I've already posted something similar to this, but I redesigned the entire system. Instead of the original system I've created a separate sub domain for accounts. I'm having issues getting any variables from my named session. I'm attempting to transfer user information accross sub domains for login purposes, and tracking purposes. Anyways, here is the code.
Login Script
<?php
session_name('LoginSession');
session_set_cookie_params(0, '/', '.ueteribus.com');
session_start();
?>
That code is just the bit that tells the $_SESSION to be spread across all the domains. (Or at least it is supposed to) Anyways, the LoginSession name is where the problem comes in. If that is added in then I am unable to get anything to display using my calling scripts.
Currently I use
$_SESSION['USERNAME_ueteribus']
$_SESSION['PASSWORD_ueteribus']
$_SESSION['loginsession21']
Those are the main $SESSIONS that I use, and currently I am unable to get them displayed when giving the Cookies any specific name.
This is the current script I am using to call the actual $_SESSION by name.
<?php
session_name('LoginSession');
session_start();
echo $_SESSION['loginsession21'];
?>
That worked fine before I added the custom name for the $_SESSION.
Any help would be much appreciated as this issue has been plaguing me for a very long time, also.. When I actually head into the Cookies on my browser, I see LoginSession, but it is listed under the main domain. www.XXXX.com instead of account.xxxx.com.
No idea if that is normal or not, anyways.. Any additional information can be requested, and thank you for any assistance that you can provide.
NOTE: All the scripts and code listed above are saved on the account sub domain!
UPDATE:
I just tried this code and it still doesn't work.
<?php
session_name('LoginSession');
session_set_cookie_params(0, '/', '.ueteribus.com');
session_start();
echo $_SESSION['loginsession21'];
?>
Also I added this script to the top of each page.
<?php
session_set_cookie_params(0, '/', 'ueteribus.com');
session_start();
?>
My guess is that you're missing the session cookie config in your other (not Login Script) files. Just like session_name(), you need to call it on every request and before session_start() (despite what other commenters may believe).
<?php
session_name('LoginSession');
session_set_cookie_params(0, '/', '.ueteribus.com');
session_start();
// of course this line will only work if you've previously set the "loginsession21" key
echo $_SESSION['loginsession21'];
?>
Update
After making changes to either session name or cookie params, you'll need to clear out the old cookie from your browser.
You also need to make sure that the session is not started anywhere else in your code.
I would suggest moving all the session config stuff into a single file and include it at the top of every requestable page. Also remove any and all other calls to session_start().
<?php
// session_config.php
session_name('LoginSession');
session_set_cookie_params(0, '/', '.ueteribus.com');
session_start();
then, in some other script
<?php
// some_other_script.php
require_once __DIR__ . '/relative/path/to/session_config.php';
Related
I have two php pages for updating account, a frontend and a backend.
Front end (important part):
<?php
session_cache_limiter('none');
session_start(); //session gets started
include_once 'includes/db_connection.php';
include_once 'includes/signin.php'; //file that deals with login and creates the session variables
include_once 'includes/updateaccount_process.php'; //back end file
?>
Back end (important part):
<?php
include_once 'db_connection.php';
include_once 'signin.php';
?>
If I add session_start() to the back-end file I get a notice saying session already started. If I don't add session_start() the rest of the php script doesn't execute properly due to the dependency on the session variable.
If I add if(!isset($_SESSION)) { session_start(); }, it works perfectly, and I don't get any notice but I don't understand why.
Hope someone can help.
Thanks.
While PHP can generate front-end content, PHP resides on the back-end, i.e. you have are two server-side files. If your first PHP file starts a session, as long as your code doesn't destroy or otherwise disable that session, the session should exist as long as your browser stays open. When you go to another PHP page, if you run this code:
(!isset($_SESSION)) { session_start()
it will check to see if it makes sense to start a new session. If the session no longer exists, then a new one gets created. Running session_start() without checking for a previously set session will cause this error message to appear if the session still is in effect:
Notice: A session had already been started
This additional session_start() then should resume the current session.
There might be other reasons for session problems occurring. If you're using PHP5.4 or greater, you can call session_status() and its return value can indicate whether a session has been disabled or if none exists. It can also confirm whether one is currently active (see Manual).
Incidentally, the core contributor who devised session_status() was primarily concerned about providing users a way to check whether currently an active session exists. (see bug report.)
On the page you designate as "back end", I suggest redoing the code as follows:
<?php
if (!isset($_SESSION)) || (session_status() !== PHP_SESSION_ACTIVE) ) {
session_start();
}
include_once('signin.php');
include_once('db_connection.php');
You might consider moving include_once("signin.php") and placing it in the if-conditional block, as a statement following session_start(), as long as the included file only creates session variables and previous code doesn't unset them.
One final point, you may wish to use include() instead of include_once() if both of your pages for a fact only include each file once. Include_once() is slower than include(). You should use include_once only if your script has code that would result in an attempt to include the file more than once in a script (see here).
I was wondering how I would pass something using a session between pages that are in two separate directories. For example, if I had the following code, what would I need to add to make it work?
Page 1: directory\directory1\directory2\Page1.php
session_start();
$_SESSION['example'] = '123';
Page 2: directory\dir1\dir2\Page2.php
session_start();
echo $_SESSION['example'];
Your code should work if these pages are served within the same domain.
