Hi Today I am facing one strange Problem
After login validation I am storing the user name in session and redirecting it to some other page .
Validation page .
if (mysql_num_rows($sqlQuery) == 1) {
session_start();
$_SESSION['username'] = $login;
print $_SESSION['username'];
header("Location: dialout.php");
}
.
on dialout.php I am trying to print session like
var_dump($_SESSION);
But it doesn't print anything .
some googling I found that problem might be in writing the session directory .
So to check that I wrote one script .
print session_save_path();
if (!is_writable(session_save_path())) {
echo 'Session path "'.session_save_path().'" is not writable for PHP!';
}
else{
echo "writable -------------";
}
From above script I am getting writable.
Just wondering why my I am unable to access the session on dialout.php page
In your Validation page,the following code should be at the top of the file, as first line in your code.
session_start();
It should be included in every page if you want to use session variable.
First, carry out these usual checks:
Make sure session_start(); is called before any sessions are being
called. So a safe bet would be to put it at the beginning of your
page, immediately after the opening
After the header redirect, end the current script using exit();
(Others have also suggested session_write_close(); and
session_regenerate_id(true), you can try those as well, but I'd use
exit();)
Make sure cookies are enabled in the browser you are using to test
it on.
Ensure register_globals is off, you can check this on the php.ini
file and also using phpinfo(). Refer to this as to how to
turn it off.
Make sure you didn't delete or empty the session
Make sure the key in your $_SESSION superglobal array is not
overwritten anywhere
Make sure you redirect to the same domain. So redirecting from a
www.yourdomain.com to yourdomain.com doesn't carry the session
forward.
Make sure your file extension is .php (it happens!)
can all be found here: PHP session lost after redirect
Call session_start function in dialout.php befor accessing session variable like this :
session_start();
var_dump($_SESSION);
Related
PHP 7.1.7 on Windows Server 2008 Enterprise
... I noticed there were 5 other questions here just like this with no answer. I'm getting frustrated trying to do something that's always been so easy to accomplish in other languages for me. I just want to set a session variable and then read it on another page after a redirect. That should be simple basic functionality and I do not get why I've been sitting here for 2 hours trying everything I can think of and I still can't figure it out.
Each page of my application starts with: session_start();
I have a form edit processing page I'm starting with, where on a successful edit, the user is redirected back to the index page. Before the redirect, I'm setting a session variable ('success'). At this point, the session variable is set. If I comment out the header and exit() lines and echo the session["success"] variable.
$_SESSION["success"] = "The record was inserted successfully.";
header( 'Location: index.php');
exit();
}
Register Globals does not exist in my PHP.ini file (register_globals). I tried adding "register_globals=0;" to the PHP.ini file and restarting the server but I still doid not see a "register_globals" listing on the PHP info page.
No matter what I have tried, after the redirect to the index.php page, that session variable does not exist after the redirect ($_SESSION["success"]). I'm staying inside the same domain (same folder on the server really)
After setting the session variable ('success') and proving that it is set by echoing it on the edit proccessing page followed by an exit, I can not figure out how to get the session variable to persist after a redirect or page change:
If I try and echo that 'success' session variable after a redirect, I get this:
Notice: Undefined index: success
I'm not understanding why this is so difficult? What else could I try?
Thanks for any help.
Test whether the session cookie is set properly.
$_SESSION["success"] = "The record was inserted successfully.";
// header( 'Location: index.php');
echo session_name() .': '.session_id(); // print session cookie name & value
echo '<pre>' . print_r(session_get_cookie_params() ) . '</pre>';
exit();
What do you see? Open your browser's dev tools and look at cookies set when the server echoes the info above. If there is no cookie with the name (typically PHPSESSID) and session ID value above, then either your browser is not accepting cookies or the server isn't setting them. Either one will break cookie-based sessions.
If these seem to work ok, then re-establish your redirect. On the next page (index.php in your example), take a look at which cookies are received:
// Notice: this won't work on the page setting the cookie.
// Cookie should show up on the next page
echo '<pre>' . print_r($_COOKIE) . '</pre>';
Does the session id cookie exist?
If all this works, I would then look at whether PHP is actually storing session files properly. Session data is serialized and saved to files in a folder on the server's hard drive. Take a look at your php.ini, where you should see something like:
session.save_handler = files
session.use_cookies = 1
; where on server the files should be stored. the folder should be
; readable/writeable to the PHP process. Maybe '/tmp'?
session.save_path =
If you edit your php.ini, remember to restart the server.
Update
From your comments, everything seems to be setup correctly. Remove all other code. and just have this:
page1.php
<?php
session_start();
$_SESSION = []; //start with an empty array
$_SESSION['success']= 'record saved';
$_SESSION['id'] = session_id();
header('Location: index.php');
exit;
index.php
<?php
session_start();
var_dump($_SESSION);
if(isset($_SESSION, $_SESSION['id'])):
echo 'Session ids ' . ($_SESSION['id']===session_id()? 'match' : 'do not match');
endif;
What gets var-dumped in index.php after you get redirected from page1.php?
