Logic, the manual and Google say I'm right, but I'm no pro and I like to be 100% sure it is working for all browsers, in any circumstance.
I'd like to check if a user has cookies disabled in his browser. I cannot rely on isset($_COOKIE['test'], because when it's a new user or the user deleted all cookies, there will be no cookie and cookies still can be enabled.
I came up with a very simple solution, but my question is: can I be sure this to works?
If page 1 is: domain/index.php
<?php
session_start();
$_SESSION['id']='Hello';
session_write_close();
header('Location: login');
?>
And page 2 is: domain/login/index.php
<?php
session_start();
if(empty($_SESSION['id'])){
echo 'Turn on your cookies!';
}
?>
Will this always work?
[edit]
To answer my own question: no, this will not work.
I've posted a working solution below.
Thanks to everyone for pointing me in the right direction.
Thanks to everyone for pointing me in the right direction.
My solution works, so I'll share it with you:
index.php
<?php
ini_set('session.use_cookies',1);
ini_set('session.use_only_cookies',1);
ini_set('session.cookie_httponly',1);
$name='test';
if(empty($_COOKIE[$name]){
session_start();
//it seems nessecary to write something in the session
$_SESSION['test']=test;
session_write_close();
}
//redirect to a login page
header('Location: http://example.com/login/');
}
?>
And login/index.php
<?php
$name='test';
if(empty($_COOKIE[$name])){
echo 'Turn on your cookies';
die;
}
?>
See the manual on sessions and cookies
Related
Problem is: session is not being set another time after the page is redirected.
Have a look at my code:
login.php
<?php
session_start();
$pg=$_SERVER["REQUEST_URI"];
$pg=substr($pg,0,11);
$_SESSION['pg']=$pg;
?>
<form action='test.php'>
...
...
</form>
test.php
<?php
session_start();
$pg=$_SESSION['pg'];
if(some_condition){
echo "<script>";
echo "window.location='".$pg."'";
echo "</script>";
}
?>
First time, it works fine, it redirects to login.php. After first redirect (test.php to login.php), session is not being set again & so no redirect then after.
Can anyone tell why session is not being set after redirect?
You are using substr in the $_SERVER['REQUEST_URI'], and $_SERVER['REQUEST_URI'] returns /url.php, not http://server.com/url.php, so redo your substr function and it should work.
Somehow it still removes a session, can't still get the reason. Tried with setting up a cookie & made it consistent with pages needed.
if($_COOKIE['loginpage']!='/test.php'){
$pg=$_SERVER["REQUEST_URI"];
$pg=substr($pg,0,9);
setcookie('loginpage',$pg,false,'/');
}
As cookie is persistent across all two/three pages, it works fine.
Thank you all for your help, cheers :)
BEFORE YOU MARK THIS AS DUPLICATE, I have read through all the answers on this topic and Non of them worked for me, this is why I am posting this.
So the problem is that the data for $_SESSION is not saving from page to page. Here is my test:
TestOne.php
<?php
session_start();
$_SESSION["user_id"] = 1;
if(isset($_SESSION["user_id"])) {
header("Location: TestTwo.php");
}
?>
TestTwo.php
<?php
if(isset($_SESSION["user_id"])) {
echo $_SESSION["user_id"];
}
?>
It goes to page two but it is a blank page. Why is the data not saving from page to page?
session_save in the php.ini is set to /tmp (I am using hostgator)
You are missing session_start(); on your TestTwo.php
FYI : You need to call session_start(); on all of your PHP files, if you are making use of Sessions.
I have read through all the answers on this topic and Non of them
worked for me, this is why I am posting this.
Really caught my attention btw.
for using session variables, u need to use session_start()
before that
session_start();
if(isset($_SESSION["user_id"])) {
echo $_SESSION["user_id"];
}
You need session_start() on every page that requires the session.
I recently transferred my website from XAMPP to MAMP. The problem is that my logout system is no longer working. The logout widget:
Log Out
My logout page itself:
<?php
session_start()
session_destroy()
header('Location:login.php');
?>
The weird thing is that when I change something to logout.php, such as making it a simple echo statement:
<?php
echo 'test';
//session_start()
//session_destroy()
//header('Location:login.php');
?>
I still do not see 'test' in my browser; I just stay at index.php even though I have commented out the header in the page. I am 100% the link path is fine.
Wether or not I alter the logout.php file or not, I can see that the server has NOT deleted the session file in tmp/php. This is weird because I have allowed in MAC OS X everyone acces to read and write to this tmp/php folder.
OS: MAC OS X
SERVER: Apache within MAMP
PHP:5.4.4
BROWSERS: Problem occurs in both Google Chrome & Safari
(This is my maiden voyage with posting a question on stackoverflow, if you tips to improve my questioning, please let me know)
Try using this instead:
<?
session_start();
$_SESSION = array();
header("Location: index.php");
?>
I just clear $_SESSION, and it always works for me
If calling logout.php when it containts the code below does not print test then there is something else wrong and it has nothing to do with the sessions.
<?php
echo 'test';
//session_start()
//session_destroy()
//header('Location:login.php');
?>
You mention that it still shows the index.php, which makes me thing you have a rewrite rule in your .htaccess file which redirects the call from logout.php to the index. Check your htaccess file for any rules.