You do not have to session_start() in each page. Just write that, in a single file and share that file between the pages you want to hold the session in.
So, if you have page1.php and page2.php and session.php You can create session either in page1.php and check it in page two like: echo var_dump($_SESSION) and vise-versa
First of all, check if session-cookies are properly set. Some problems (e.g. Headers already sent) may cause your session cookie to not be set.
If this is working properly, you may have to change the session cookie parameters via session_set_cookie_params
By setting the second parameter (path) to /, the session cookie is valid for the root of your website and all subdirectories.
Example
session_set_cookie_params(0, '/');
The same settings can also be set in your php.ini or via ini_set(). See Session configuration
Note:
I'm not sure if these settings have any effect if session.autostart is enabled, in which case the cookie-header may already be sent before the changes are made.
I had a login system set up that stored a session variable and checked it on each page, but then I moved to a new server.
Now any session variable I set is only available on the page it was set on. I've been searching for reasons why this could happen, and already crossed off permissions issues. Is it possible this has to do with incorrect urls? Everything else on the server appears to be working fine.
I'm running the latest version of PHP and Apache if that helps at all.
Because you probably (just assumption) have not got session_start(); throughout your other pages where required. So for example, create a page called session.php
Session.php
session_start();
if (!isset($_SESSION))
{
// Enforce logout as session is not set.
}
then:
include "session.php";
use this snippet through out your pages where your login features are required.
I've run into issues like this before. You might try setting a session id when you first start the session using session_id(), and then use the same session id before each session_start().
For example:
<?php
session_id(integer);
session_start();
?>
I am working with a PHP Login System from http://tutorialzine.com/2009/10/cool-login-system-php-jquery/ Just to give you a quick overview, I believe the tutorial sets up the variable in the following manner:
<?php
define('INCLUDE_CHECK',true);
require 'connect.php';
require 'functions.php';
// Those two files can be included only if INCLUDE_CHECK is defined
session_name('tzLogin');
// Starting the session
session_set_cookie_params(1*7*24*60*60);
// Making the cookie live for 1 weeks
session_start();
if($_SESSION['id'] && !isset($_COOKIE['tzRemember']) && !$_SESSION['rememberMe'])
..........
So far so good, except that I cannot carry over the session variables from the Main Login page to subsequent pages (which contain restricted content). Here is the basic code that I intend to place at the start of each restricted content page
<?php
session_name('tzLogin');
session_set_cookie_params(1*7*24*60*60);
session_start();
if($_SESSION['id']) <-- I believe I need more code here (incldue the cookie)
{
//If all is well, I want the script to proceed and display the HTML content below.
}
else
{
header("Location: MainLogin.html");
or die;
//redirects user to the main login page.
}
?>
As you can see, I am a total novice, but any help would be greatly appreciated. As of now, my restricted content pages keep getting redirected to the homepage even when I am properly logged in. Hence I suspect, the SESSION state is not being carried over. Thanks again!
You should probably make sure that you set the path and domain when you invoke session_set_cookie_params:
session_set_cookie_params ( 1*7*24*60*60, '/','.yourdomain.com')
See http://php.net/manual/en/function.session-set-cookie-params.php
(It's a good idea to set the httpOnly attribute as well.)
Additionally, make sure you actually assign some value to your session id key (it's not clear in your code sample that you do):
$_SESSION['id'] = 'some value';
Finally, you may want to use session_status() while debugging to verify you've actually started the session correctly (http://php.net/manual/en/function.session-status.php).
I have a vbulletin forum. which is located in www.myDomain.com/Forum
I have another in www.myDomain.com/OtherSite/app
I want my Forum logged in users to be identified the other site.
The forum's cookies session path is on the main Domain path /var/www/myDomain
On my site I use
chdir(FORUM_DIR);
include './global.php';
$arr = $vbulletin->userinfo;
to get the session.
The thing is this - It works. I get the users data etc...
and then, it stops working for no apparent reason after a few page loads.
In my view, a possible reason is that I use the code (listed above) twice in my page load... Could this be it?
edit:
more code untile the sesion include, As requested.
edit2:
thanks #VladTeodorescuI have changed all the include to include_once, but stil the same symptoms, the user data is displayed and then, after 15 mins of using, the session "goes away".. (I have checked the forum site, the user is still logged in there)
ini_set('display_errors',1);
error_reporting(E_ALL);
// CONSTS
//PATHS
define('MAIN_DIR', dirname(dirname(dirname(__DIR__))));
define('APP_NAME', 'GoldSig');
define('CLASS_DIR', MAIN_DIR .'/class');
define('APP_DIR', MAIN_DIR.'/'.APP_NAME.'/app');
define('FORUM_DIR', MAIN_DIR.'/Forum');
define('CHAT_DIR', APP_DIR.'/chat');
//commands and trades tables names
define('T_COMMAND', 'commands');
include_once CLASS_DIR . '/Services/Helper/Files.php';
include_once CLASS_DIR . '/Services/Login/Authorize.php';
if (!Authorize::IsLocalhost()){
chdir(FORUM_DIR);
include_once './global.php';
$arr = $vbulletin->userinfo;
}
I was trying to access my domain from myDomain.com/GoldSig/app
and the session's data is stored in www.myDomain.com/GoldSig/app
I get redirected automatically to myDomain.com/GoldSig/app in FF , though..
hard part is over ..