For some strange reason I get different session ids on two pages.
Let me illustrate the problem:
I have a webshop where a user can go to a checkout page, click the order button. This will open a payment link to a payment provider I use, this provider checks a script on my domain which is called exchange.php
If the status is 100 (success) the script redirects to another page on my domain called upload.php (rewritten to mysite.nl/voltooien with some parameters, full example: https://www.mysite.nl/voltooien?orderId=1697612595X0e3ce&orderStatusId=100&paymentSessionId=1697612595
For some reason on this upload.php page my user session ($_SESSION['user']) is gone, the user is logged out, but when I keep another tab open on a different page, for example the account page and refresh this page after completing an order, I stay logged in. The user session is active.
If I then go back to upload.php en refresh it's still gone. So I tried echoeing the session ids like this: echo session_id(); in the header file which is included on both pages. And both show a different session id.
On upload.php: 0320c6c27e2d3b8138bde40dcca61443 and on account.php : bd1b6d9e4d21f19a87d5b13343eb99c4
Shouldn't they be the same? They are both on the same domain, nowhere do I unset the user session or destroy the entire session.
What can be causing this? I went overkill with session_start(); to make sure this was not the issue and added it to all files that are included at the top but still have the same issue.
The code at the top of upload.php:
<?PHP
session_start();
require_once $_SERVER['DOCUMENT_ROOT']."/phpMailer/class.phpmailer.php";
require_once $_SERVER['DOCUMENT_ROOT']."/phpMailer/Exception.php";
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;
$productmenu = 'false';
$page = 'order_done';
$title = 'Bedankt voor je bestelling!';
if ($_GET['orderStatusId'] == '100') {
unset($_SESSION['producten']);
unset($_SESSION['kortingscode']);
}
require_once $_SERVER['DOCUMENT_ROOT'].'/includes/header.php';
// Clear empty session values
unset($_SESSION['producten']['']);
echo session_id();
?>
The code at the top of my header.php which includes a connection file with session_start(); , I also tried adding it to the top of this file with no success. This file is included first at the top of my account page:
<?PHP
date_default_timezone_set("Europe/Amsterdam");
require_once $_SERVER['DOCUMENT_ROOT'].'/includes/connection.php';
require_once $_SERVER['DOCUMENT_ROOT'].'/includes/connection_studio.php';
require_once $_SERVER['DOCUMENT_ROOT'].'/includes/connection_extern.php';
$conn = new Connection;
include $_SERVER['DOCUMENT_ROOT'].'/catalog/lastorder.php';
include $_SERVER['DOCUMENT_ROOT'].'/includes/createdesignfavarray.php';
And in my exchange.php file which also has session_start(); at the top, the only thing I do with sessions is unsetting a different product session and coupon session like this:
// Empty product session
unset($_SESSION['producten']);
unset($_SESSION['kortingscode']);
I don't do anything with the user session here.
No clue what is causing this. Can it be something is bugged or something in my hosting needs to be changed?
Related
I have one page called page1.php which set certain variables and redirects to payment gateway site like below:
<?php
session_start();
$_SESSION['var1'] = "test1";
$_SESSION['var2'] = "test2";
$_SESSION['var3'] = "test3";
header('Location: http://www.paypal.com');
exit();
?>
And after successful payment user redirects to success.php where I am trying to get value from session variable like below. But it gets empty randomly. From logs I found that session id got changed after redirection. Any idea why it is generating new session id on redirection for some random case only?
<?php
session_start();
print_r($_SESSION);
?>
From logs I had found that a new session id gets generated on success.php when I get empty session. As issue is not reproducible easily and it happens randomly, Is anyone have any solution or suggestion to solve this issue?
I have implemented session into my application, but I need to allow the logged in user to use the back button to go to the previous pages.
How do I make sure that the session does not expire and allows the user to view the previous page?
Here is my code
<?php
//Start session
if (session_status() !== PHP_SESSION_ACTIVE) {
session_start();
}
$User = $_SESSION["User"];
//Page content
?>
I have started the session, when I use the back button on browser I get a page that reads session has expired. Which I do not want to happen.
in your php at the top of each page, start your session before your opening <html> tag
<?php session_start(); ?>
<html>
in your php somewhere set your session variables note this value must be serializable
<?php $_SESSION["variable"] = "value"; ?>
then anytime you want to access that session variable you can do the following AFTER calling session_start();
<?php echo $_SESSION["variable"]; ?>
if you handle your sessions in this manner, session variables will be available on previous and future pages.
caveat:
depending on browser and headers sent from your server, when you go back a page, it reloads the page as it was in the cache so consider the following:
User goes to page and is does not have a session variable set
User does action that sets a session variable and sends them to a second page
User hits back button
User is shown the pre-session cached version of the first page
User refreshes page
User now sees the first page w/ session variable set
the reason for the hiccup is that some browsers do not always make a new request on back button sometimes it loads from the browser cache. read the very end of this answer: https://stackoverflow.com/a/1313941/884453
EDIT
You posted code above with a check to session_status first. This is incorrect. You ALWAYS need so session_start();
<?php
//Start session
session_start();
// User is either pulled from the session or is null
$User = $_SESSION["User"] ? !empty($_SESSION["User"]) : NULL;
//Page content
?>
the code for if (session_status() !== PHP_SESSION_ACTIVE) { is only useful in situations where some other bit of code (usually in a framework) may have started the session already.