You can find information about htaccess on MAMP here
These are the essential parts of a logout, assuming that your scripts are using PHP sessions. Note that your logout script causes a parse error because it is missing semicolons at the end of statements. Maybe just a typo.
<?php // RAY_EE_logout.php
session_start();
// CLEAR THE INFORMATION FROM THE $_SESSION ARRAY
$_SESSION = array();
// IF THE SESSION IS KEPT IN COOKIE, FORCE SESSION COOKIE TO EXPIRE
if (isset($_COOKIE[session_name()]))
{
$cookie_expires = time() - date('Z') - 3600;
setcookie(session_name(), '', $cookie_expires, '/');
}
// TELL PHP TO ELIMINATE THE SESSION
session_destroy();
// REDIRECT TO THE HOME PAGE
header("Location: /");
exit;
HTH, ~Ray
Try using output buffer.
<?php
ob_start();
session_start();
session_destroy();
header('Location:login.php');
?>
In my case it had to do with the php code block not being defined correctly. I had <? ?> instead of <?php ?>
Hope this helps someone.
#tom.e.degroot: Last time I checked, "it didnt work" was not an error message. You'll need to describe the symptoms a little more. Please follow the guidance here: http://SSCCE.org and give us something we can install and test on our own servers. Thanks, ~Ray
I have a web app I am developing for a school project, I am having issues with the logout page. When a user clicks logout it will send them to a logout.php which just looks like this:
<?php include ("includes/check_authorization.php");
// Unset the session and destroy it
session_unset();
session_destroy();
// Redirect to the home page
echo '<META HTTP-EQUIV="Refresh" Content="0; URL=index.php">';
exit;
?>
It is very simple, but it will unset, then destroy the session, and redirect to the index, which is the login page. However when this is run the index immedietley redirects to a user homepage. The check_authorization page included at the top will redirect someone to login if the username and id are not set and matching in the $_SESSION, so this means that it is setting these for me? I am really confused as to how this is happening. I am using CAS for authentication.
EDIT: the check_authorization.php also initializes the session as well as checking those key values
For like this situation I did as follows, this is working for me all the browsers,
#session_unset();
$old_sessid = #session_id();
#session_regenerate_id();
$new_sessid = session_id();
#session_id($old_sessid);
#session_destroy();
Rather than just unsetting the data, try assigning a dummy value to the session, like:
$_SESSION['authKey'] = '!!INVALID!!';
session_unset();
session_destroy();
Even if the session 'revives', the authentication can't possibly succeed anymore because of the "fake" data.
There are some possibilities :
The most simple possibility : did you include the
session_start();
on top the file? before you include a file? I've been there before, and it pissed me off.
The second possibility : try to put
session_regenerate_id();
on the very top of your file (before you declare session_start();). Because in some Server Hosting, their configuration still using "LINUX" style that i can't explain to you here. But, the point is they always using "cache" when you redirect. In other words, you always redirect into your "cached" page when you rediret to another page. See.. it's hard to explain for you here. But just try the session_regenerate_id(); code, maybe it would work.
I never use the "echo" things in doing redirect things. Try :
header("location:index.php");
i don't know if this working or not. I just simply giving you my analysis based of my assumptions.
Hope these helpful. :)
I'm writing a user login system, and I (like so many others) am having a problem with my sessions.
Here's the pointer from the login script when the inputs are validated:
session_start();
$_SESSION['id']=$id;
header('location: memberhome.php');
Here's the first thing on memberhome.php:
<?php
session_start();
$id=$_SESSION['id'];
?>
And later in memberhome.php:
You are logged in as: <?php echo $id; ?>
The problem is $_SESSION['id'] is apparently empty so the echo $id prints nothing.
An alternate that also does NOT work:
//removed session_start and $_SESSION bit from the top
You are logged in as: <?php session_start(); echo $_SESSION['id']; ?>
NOW, here's the weird part. This method DOES work:
You are logged in as: <?php echo session_start();$_SESSION['id']; ?>
You can see the session_start() is moved AFTER the echo. This works when the page loads from the login script. However, upon refresh, it does NOT work once again.
I've tried a bunch of alternatives and spent a few hours searching for answers in previous questions. I also looked at my phpinfo() for something fishy and found nothing. This is entirely what my progress is hinging on. Thanks!
First of all, please enable debugging:
error_reporting(E_ALL);
ini_set('display_errors', '1');
Second, session_start() needs to be at the top of the page. So the line you wrote;
You are logged in as: <?php echo session_start();$_SESSION['id']; ?>
will never work.
The following line needs to be on top of the page, before any HTML etc.
<?php
session_start();
$id=$_SESSION['id'];
?>
Have you tried:
print_r($_SESSION);
to examine the contents of the session?
Make sure you're calling session_start() before you output anything on the page. The standard cookie-based sessions require some header information to be exchanged, which must be done before you send any content.
You're most likely running into output buffering, which is why it sometimes works and other times it does not. Generally speaking, stick to starting the session before any output is generated, you'll find your code works better.
use
ob_start(); #session_start();
on the top of the both page