I m creating a very simple PHP-based program for warehousing but quite complicated back-end process.
So here is the situation:
I have the login page that directs to authorization page where it set the session_name for the first time, session_start() and set the session variables.
After the authorization page, it goes to the main.php page that is a table with left hand side for menu (links) that I also did session_name() <-- same name as the one created from (1), and start the session.
On the right hand side of the main page is the iframe that display the page when user click the links on the left. I also did session_name() <-- same name as the one created from (1), and start the session.
Problem:
main.php is ok, it reads the session variable perfectly, but the iframe couldn't get the session variables (i tried to print_r($_SESSION), and came up empty). I tried var_dump(session_name("abc")), where "abc" is the session name that i used in (1), and it does show "abc", tried (isset($_SESSION)) and returns true... so I don't know what am I doing wrong...
EDIT:
I m sorry guys, i think i may have found the culprit... it is a logic error on my side... i have this condition to check every php page i created to destroy session when the user level is not authorized to use this current page. My bad.. thanks so much for your help guys!!
Make sure that session_start() is on all the pages:
session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie.
see PHP manual reference
To control the contents of the $_SESSION try to put in all ifreame pages the code:
<?php
session_start();
echo '<pre>';
var_dump($_SESSION);
echo '</pre>';
Did you use session_start() at the top of the page in both the iframe as well as main.php?
You need to put session_start() on the top of the iframe too.
This might solve your problem: php session & iframe
Additionally: Nothing is simple if you're using iframes to display large portions of your webiste. You might want to consider not using them.
I had the same problem with multiple iframes on one of my PHP webpages.
In my case, some AJAX calls to PHP endpoints were being made to www.example.com when the page was loaded using http://example.com. If you are NOT consistent with the domain path, you may have session issues since a request from www.example.com is technically from a subdomain as oppose to being made directly from http://example.com. You can avoid this problem altogether by always using relative paths to your PHP based API when making AJAX calls in JavaScript.
I found this was the case by inspecting my cookies in Chrome. I noticed two different cookies with a different PHP session ID in them. One was set for www.example.com while the other was set for example.com
As mentioned in some of the other answers, you can always set the session cookie domain to work on all of your subdomains along with your main site by using the following:
ini_set("session.cookie_domain", ".domain.com");
PHP by default will set a new session per domain / subdomain. Hope this helps!
Related
I make this post because I am really confused about session in PHP. I have a page (index.php) and I save in session a lot of variables (for example, one of this is $_SESSION["FID"]) and i redirect the user in a third party iframe. When the user enter successful his data in iframe, the iframe redirects the user again in index.php and also saves in session other variables.
When the user enters again in index.php I check the session, which comes from iframe (every time the session is set) and after that I make a check if $_SESSION["FID"] isset.
The problem is that most of the times (regardless the browser or something else), $_SESSION["FID"] is empty. Why is this happening? How can I find a solution in this?
I 've tried to be clear and not to confuse you.
You must put session_start(); at the top of every page you want you $_SESSION data to exist.
I am having a problem in accessing a session variable.I have one page lets say test.php, when i use print_r($_SESSION) here, it prints all the session data.But when i use Redirect then i am unable to access session data on test2.php i-e print_r prints empty array, even though i have session_start() at the top of my script.
Then i tried header("Location: test2.php") and now session data is accessible.
But i want the page to be redirected on onClick of a button.
Please help ..
Make sure you have session_start(); in the head of both files and you're not browsing in a private browsing mode.
I was using the path http://localhost/project/orders.php in href then i changed it to just orders.php and it worked
Cheers
Sometimes, accessing with http or https or http://www can make the difference of variables in session being accessed or not. Please browse through all in order to be certain, as sometimes saved urls are with www whereas the session is created with simple http. It matters in session accessibility.
I need to use the same session in different subdomains.
First I put
php_value session.cookie_domain ".aaaa.com"
on .htaccess file and upload it to root path.
when I need to use sessions. I just call
session_start();
Sometimes it works but sometimes it doesn't.
I tested this and found that.
If I go to login page the first time, then login and go to subdomain page. It works!
If I go to subdomain page and click to login page and go back to subdomain page by javascript window.location = 'http://sub.aaaa.com'; it does not work!!
If I login on 2 web browser with the same account it does not work!!
Are there another way? Or how do I fix this problem. I want my website to use a single login.
Make sure you have session_start() on every page you are using sessions, including some that might not be visible to the user.
If you are using two web browsers the sessions are independent from each other, and this is by design.
