My login does not seem to be creating a cookie. The form gets all the way to the cookie creation portion of the script and even echos that a cookie was made but it does not actually create one.
Here is the cookie portion of my code:
if (!$error) {
if (isset($_POST['rememberme'])) {
setcookie('guruemail', $loginemail, time() + 86400 * 365, '/', NULL);
setcookie('gurupassword', md5($loginpassword), time() + 86400 * 365, '/', NULL);
echo "Long-term cookie made";
} else {
setcookie('guruemail', $loginemail, false, '/', NULL);
setcookie('gurupassword', md5($loginpassword), false, '/', NULL);
echo "Short-term cookie made";
}
}
The login can be visited at http://protein.guru/signin.phtml
The cookie test can be viewed at: http://protein.guru/testcookie.php
Here is the cookietest code:
<?php
echo "Value is: " . $_COOKIE[$guruemail];
echo "Value is: " . $_COOKIE[$gurupassword];
?>
For the sign-in:
I am using the email: tester3651#outlook.com
Password is: meatloaf
Note:Possible newbie mistake? -- I do not have a session_start(); anywhere in either code. Not sure if I would need that for a straight cookie login.
Any feedback would be appreciated. Thanks everyone.
As mentioned in the comments:
Access the $_COOKIE arrays with strings, instead of a variables.
<?php
echo "Value is: " . $_COOKIE['guruemail'];
echo "Value is: " . $_COOKIE['gurupassword'];
?>
You'll need quotes around the cookie variable
<?php
echo "Value is: " . $_COOKIE['guruemail'];
echo "Value is: " . $_COOKIE['gurupassword'];
?>
Actually it would be much more secure to use $_SESSION instead for users login as users can manually set $_COOKIE.
More details at the following answer: Making login more secure
Related
I know that by using $_SESSION, one can store values over time. The default time is 1440 seconds = 24 minutes. I would like my values to be stored: for a longer time/until the browser has been closed.
Let's say I want to store the a boolean value and string value. Is session the best way?
For example: $_SESSION["value"] = true; and $_SESSION["value2"] = "my_string";?
Is session the best way, or are there any other good/better solutions? The values has to be available for all the pages (.php) on my website.
You can use cookies to store data for longer period of time.
so using cookies would be like
Set Cookie
<?php
$cookie_name = "value2";
$cookie_value = "my_string";
//Cookie to hold true false can set using 0 or 1 like
//setcookie('value', '0'); 0 for false, 1 for true
setcookie($cookie_name, $cookie_value, time() + (86400 * 30), "/"); // 86400 = 1 day
?>
Retrieve Cookie value
<?php
if(!isset($_COOKIE[$cookie_name])) {
echo "Cookie '" . $cookie_name . "' is not set!";
} else {
echo "Cookie '" . $cookie_name . "' is set!";
echo "Cookie Value is: " . $_COOKIE[$cookie_name];
}
?>
Setting and retrieving cookie for boolean
<?php
$CookieVar = true;
// setting the cookie
setcookie('myCookie', $CookieVar ? '1' : '0'); //set '1' if true else set '0'
if (isset($_COOKIE['myCookie']) AND $_COOKIE['myCookie'] === '1') {
echo 'true';
} else {
echo 'false';
}
?>
Screenshot
You can use the local storage for saving the data and for using it from any page on the website.
Using Javascript
window.localStorage.setItem(key, value);
This key can be removed using
window.localStorage.removeItem(key, value);
You can get the key value using
window.localStorage.getItem(key);
Requirement: use QRBOT-app to scan a barcode on a mobile and give the number scanned to the website.
Problem: I've a session open (1), from here I'm opening the app (see ScanBardcode.php), I scan and the app returns to the callback-URL including the required parameters. However I do expect it is re-using it's session, it creates a new one (2). Can someone help me? It does have both sessions active and both pages keep using it's own session. I can only test it on my cell phone, which I checked is using each time (the initiate-1 and the callback-2 the same browser)
What I tried already:
1. Pass the sessionID in the callback URL (QRBOT doesn't allow parameters)
2. Set Session.auto_start to 1
ScanBarcode.php
<?php
include_once('../../config.inc.php'); //contains DB connection details and other settings
include_once($fullurl . '../../admin/includes/sessie.inc.php'); //generates session
echo "SessionID=". session_id() . "!";
$_SESSION['BarCode'] = "VoorraadTellen";
echo "Wat gaan we doen? " . $_SESSION['BarCode'] . "</br></br>";
//URL to open qrbot.
echo "click"
?>
ScanBarcodeCallBack.php
<?php
$source = $_GET['x-source'];
$content = $_GET['content'];
$format = $_GET['format'];
include_once('../../config.inc.php');
include_once($fullurl . '../../admin/includes/sessie.inc.php');
echo "Wat gaan we doen? " . $_SESSION['BarCode'] . "</br></br>";
echo "SessionID=". session_id() . "!";
echo $source . $content . $format;
// HERE I WRITE TO THE DB.
?>
sessie.inc.php
<?php
$a = session_id();
if(empty($a))
{
session_start();
}
if(isset($_SESSION['sgebruiker']))
{
$now = time();
if($now - $_SESSION['stijd'] > $_SESSION['maxidle'])
{
$_SESSION = array();
session_destroy();
}
else
{
$_SESSION['stijd'] = $now;
}
}
elseif(isset($_COOKIE['login_cookie']))
{
//Check against db and set cookie.