I made a simple registration page, which after validation, adds a unique identifier to the session id to identify the user and also sets a session variable 'UID' to a custom value. Then the script redirects to a new page.
$_SESSION['UID'] = $id;
session_id($sessID);
echo session_id();
session_write_close();
header("Location: https://localhost/AccountWebsite/landing.php");
exit();
?>
The landing page is supposed to be accessible only by members (i.e. those with a special unique session id set by my script), and that functionality wasn't working. So to check why, at the moment I allow anyone to access the page and their session id is echoed, and so is the 'UID' session variable.
<?php
session_start();
echo session_id()."\n";
echo $_SESSION['UID'];
?>
Now, when I echo the id it isn't the one I set myself. It is the generic PHP one, and the variable doesn't exist. During debugging, I commented out the redirect in the registration script, and instead had it echo the session id that it had just set. The echoed id is correct (obviously since it's echoed in the script it's set in), although when I enter the cookie manager on Firefox, it displays the session id as the generic php one, which means the session is reset when the first script ends and not between sessions.
Make sure session_start(); is called before any sessions are being
called. So a safe bet would be to put it at the beginning of your
page, immediately after the opening php tag before anything else.
Also ensure there are no whitespaces/tabs before the opening php
tag.
After the header redirect, end the current script using exit(); (Others have also suggested session_write_close(); and
session_regenerate_id(true), you can try those as well, but I'd use
exit();)
Make sure cookies are enabled in the browser you are using to test it on.
Ensure register_globals is off, you can check this on the php.ini file and also using phpinfo(). Refer to this as to how to turn it off.
Make sure you didn't delete or empty the session
Make sure the key in your $_SESSION superglobal array is not overwritten anywhere
Make sure you redirect to the same domain. So redirecting from a www.yourdomain.com to yourdomain.com doesn't carry the session
forward.
Make sure your file extension is .php (it happens!)
I have done all of the above from dayuloli's answer on this post
and have been debugging all day. Please help, why does the session not keep the id and variable values I set to it by the end of the script and sccross the whole server?
Additional info: I tried another example folder (on htdocs) where one page sets a variable and the other echoes it, and it worked.
You don't need to set a session_id unless you want multiple sessions. If you do specify a session_id, you need to call session_start() afterwards to start using it and submit the cookie into the client's browser.
Beyond that explanation, you need to use session_start() at the top of any script that requires sessions.
From http://php.net/manual/en/function.session-id.php:
session_id() needs to be called before session_start()
session_id() will always send a new cookie when session_start() is
called
Here's the code
<?php
print_r(session_get_cookie_params());
session_set_cookie_params(3600, "/", "mydomain.com");
When I refresh the page, the above parameters are not saved
session_start();
var_dump($_SESSION);
$_SESSION['name'] = "name";
When I refresh the page, the above variable is not saved
var_dump($_SESSION);
print_r(session_get_cookie_params());
However, both variable and parameters are correctly displayed on first page load.
?>
The first var_dump ALWAYS returns an empty array, the second successfully returns the "name" within it.
$_SESSION variables only ever last one page load.
I have tried naming the session, adding a (long) timeout, linking to a different page, but $_SESSION variables only ever last one page load.
Must this be a problem with the server?
Check with session_save_path() if it is writable.
if (!is_writable(session_save_path())) {
echo 'Session path "'.session_save_path().'" is not writable for PHP!';
}
This is from a previous post : PHP Session not Saving
if you use memcache/redis/mysql session storage backend, it can be down. Is there any errors shown? Try to enable error reporting in PHP.ini and rerun the code.
Probably you have put some html output before session_start()
and this prevents from setting the session.
I have a login page where user enters his username ans password. If successful I redirect him to index.php where I start a session:
session_start();
from index.php he can navigate to a different page ("p1.php") and on top of "p1.php" I have this check:
<?php
if(!isset($_SESSION))
{
exit;
}
?>
This works on my local server, but when I deploy this on remote server !isset($_SESSION) always returns true.
What could be happening here?
EDIT: I found on my hosting provider side a request to add this in php.ini:
session_save_path("your home directory path"/phpsessions);
And to create a phpsessions folder in my path.
I did but that didn't help.
I tried to do this as well:
in index.php:
session_start();
if(isset($_REQUEST['lecturer_id']))
{
echo "lecturer_id set";
$_SESSION['lecturer_id'] = $_REQUEST['lecturer_id']; // store session data
}
and in p1.php:
session_start();
if(!isset($_SESSION['lecturer_id']))
{
exit;
}
And the page always exits i.e. session variable is not defined
The server is most likely creating a PHP session silently which your local server is not configured to do.
Try checking for a specific $_SESSION eg $_SESSION['x'] rather than just a $_SESSION.
