My env is: RH9, httpd-2.0.40-21.5, PHP 4.2.2 (RH RPM, gazillion compile flags enabled), session support enabled, register_globals is ON
I am writing a multi-page form, on the first page I session_register() a mess of variables (8 of them), the first time through the form everything works as expected, I can get things out of form variables and into relevant the $_SESSION variables. Items are put into the $_SESSION variables on the submit.
However, if I go back through the form again, the data in the $_SESSION variables is never updated. For example, if I start the form over again from page 1, there is data still in the $_SESSION variables (which I expect) but attempting to update it in the submit section never changes what's stored in the session.
Another thing that's odd is that I must coerce data into the $_SESSION variables by explicit assignment -- even with register_globals ON I cannot do a session_register('some_variable') on the first page of the form and then simply use $some_variable to update the stored session data on any of the pages.
I'm completely bewildered and am sure I am missing something terribly obvious.
Some basic things I am doing include:
1) at the start of each page (each page is new php script) I do a start_session() to ensure that I have access to the session variables
2) Form submission/validation is part of the same file that does the display
e.g., if ($submit) {validate page/populate $_SESSION vars} ELSE { display form for first time OR show where user need to make corrections}
Here's a small example of a typical page in the form:
<?php
require_once ('pre.php');
require_once('common/tracker/ArtifactsForUser.class');
require_once('common/forum/ForumsForUser.class');
require_once('common/pm/ProjectTasksForUser.class');
require_once('debuglib.phps');global $G_SESSION;
if (session_loggedin()) {
session_start();
if ($submit) {
if ( ($spending_period) && is_numeric($spending_limit) ) {
$_SESSION['spending_period'] = $spending_period;
$_SESSION['spending_limit'] = $spending_limit;
header("location: ".$_SERVER['HTTP_HOST']."/ads/ad-setup-step3.php"); // validated! On to the next page
}
else { // bogus POST, show the form again
session_redirect("/ads/ad-setup-step2.php");
}
} // of if submit...
else { // first time thru or we're re-displaying
session_start();
show_vars(); //DEBUG
echo site_user_header(array('title'=>$Language- >getText('my','title',user_getname()),
'pagename'=>'my','titlevals'=>array(user_getname())));
echo '<p><strong><font color="#FF0000" size="+2" face="Verdana, Arial, Helvetica, sans-serif">
Step Two: Set a spending limit. <font color="#0099FF" size="-2">more info</font></font></strong></p>
<form action=' .$_SERVER[PHP_SELF] . '>
<table width="200">
<tr>Limit total advertising expendatures to <b>$</b><input type="text" name="spending_limit" size=9"
align="right" maxlength="9"> per
<label><input type="radio" name="spending_period" value="1">Day</label>
<label> <input type="radio" name="spending_period" value="7">Week</label>
<input type="radio" name="spending_period" value="30">Month</label>
<input type="radio" name="spending_period" value="90">Quarter</label></tr>
</table>';
print '<div align="center"><input type=submit name="submit" value="Next"> </div>';
print "</form>";
} // of form display
} // of if session_loggedin()
else {
// TBD: user not logged in; scold them. tsk. tsk.
}
?>
any suggestions would be appreciated!
regards,
David
------------------------------------------------------------------------ ------------------
David HM Spector spector (at )zeitgeist.com
architecture/design/planning - security consultation - due diligence
Website: www.zeitgeist.com Blog: zeitblog.zeitgeist.com:8668
