i will handling scurity file with session, but i have problem.
i have filea.php with session.
session_start();
if ($_SESSION['login']){
include('fileb.php');
}
i have fileb.php with session.
session_start();
if ($_SESSION['login']){
} else {
// redirect to login
}
i will include fileb.php in filea.php using include file
my filea.php
session_start();
if ($_SESSION['login']){
include('fileb.php');
}
anyone can help me?
Instead of just using session_start() on fileA and fileB, you could use:
if (session_status() === PHP_SESSION_NONE){session_start();}
This will ensure that session will be started only if it is not already set, else will be skipped.
Similarly to see if SESSION variables are set or not, consider using:
if(isset($_SESSION['login'])) {
// Your codes here
}
Where, I assume that you have managed the session variables somewhere else and is working properly.
Related
I am using sessions to log users into my site.
The login form sends the input to a login-exec file which then queries the db and validates the login info. I have placed session_start(); at the beginning of the login-exec file and then used the below snippet to write data to the session:
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['id'];
$_SESSION['Username'] = $member['username'];
$_SESSION['key'] = $member['Serial'];
session_write_close();
header('Location: account.php');
at the beginning of the account.php file i have required the auth.php to validate the session.
account.php: require_once('auth.php');
auth.php:
<?php
//Start session
session_start();
//Check whether the session variable SESS_MEMBER_ID is present or not
if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {
header("Refresh: 5; url=login.php");
//echo $_SESSION['SESS_MEMBER_ID'];
die("Access Denied!");
exit();
}
?>
Always the first time logging in it returns access denied. When the script redirects back to the login page and I try again it always works... I have saved my php files in UTF-8 Without BOM as I originally thought there was leading white space before the session was started. That did not fix the issue and I really can't figure this out.
Any ideas as to why this is happening?
I believe the issue was the redirection url in my login-exec.php script. For example:
If I loaded the login.php script by going to http://www.mydomain.com/mysubdirectory/login.php and the header redirect in login-exec.php was pointing to http://subdomain.mydomain.com/account.php the PHPSESSID was being regenerated because the domain changed.
So I changed the header redirects to account.php instead of the full url and this resolved the issue.
I could have used a full URL either subdomain.mydomain.com or mydomain.com/subdirectory/ but in doing so would of restricted the user and the scripts portability. So simple answer..ensure the domain is staying the same. If it isn't you can set the session name which I am pretty sure would resolve this aswell. However in my case header('Location: script.php'); did the trick.
Get rid of the session_write_close();
If that doesn't solve it, it might be that you are losing the session in the account.php file.
Make a call to session_start(); before requiring the auth.php page.
I have this written at the very first line on every page of my website.
include("restd.php");
and restd.php contains the following lines :
#session_start();
if(isset($_SESSION['id']))
{
}
else
{
header("location:index.php");
}
The problem i'm facing is that when ever i click or do something on my website. it logs me out and takes me to index.php.
im sure its something to do with the session. ive tried every single thing to avoid this problem but i ahve used restd.php because i dont want anyone to copy the url of someone and paste and get into the website.
anyone who is logged in only can view other's pages. if they arent logged in then they'll be redirected to index.php
EDIT : and guys a confusing thing is that all this is working fine on my testing server which is easyPHP-5.3.8.0 but this problem is coming up when i upload all the files to my server.
Your session directory (probably /tmp/) is not writable.
Check with session_save_path() if it is writable.
if (!is_writable(session_save_path())) {
echo 'Session path "'.session_save_path().'" is not writable for PHP!';
}
Do you actually set $_SESSION['id'] on a page...
What you are trying to do here is:
Start a session and load the $_SESSION from the session handler
Check if $_SESSION contains key 'id'
Redirect to index.php if $_SESSION['id'] is not set
Do you actually do this in index.php?
session_start();
$_SESSION['id'] = something;
you need declare $_SESSION['id'] :
file1.php
session_start();
$_SESSION['id'] = '123'
file2.php
include 'file1.php'
if(isset($_SESSION['id']))
{
}
else
{
header("location:index.php");
}
In my case I forgot that I had the PHP flag session.cookie_secure set to on, while the development environment was not TLS-secured.
More information about Session/Cookie parameters.
I know this is an old thread, but the following helped me with the same problem after hours of despair. Found on: http://php.net/manual/de/function.session-save-path.php
I made a folder next to the public html folder and placed these lines at the very first point in index.php
Location of session folder:
/domains/account/session
location of index.php
/domains/account/public_html/index.php
What I placed in index.php at line 0:
<?php
ini_set('session.save_path',realpath(dirname($_SERVER['DOCUMENT_ROOT']) . '/../session'));
session_start();
?>
Hopefully this will save you time.
Check maybe your session path does not exist
so you can save PHP session path using:
ini_set(' session.save_path','SOME WRITABLE PATH');
Couple things:
your include file doesn't have the <?php ?> tags, so the content will not be evaluated as PHP
Session_start must be called before you start outputting anything. Is that the case?
You still don't even answer where you SET $_SESSION['id']. $pid = $_SESSION['id'] does not set the session variable. session_start() comes before ANYTHING session related, it's not shown before your include.
I had the same problem and found a work-around for it. If anybody can explain why the session is not read even when the cookie is there, please let me know.