Edit:
Instead of checking isset($_SESSION) you should check for whatever session variable you set specifically: isset($_SESSION['SESSION_VARIABLE_YOU_SET'])
isset($_SESSION) returns true once session_start() is called, that's why you need to check for the specific $_SESSION variable you set
You'll just need to make sure you have session_start(); at the very top of your p1.php page and any page that uses session data.
Probably the remote server is configured for session autostart. If you can configure this php instance you can check it in php.ini file (session_autostart directive).
Update: Sorry, I did not understand correctly your question. Really, if session autostart is set to "on" session always exists. You can not use isset($_SESSION) to determine if user is logged or not.
I encountered the same scenario and what I did was I unset the first the variable for example, $_SESSION['loggedin']),
I will unset it first using :
session_start();
unset($_SESSION['loggedin']);
then i will comment out unset($_SESSION['loggedin']);
the problem solved.
I have this written at the very first line on every page of my website.
include("restd.php");
and restd.php contains the following lines :
#session_start();
if(isset($_SESSION['id']))
{
}
else
{
header("location:index.php");
}
The problem i'm facing is that when ever i click or do something on my website. it logs me out and takes me to index.php.
im sure its something to do with the session. ive tried every single thing to avoid this problem but i ahve used restd.php because i dont want anyone to copy the url of someone and paste and get into the website.
anyone who is logged in only can view other's pages. if they arent logged in then they'll be redirected to index.php
EDIT : and guys a confusing thing is that all this is working fine on my testing server which is easyPHP-5.3.8.0 but this problem is coming up when i upload all the files to my server.
Your session directory (probably /tmp/) is not writable.
Check with session_save_path() if it is writable.
if (!is_writable(session_save_path())) {
echo 'Session path "'.session_save_path().'" is not writable for PHP!';
}
Do you actually set $_SESSION['id'] on a page...
What you are trying to do here is:
Start a session and load the $_SESSION from the session handler
Check if $_SESSION contains key 'id'
Redirect to index.php if $_SESSION['id'] is not set
Do you actually do this in index.php?
session_start();
$_SESSION['id'] = something;
you need declare $_SESSION['id'] :
file1.php
session_start();
$_SESSION['id'] = '123'
file2.php
include 'file1.php'
if(isset($_SESSION['id']))
{
}
else
{
header("location:index.php");
}
In my case I forgot that I had the PHP flag session.cookie_secure set to on, while the development environment was not TLS-secured.
More information about Session/Cookie parameters.
I know this is an old thread, but the following helped me with the same problem after hours of despair. Found on: http://php.net/manual/de/function.session-save-path.php
I made a folder next to the public html folder and placed these lines at the very first point in index.php
Location of session folder:
/domains/account/session
location of index.php
/domains/account/public_html/index.php
What I placed in index.php at line 0:
<?php
ini_set('session.save_path',realpath(dirname($_SERVER['DOCUMENT_ROOT']) . '/../session'));
session_start();
?>
Hopefully this will save you time.
Check maybe your session path does not exist
so you can save PHP session path using:
ini_set(' session.save_path','SOME WRITABLE PATH');
Couple things:
your include file doesn't have the <?php ?> tags, so the content will not be evaluated as PHP
Session_start must be called before you start outputting anything. Is that the case?
You still don't even answer where you SET $_SESSION['id']. $pid = $_SESSION['id'] does not set the session variable. session_start() comes before ANYTHING session related, it's not shown before your include.
I had the same problem and found a work-around for it. If anybody can explain why the session is not read even when the cookie is there, please let me know.
<?php
// logged.php
// The PHP session system will figure out whether to use cookies or URLs to pass the SID
if(!isset($_COOKIE['PHPSESSID']) && !isset($_GET['PHPSESSID']) && authenticationRoutine(/* Returns true if succesfully authenticated */) ) {
session_id(uniqid("User--"));
session_start();
$_SESSION['id']=session_id();
}
?>
<?php
// Insecure restd.php (The user can forge a stolen SID cookie or URL GET request, but that is inherent with PHP sessions)
if(!isset($_COOKIE['PHPSESSID']) && !isset($_GET['PHPSESSID']) {header('Location: index.php')}
?>
.
[EDIT]
Even though the cookie was there and I prevented starting a new session, the session had not been read and started, so no session variables were available. In this case I check if the session has been started first (not using session_status() because it doesn't exist in PHP 3.5, which for some reason is the most widespread among hosts). If no session has been started within PHP, I check if it had been started before by testing the cookies and GET variables. If a session ID was found, the script resumes the session with that ID. If no ID is available, the user gets redirected to the index.
<?php
// restd.php
if(empty(session_id())) {
if(isset($_COOKIE['PHPSESSID']) && !empty($_COOKIE['PHPSESSID'])) {session_id($_COOKIE['PHPSESSID']);}
elseif(isset($_GET['PHPSESSID']) && !empty($_GET['PHPSESSID'])) {session_id($_GET['PHPSESSID']);}
else {header('Location: index.php'); exit(0);}
session_start();
}