To debug your #2 problem, use an HTTP monitor such as HTTPFox to view the headers coming to/from the server as you log in and surf around, make sure the cookie is being properly set with the correct domain and path restrictions.
Probm #3 - I'm not sure what you're getting at. Are you using two seperate browsers (say Firefox and Chrome?), or do you mean you're using two windows/tabs of the same browser? For the first, two different browsers will not share cookies, so you can't share a single session between them, without doing some hacks to manually transfer cookies between them.
As for two different tabs/windows of the same browser, such an implementation depends on your login logic. If the login script starts a new session unconditionally, then you second login attempt will get a completely seperate session from the first login, and most likely overwrite the first login's cookie as well.
I am having a really unsual problem I have never had before, I have a signup page/form and a processing page that for submits to, on the processing page I set any errors that are in the user data like empty fields and set them to a session var array
$_SESSION['signup_errors'] = $signup_errors;
$signup_errors is an array that I set to the session, I can then access that session data on the same page but I just changed my site around to use mod-rewrite to change the URL's and the only thing that I can seem to think of is on my signup form I cannot access these session variables anymore and now that I use mod-rewrite the url is like this domain.com/account/new and it used to be domian.com/?p=account.new so now it appears that it is in a differnt folder, could that have something to do with it?
I have tried debugging it a lot and that is the only thing I can come up with is maybe because it appears to be a different directory now because of the mod-rewrite maybe that makes the session unaccessible?
Are you sure you're starting sessions on every page you're accessing? I would check to make sure there's
session_start();
Wherever necessary.
Also, what does
print_r( $_SESSION );
return? Anything at all? If not it would probably indicate what I was saying.
I would check that you're not changing domains. E.G. domain.com -> www.domain.com
Normally a cookie is used to track the session id, and by default, the cookie is tied to a single domain. I.E. If the session was created at www.domain.com, when you visited login.domain.com the cookie wouldn't be sent resulting in no session information.
It happened to me once, maybe you have a similar scenario. The session variable was temporary and I would destroy it once it was outputted to the screen.
With mod rewrite if you are routing everything, if there is a broken image, that might be redirected to your php script as well, it would in the back ground print out the error and destroy that session var.
Just a thought!
I have 2 pages: login.php and index.php. Both pages start with
session_start();
When I set
$_SESSION['user'] = "name";
in login.php and than open index.php, my session object is empty. How come?
EDIT:
I found the problem: IE 7. I had to grand access to my domain. However, I thought a session is stored on the server, instead of the client? Than why do I have IE grand access to my domain? (http://www.pcwindowstips.com/2007/09/04/how-to-enable-cookies-in-internet-explorer-7/)
I thought a session is stored on the server, instead of the client? Than why do I have IE grant access to my domain? (http://www.pcwindowstips.com/2007/09/04/how-to-enable-cookies-in-internet-explorer-7/)
The way sessions work is that a session cookie is stored for the site, which contains your session ID. The only way the server knows who you are is when it reads the session ID cookie on every page load. All of the $_SESSION data is stored on the server for each user, but the cookie must be set for the server to know which $_SESSION data to retrieve.
This is also why you can essentially "become" another user if you obtain their session id cookie.
Internet Explorers have a stricter cookie policy than most other browsers. Check your session cookie parameters (see also session_get_cookie_params()) and try to replace the default values by explicit values where possible. Additionally you might send a [fake P3P policy](http://msdn.microsoft.com/en-us/library/ms537343(VS.85).aspx) to satisfy the Internet Explorers.
Perhaps this variable in php.ini is mapping to an existing path
session.save_path = "c:/wrong/path"
Here is something that happened to me that might shed light for someone. My session wasn't working properly. IE 8 and Firefox were losing the session information.
I included a file. That included file had an extra carriage return after the trailing &ques?>
That carriage return started the session. I put session_start after the include. BOOM.
Not much info here, I'll try to use my psychic powers.
After the user logs in, do you set the session var and then redirect the user to index.php using an http header? If so, I don't think the session cookie gets sent to the user. If that is the case, the solutions are:
call session_start() when the login form is initially displayed (not just after the user posts back to it); or:
display a "login successful!" message and then redirect with a meta-refresh, or just provide a link to index.php.
You can also try to dump the session ID on both pages, to see if you are somehow starting a new session:
echo 'Session ID is: ' . SID . "<br/>\n"
You need verify if the cookies are enabled and nothing ( this includes blank lines in the beginning or in the end of archive) sent to browser before you call session_start().