_SESSION['userid']) ...){
> > //user is already logged in
> >
> > $this->INFO = $this->getUserInfo($_SESSION['clientid']);
> >
> > return True;
> > }else{
> > $usr = $_POST['username']; //simplified code. no security.
> > $pas = $_POST['password'];
> >
> > $qry = mysql_query('select * from users where usr=$usr and
> > pass=$as ...) or die($this->ErrorDisplay);
> >
> > if(mysql_num_rows($qry)>0){
> > $validUser = mysql_fetch_object($qry);
> >
> > session_start();
> > $_SESSION['userid'] = $validUser->uid;
> > $_SESSION['username'] =$validUser->uname;
> > ...
> > return True;
> > }else{
> > $_SESSION=Array();
> > session_destroy();
> > $this->ErrorDisplay('invaliduser');
> > return False;
> >
> > }
> >
> > }
> >
> >
> > } //end of class
> >
> >
> >
> >
> > //==== Privatepage.php
> >
> > include(class_Page.php);
> >
> > $page = new Page;
> >
> > //access control
> >
> > if($page->AuthenticateUser()=='True'){ //a valid user
> >
> > //display content
> >
> > print_r($_SESSION) //test session contents
> >
> > }else{
> > $page->ErrorDisplay('noaccess');
> > }
> >
> >
> >
> >
> >
> > The above code fails when runned as-is. However, if I print any character
> > before testing the sesion values, it will run.
> >
> > Like:
> > function AuthenticateUser(){
> >
> > //normal: DOES NOT WORK
> > session_start();
> > print_r($_SESSION); //prints empty array
> >
> > //weird: WORKS with HEADER() warnings...
> > echo ' ';
> > session_start();
> > print_r($_SESSION); //prints SESSION content
> >
> > ...
> >
> > }
> >
> >
> >
> >
> >
> >
> > =P e p i e D e s i g n s
> > www.pepiedesigns.com
> > Providing Solutions That Increase Productivity
> >
> > Web Developement. Database. Hosting. Multimedia.
> >
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