If you have set up your session management correctly, you don't need to do anything.
However, this correctly depends on what kind of state you have in the session and how you manage it. Also timeouts will still apply (as they should).
You can use javascript history method also for that so your session also remain same.
<button onclick="goBack()">Go Back</button>
<script>
function goBack() {
window.history.back();
}
</script>
Once i logged in i set a session variable inside body element(inside login.php) as below:
session_start();
$_SESSION['Username'] = $_POST["Username"];
if(isset($_SESSION['Username']))
$loginTrue = 1;
else
$loginTrue = 0;
and on top every page i have added this
<?php
session_start(); //this was added after seeing many suggestions in stack overflow that session_start() has to be called at the top on each page. Though i tot calling once was sufficient.
if(isset($_SESSION['Username']))
$loginTrue = 1;
else
$loginTrue = 0;
?>
Now whenever i redirect my page after login from login.php $_SESSION['Username'] gets unset, i dont know how. I redirect using a button click as in
onclick execute window.location = home.php
This is not comman
check your code with this code may be some error is on the page
<?php
ini_set('display_errors',1);
error_reporting(E_ALL);
?>
And check your php.ini setting for this.
And check your code with different browser.
And any blank output should be on your page before session start.
alright guys i solved it somehow. I dont know how i did but i did. Firstly i created 4 webpages, a small one just to check the if session variables are supported. Once i confirmed this then i did the below and my original webpage started working session start is very important at top of all pages. Also try session activity in different browsers. Also check by closing dreamweaver. Also make sure is used instead of transitional and stuff and also that session start comes before doctype html declaration
I am working with a PHP Login System from http://tutorialzine.com/2009/10/cool-login-system-php-jquery/ Just to give you a quick overview, I believe the tutorial sets up the variable in the following manner:
<?php
define('INCLUDE_CHECK',true);
require 'connect.php';
require 'functions.php';
// Those two files can be included only if INCLUDE_CHECK is defined
session_name('tzLogin');
// Starting the session
session_set_cookie_params(1*7*24*60*60);
// Making the cookie live for 1 weeks
session_start();
if($_SESSION['id'] && !isset($_COOKIE['tzRemember']) && !$_SESSION['rememberMe'])
..........
So far so good, except that I cannot carry over the session variables from the Main Login page to subsequent pages (which contain restricted content). Here is the basic code that I intend to place at the start of each restricted content page
<?php
session_name('tzLogin');
session_set_cookie_params(1*7*24*60*60);
session_start();
if($_SESSION['id']) <-- I believe I need more code here (incldue the cookie)
{
//If all is well, I want the script to proceed and display the HTML content below.
}
else
{
header("Location: MainLogin.html");
or die;
//redirects user to the main login page.
}
?>
As you can see, I am a total novice, but any help would be greatly appreciated. As of now, my restricted content pages keep getting redirected to the homepage even when I am properly logged in. Hence I suspect, the SESSION state is not being carried over. Thanks again!
You should probably make sure that you set the path and domain when you invoke session_set_cookie_params:
session_set_cookie_params ( 1*7*24*60*60, '/','.yourdomain.com')
See http://php.net/manual/en/function.session-set-cookie-params.php
(It's a good idea to set the httpOnly attribute as well.)
Additionally, make sure you actually assign some value to your session id key (it's not clear in your code sample that you do):
$_SESSION['id'] = 'some value';
Finally, you may want to use session_status() while debugging to verify you've actually started the session correctly (http://php.net/manual/en/function.session-status.php).
I have a vbulletin forum. which is located in www.myDomain.com/Forum
I have another in www.myDomain.com/OtherSite/app
I want my Forum logged in users to be identified the other site.
The forum's cookies session path is on the main Domain path /var/www/myDomain
On my site I use
chdir(FORUM_DIR);
include './global.php';
$arr = $vbulletin->userinfo;
to get the session.
The thing is this - It works. I get the users data etc...
and then, it stops working for no apparent reason after a few page loads.
In my view, a possible reason is that I use the code (listed above) twice in my page load... Could this be it?
edit:
more code untile the sesion include, As requested.
edit2:
thanks #VladTeodorescuI have changed all the include to include_once, but stil the same symptoms, the user data is displayed and then, after 15 mins of using, the session "goes away".. (I have checked the forum site, the user is still logged in there)
ini_set('display_errors',1);
error_reporting(E_ALL);
// CONSTS
//PATHS
define('MAIN_DIR', dirname(dirname(dirname(__DIR__))));
define('APP_NAME', 'GoldSig');
define('CLASS_DIR', MAIN_DIR .'/class');
define('APP_DIR', MAIN_DIR.'/'.APP_NAME.'/app');
define('FORUM_DIR', MAIN_DIR.'/Forum');
define('CHAT_DIR', APP_DIR.'/chat');
//commands and trades tables names
define('T_COMMAND', 'commands');
include_once CLASS_DIR . '/Services/Helper/Files.php';
include_once CLASS_DIR . '/Services/Login/Authorize.php';
if (!Authorize::IsLocalhost()){
chdir(FORUM_DIR);
include_once './global.php';
$arr = $vbulletin->userinfo;
}
I was trying to access my domain from myDomain.com/GoldSig/app
and the session's data is stored in www.myDomain.com/GoldSig/app
I get redirected automatically to myDomain.com/GoldSig/app in FF , though..
hard part is over ..