<?php
// logged.php
// The PHP session system will figure out whether to use cookies or URLs to pass the SID
if(!isset($_COOKIE['PHPSESSID']) && !isset($_GET['PHPSESSID']) && authenticationRoutine(/* Returns true if succesfully authenticated */) ) {
session_id(uniqid("User--"));
session_start();
$_SESSION['id']=session_id();
}
?>
<?php
// Insecure restd.php (The user can forge a stolen SID cookie or URL GET request, but that is inherent with PHP sessions)
if(!isset($_COOKIE['PHPSESSID']) && !isset($_GET['PHPSESSID']) {header('Location: index.php')}
?>
.
[EDIT]
Even though the cookie was there and I prevented starting a new session, the session had not been read and started, so no session variables were available. In this case I check if the session has been started first (not using session_status() because it doesn't exist in PHP 3.5, which for some reason is the most widespread among hosts). If no session has been started within PHP, I check if it had been started before by testing the cookies and GET variables. If a session ID was found, the script resumes the session with that ID. If no ID is available, the user gets redirected to the index.
<?php
// restd.php
if(empty(session_id())) {
if(isset($_COOKIE['PHPSESSID']) && !empty($_COOKIE['PHPSESSID'])) {session_id($_COOKIE['PHPSESSID']);}
elseif(isset($_GET['PHPSESSID']) && !empty($_GET['PHPSESSID'])) {session_id($_GET['PHPSESSID']);}
else {header('Location: index.php'); exit(0);}
session_start();
}
I have a problem with my login script:
I have this 3 scripts
index.php
ob_start();
session_start();
include ('config.php');
include ('home.php');
ob_end_flush();
home.php
if($_SESSION['logged_in']) {
echo $_SESSION['nome'];
} else { ?>
<form name="login" action="checklogin.php";>
...
<?php } ?>
checklogin.php
ob_start();
session_start();
include("config.php");
if(isset($_POST['Submit'])) {
...
$_SESSION['logged_in'] = TRUE;
header("Location: http://$root");
die();
}
ob_end_flush();
My problem is this: When I try to log for the first time my page refresh without show the session. Why?? If a try to close and re-open my browser or log for the second time it will show the session. Why? What should I do?
The problem you're having is that your PHP session is still active due to the lifespan of the session cookie from PHP. See this discussion here for ways to expire your sessions using a $_SESSION variable to hold a timestamp and then checking that timestamp to see if a certain amount of time has past.
Alternatively, that same discussion also gives detailed information on modifying the PHP server to set the default session lifespan using the garbage collection and cookie lifetime settings.
I'm not a PHP developer here.
I have a page that is unable to display session values even though they definitely exist. I am able to view them on another page, yet for some reason they cannot be seen on a certain page!?
EDIT:
Below is the script that exists on the top of the page
<?php
require_once('eu_gl.php'); // <- includes session_start() in it
if(!session_id()) session_start(); // added this in case, but should not be needed
?>
Contents of the include:
<?php
/*** Global include file **/
set_time_limit(300);
$time1 = microtime();
define('APP_SESS_NAME', 'EURA');
session_name(APP_SESS_NAME);
session_start();
session_set_cookie_params(0);
//...
?>
As #k102 mentioned, ensure you have session_start(); somewhere before you set/get your session variables. print_r($_SESSION); can also be handy in showing you what session information exists ...
I personally would modify your code to have this:
if (!isset($_SESSION)) session_start();
if (!isset($_SESSION['count'])) {
$_SESSION['count'] = 0;
} else {
$_SESSION['count']++;
}
print_r($_SESSION);
First point is :
better try
if(session_id() == "" ) session_start();
instead of
if(!session_id()) session_start();
as session_id wont return false.
php manual:
session_id() returns the session id for the current session or the
empty string ("") if there is no current session (no current session
id exists).
Second point is that session_start shall be the very first thing on your page unless you really need sthg else, but I can't see any reason in your code.
You have to make 2 php file for checking $_SESSION, session used for storing variable so you can use it in all page of your website.
test.php:
set_time_limit(300); // Timeout for script
$time1 = microtime(); // What this variable do in your script
define('APP_SESS_NAME', 'EURA'); // set constant APP_SESS_NAME
session_name(APP_SESS_NAME); // name session APP_SESS_NAME
session_start(); // start session
session_set_cookie_params(0); // this line must be called before session_start();
if(!session_id()) session_start(); // Delete this line
$_SESSION['name']= "test"; // set variable session with params name for checking session
test2.php:
define('APP_SESS_NAME', 'EURA'); // set constant APP_SESS_NAME
session_name(APP_SESS_NAME); // name session APP_SESS_NAME
session_start(); // start session
echo $_SESSION['name']; // check session is valid
I think you should understand about Session now.
Seems the naming of the session was the issue. Tt was named in the include: session_name(APP_SESS_NAME), then it seems I have to use that session name when starting it elsewhere.
I'm losing the data in $_SESSION when I do a header redirect. When I walk through this with a debugger I can see all my data in $_SESSION before I exit();
Login.php :
...
if($result == 1){
header("Location: /myaccount.php");
session_write_close();
exit();
} else {
header("Location: /login.php?invalid=yes");
exit();
}
Then I put a breakpoint after the session_start() conditional below and $_SESSION is completely empty.
myaccount.php:
<?php
if(!isset($_SESSION['user_id'])) { session_start(); }
$docRoot = getenv("DOCUMENT_ROOT");
...
Where did my session go?
Make sure you are using the function session_start(); before the if-statement on myaccount.php
You should call session_start() on every page accessing (that is, reading or writing) $_SESSION, and call it before any access to the session array. So, be sure you call session_start() on both pages.
Yes don't delete post ... I had EXACTLY the same issue, and this post caused me to involuntarily smack palm firmly against forehead. And it fixed the problem (with my code that is, not my dumbness). Cheers!