}
?>
Adding screenshot when I add the sessionId in the URL as a parameter:
enter image description here
Update to ScanBarcode.php
`echo "click"
as far as i know you don't need the whole check with session_id(). PHP Documentation for session_start() says:
session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie.
this is also my experience. every time i used session_start() i just put it at the top of every file (or included it like you did)
When you pass the session ID in the URL, you need to use the parameter to set the session ID before calling session_start(). Change sessie.inc.php to:
<?php
if (isset($_GET['s'])) {
session_id($_GET['s']);
}
session_start();
if(isset($_SESSION['sgebruiker']))
{
$now = time();
if($now - $_SESSION['stijd'] > $_SESSION['maxidle'])
{
$_SESSION = array();
session_destroy();
}
else
{
$_SESSION['stijd'] = $now;
}
}
elseif(isset($_COOKIE['login_cookie']))
{
//Check against db and set cookie.
}
?>
Working with both #Tsai and #Barmar we found the solution.
We fixed it by:
- Encoding the URL by using urlencode-function
- Take the sessionID from URL and apply that using session_id-function before initiating the start_session (see also).
The cleaned up code below; hopefully someone would be able to use it also.
ScanBarcode.php
<?php
include_once('../../config.inc.php'); //contains DB connection details and other settings
include_once($fullurl . '../../admin/includes/sessie.inc.php'); //generates session
echo "SessionID=". session_id();
//URL to open qrbot.
$CallbackUrl = "http://ilonashairstyling.nl/2016UAT/module/Ilonas_admin/ScanBarcodeCallBack.php?s=" . htmlspecialchars(session_id());
echo "click"
?>
ScanBarcodeCallBack.php
<?php
$source = $_GET['x-source'];
$content = $_GET['content'];
$format = $_GET['format'];
include_once('../../config.inc.php');
ini_set("session.use_cookies",0);
ini_set("session.use_trans_sid",1);
session_id($_GET['s']);
//print_r($_SESSION); //You can test it with this code
//print(session_id()); //You can test it with this code
ini_set("session.use_cookies",1);
ini_set("session.use_trans_sid",0);
include_once($fullurl . '../../admin/includes/sessie.inc.php');
echo "Wat gaan we doen? " . $_SESSION['BarCode'] . "</br></br>";
echo "SessionID=". session_id() . "!";
echo $source . $content . $format;
// HERE I WRITE TO THE DB.
?>
sessie.inc.php is unchanged
I'm having problems getting simple session data values to persist after a page redirection. A function checks user data sent via Post and if it matches values in a database it sets session data to the values and redirects to another page:
if ($login_ok) {
//set session data
$_SESSION ['online'] = 1;
$_SESSION ['userid'] = $id;
$_SESSION ['username'] = $name;
//redirect to new page
redirect('start.php');
}
In the new page code the session data is not set. Simple testing returns null values as if the session data wasn't set:
echo 'Session Login Status: ' . $_SESSION ['online'];
echo 'Session UserID: ' . $_SESSION ['userid'];
echo 'Session Username: ' . $_SESSION ['username'];
Replacing the redirect with the above echo statements works correctly. Is the fact that the session data is set and the redirect activated before any page data has loaded mean that the session variables are not assigned?
To ensure an active session is always available, an include file contains this code:
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
Any idea what the issue is here?
Many thanks,
Kw
Check if the session is set before progress with
if isset($_SESSION ['online']) and
isset($_SESSION ['userid']) and
isset($_SESSION ['username'])
{
echo 'Session Login Status: ' . $_SESSION ['online'];
echo 'Session UserID: ' . $_SESSION ['userid'];
echo 'Session Username: ' . $_SESSION ['username'];
} else {
echo 'Redirect to login or Session expired';
}
Instead of redirect try this
$uid = $_SESSION['USERID'];
if (isset($uid) || $uid != NULL)
{
if (!headers_sent()) {
header('Location:main.php');
exit;
}
else {
?>
<script>window.location = 'main.php';</script>
<?php
}
}
This seems to be a server rather than a code issue. Running the code on a localhost server works correctly. Hope this is helpful to people experiencing similar issues.
Saying that, I have no idea how to set the remote server to allow session data. The server has browser based web administration software called cPanel, any suggestions?
When i close windows tab, session was dead!
how can i stop that ?
i use this :
session_start(['cookie_lifetime' => 86400,]);
but when user close tab or move to another page session was dead !
example :
i'm in page => "home"
when i try to go this url "example.com/users"
the session was dead.
• please note this , this problem is just in my website, i can use that ( users page ) in "localhost". but i never can't close browser ( in both (localhost/website) ,
i guess if session will alive for long time ( example 1 day ) , the problem could solved.
thanks.
a session stays active as long as the browser is active, when it closes the session closes as well. If you want to stop this from happening i recommend you to create a cookie instead. Read all about it here
cookie example from W3schools on how to create a cookie:
<?php
$cookie_name = "user";
$cookie_value = "John Doe";
setcookie($cookie_name, $cookie_value, time() + (86400 * 30), "/"); // 86400 = 1 day
?>
<html>
<body>
<?php
if(!isset($_COOKIE[$cookie_name])) {
echo "Cookie named '" . $cookie_name . "' is not set!";
} else {
echo "Cookie '" . $cookie_name . "' is set!<br>";
echo "Value is: " . $_COOKIE[$cookie_name];
}
?>
</body>
</html>
AND the way you are trying to use a session is wrong!
What's the correct way of passing variable using PHP cookie. I can't seem to get it to work? I keep getting "FAILED!"
Here's my code:
On 1st page:
$crpid['ONE']="PAGE1";
$crpid['TWO']="PAGE2";
$crpid['THREE']="PAGE3";
$crp_id = $_SERVER["REDIRECT_URIPART"];
$crp_value = $crpid[$crp_id];
session_start();
setcookie('crpid', $crp_value, time()+3600, "/");
On 2nd page:
if(!isset($_COOKIE['crpid']) && $_COOKIE['crpid']==''){
echo "FAILED!";
}
else{
echo "Cookie ".$_COOKIE['crpid']." is set!";
}