I have never ran into this problem before and I have been trying to troubleshoot this for quite a while now.
I am setting my session variables on the main.php page and when I do a var_dump() on a page in the root directory (note the paths), it prints out an empty array.
It seems to only pick up the session variables within the same directory they are created in. However, I need to access session vars in at least the two directories mentioned below. Is this possible? I appreciate any suggestions on how to accomplish this.
It is important that the changes I make to the session variables in one directory reflect in the other (i.e. unset, update value, etc.).
Edit: All sessions are started in the same parent directory, the only problem is many session variables are created in the sub-directory and then need to be accessed in the parent (root) directory.
Many thanks in advance!
actions/search/main.php
session_start();
$_SESSION['id'] = 22;
$_SESSION['name'] = 'Bob';
manageajax.php
session_start();
if(isset($_GET['handleSess']) && $_GET['handleSess']==1){
//do stuff with session vars
var_dump($_SESSION); // output array(0) {}
}
If I am not mistaken, you have to set the sessions/cookies in the root of your domain (mydomain.com/)so you can access them from any location in your root path. in what path (or file) do you start the session ?
Related
I have a login.php in the root directory. On valid user login, it executes the following code :
function log_in($id,$keep_login)
{
$_SESSION['auth'] = true;
$_SESSION['id'] = $id;
if($keep_login==TRUE) {
setcookie(session_name(),session_id(),time()+LOGGED_IN_TIME);
}
}
On login.php, in the starting, after including header file (header file contains session_start on first line), I check if a user is logged in using this function :
function logged_in()
{
if(!isset($_SESSION['auth'])||empty($_SESSION['auth'])||!isset($_SESSION['id'])||empty($_SESSION['id']))
{
return false;
}
return true;
}
And if the user is already logged in, I redirect them to profile.php using :
if(logged_in())
{
header('Location: profile.php');
}
I have another file enter.php in /sources/enter.php
The login data from login.php is sent to enter.php . However, in enter.php , I see that the user is already logged in. i.e. logged_in() returns true. Curious about this, I echoed the session id on both login.php and enter.php , and the ids were different.
BTW, I include the header file like this :
$included=TRUE;
require_once 'sources/headers.php';
Does the initialization of $included before session_start (session is started in headers.php) interfere with the session?
Although I AM logged_in, somehow my login.php cannot access my session. Can someone point the problem to me?
UPDATE : when I move enter.php to the root directory (same as login.php), it works like it should. Although for security reasons, I want to move it to /sources/enter.php . Any solution?
ANOTHER UPDATE : just came to know that when I move the enter.php to the root directory,
the files in any subdirectory cannot access the session. The session variables are there, but the session id is different.
AND ONE MORE UPDATE : I just discovered, that the session id in the subdirectories is another id, and contains different $_SESSION variables. What I mean, that root directory has $_SESSION['id']=1 and the subdirectories have $_SESSION['id']=4. Maybe this is because the session id's are different.
Any output by the server before session_start() will interfere and cause your session to fail.
I'm not sure if that's your case but you should add session_start() as the first thing written in your config file. Make sure it's the first thing ever executed on a page.
Sometimes session_start() gets rekt if your file encoding is not utf8-without-bom (you should be using that at all times).
I finally found the problem. It was not in the script. When I used another browser, it worked perfectly. Then i thought that Chrome must have preserved the old session cookie, and was still using it when in the subdirectory. I cleared cache, and it now works. Huh! Such a simple answer it was, I still need to learn. Thanks guys for helping me out!
I have 2 folders/directories:
login/helper.php
dashboard/index.php
I have set a session in helper.php in the login folder. I am trying to retrieve a session on the index page in the dashboard folder. Somehow i cannot retrieve the session in another folder or a parent directory.
Here is the Code on the login/helper.php
session_start();
$_SESSION['userID'] = $checklogin['userID'];
Here is the code on the dashboard/index.php
echo $_SESSION['userID'];
Is there a way to make a session available in a parent directory and all it's folders?
Kind Regards
Just start the session again in dashboard/index.php:
session_start();
echo $_SESSION['userID'];
In your case looks like you need to add session_start() at the starting of your file.
But as per coding standards I would suggest to put that session_start() in a common file and may be try to include that file in your all pages, that way you don't need to include session_start(0) everywhere.
I have a main directory named System with a sub-directory named Subsystem. My session from main directory is not working in the sub-directory.
When I echo session_save_path(); in both folders, they show me "/tmp".
Then, I tried to put session_save_path("../tmp"); in my sub-directory but it shows me "This webpage has a redirect loop".
session.php in System directory:
<?php
session_start( );
if (!($_SESSION['uid']))
{
header("Location:index.php");
}
else
{
$_SESSION['uid'] = $_SESSION['uid'];
}
?>
session.php in Sub-system folder:
<?php
session_save_path("../tmp");
session_start( );
if (!($_SESSION['uid']))
{
header("Location:index.php");
}
else
{
$_SESSION['uid'] = $_SESSION['uid'];
}
?>
I have Googled all over, but I still cannot get it to work.
The directory does not affect your session state (all directories of a given Apache-PHP website will access the same session in a standard configuration). You should not have to use session_save_path().
I think the problem in part is that you're setting 'uid' to itself ($_SESSION['uid'] = $_SESSION['uid'];) - therefore potentially never actually setting it to a value - and potentially redirecting indefinitely if it's not set.
I suggest this simple test to ensure that your sessions are, in fact, working:
/session_set.php
<?php
session_start();
$_SESSION['uid'] = 123;
/sub_dir/session_get.php
<?php
session_start();
echo $_SESSION['uid'];
A session creates a file in a temporary directory on the server where registered session variables and their values are stored. This data will be available to all pages on the site during that visit.
The location of the temporary file is determined by a setting in the php.ini file called session.save_path. so pleasse check this path.
Also [session-save-path()][1] Get and/or set the current session save path.
I think u dont need to write this line and check your php.ini for correct path.
for session i found some useful article http://www.tutorialspoint.com/php/php_sessions.htm
Thanks.
My web application sets session every time a user logs in.
I checked that sessions are properly set in http://mydomain.com/sessionfolder directory.
But I can't get those session values.
For example, in 'member_check.php' in root directory ('/'),
echo "Your name is = ".$_SESSION['membername'];
I get 'Your name is (blank)'
Thanks.
Have you tried setting the session savepath manualy? When I am using the servers supllied by my school I always have to set it by my self, because of some setting on the servers.
The following line should be included BEFORE the session_start();
session_save_path('your_path_here');
DonĀ“t forget to create the folder and set the folder permissions to read and writeable for everyone..
At the top of your script you must init sessions:
if ( ! session_id())
{
session_start();
}
I've got a simple login system using PHP sessions, but just recently it seems that if you visit pages not in a certain directory (/login/) you will always be flagged as not logged in, even when you are. It seems that my session data is being lost when I change directories (say, to /login/user/).
I don't think I've touched the code myself since the problem appeared, is there something my web host could have done to my PHP installation that would delete the session data, and is there a workaround?
EDIT:
Inside each file that needs authorization, it loads a loginfunctions.php file which calls session_start() and checks the login. Files which work in /login and i copy and paste into /login/user stop working, even though i update all the relevant paths and links.
EDIT2:
Okay, some code.
In the actual pages that are giving me the error, this is the auth. code:
require_once("../../../includes/loginFunctions.php");
$login = new login;
$login->checkLogin(0);
Inside loginFunctions.php is this:
class login{
function checkLogin($requiredAccess){
session_start();
if($_SESSION['accesslevel'] < $requiredAccess || $_SESSION['logged_in'] != TRUE){
die("You don't have access to this area. If you should have access, please log in again. <a href='/login/'>Login</a>");
}
if (isset($_SESSION['HTTP_USER_AGENT'])){
if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT'])){
session_destroy();
die("Bad session. Please log in again. <a href='/login/'>Login</a> ");
}
} else {
$_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
}
if (!isset($_SESSION['initiated'])){
session_regenerate_id();
$_SESSION['initiated'] = true;
}
}
}
The $requiredAccess variable is the access level that you need to access this page, so if you have an accesslevel of 3 in the database you can view level 0, 1, 2 and 3 pages. This is specified when the function is called in the main page and is compared to the access level of the current user which is defined in $_SESSIONS when they log in.
I'm getting the error 'You don't have access to this area etc." when i try to access these pages. If i try to print the $_SESSION variables, nothing shows; they appear to be empty. However, if I move the file to the /login/ folder (one level up) and update the links, they work perfectly and all the variables print out fine. This makes me think the code is not the part that's not working, but some setting in my PHP install that has been changed without my notice.
maybe you aren't calling session_start() at the begging of pages not in /login/ ..?
I had a similar problem.
Check you don't have a php.ini file. Removing this sorted the problem out. Still looking ito exactly why. The php.ini file could even be blank and it would stop session data from carrying over to more than one directory...
It's possible that they changed the php.ini setting session.cookie_path.
You should call session-set-cookie-params before you call session_start and make sure you set the cookie path yourself. Set it to the highest level directory you want the session to be valid for. EG if you set it to /login it will be valid for /login and /login/user. If you want your session to be valid for the etire site set the path to be /
i had a similar issue. you may want to use:
<?
setcookie("TestCookie", $value, time()+3600, "/~rasmus/", ".example.com", 1); ?>
or something similar. i know cookie and session variables are a different desired solution, but this was able to clear up my issue.
See here for documentation
Make sure you have the same php.ini file in each directory that you want to access the session variables from.
This is why you shouldn't use directory to make false friendly URLs...
Don't forget to call session_start() every time you need the session.