Sessions Management - php

I have problem with session. I create a different Session file with name Session.php & want to include this file in each page of website to manage session. can it work? suggest me please I am a fresher and working first time woth session .
my session.php file is as follow
<?php include("lib/config.php");
function start_session() {
$_SESSION['userid']=$rows[0];
$_SESSION['first_name']=$rows[2];
$_SESSION['last_name']=$rows[3];
$_SESSION['user_email']=$rows[4];
$_SESSION['user_password']=$rows[5];
$_SESSION['user_gen']=$rows[6];
$_SESSION['user_contact']=$rows[7];
$_SESSION['picture']="profile/".$rows_pic[0];
$user_id=$_SESSION['userid'];
$fnam=$_SESSION['first_name'];
$lnam=$_SESSION['last_name'];
$email=$_SESSION['user_email'];
$pic_ed=$_SESSION['picture'];
}
function destroy() {
session_destroy();
}
?>


You need to include session_start() at the top of your file then your function will surely work.


1) You have used $rows in function, what is that variable?
2) yes, you can include that file in all pages, but better you create session.php under lib folder and include that file in lib/config.php. So you just need to include config.php in all pages.
3) You need session_start() at very top most code of your php file.


What is the use of creating session.php file?
You can access session like that:
#session_start();
if you want to write new session than use like that $_SESSION['MySession'] = 'XYZ';
Accessing Session echo $_SESSION['MySession'];
You can access session $_SESSION['MySession'] on every page but you need to include #session_start() at the top of every php file.

Related

single page application session_start error notification

I have a single page application based on an index.php page where I start the session and display first contents. Then I load via Ajax contents in different divs based on the links that are clicked.
If I want to access the $_SESSION array in the loaded page (eg. to display user's name) I need to put session_start also in the page that I load via Ajax.
Everything works fine this way but when I see the log I see that php is throwing an error each time I load one of the pages via Ajax saying that
"session already started. Ignoring session_start()".
So: on one side I need to put session_start to access the session array but on the other the session_start command is ignored.
From index.php:
<?php
require '../session_handler.inc.php';
require 'global_functions.php';
session_start();
if(isset($_SESSION['id1'])){
$actusr=$_SESSION['id1'];
}
A sample ajax call:
function loadContent(sourceUrl){
$(".container").load(sourceUrl);
}
The php I need on top of the called page:
<?php
require '../../session_handler.inc.php';
require '../global_functions.php';
session_start();
If I remove the session_start() the $_SESSION will be unavailable
How can I fix this situation? Can I access the session array from the loaded page without starting session?

It's better to use this line instead of session_start().
you might have more than one session_start and using session between those two.
if(session_id() == '') {
session_start();
}

If you are testing on a local WAMP or Xamp environment, I would recommend you clear your cache, close your browser (Not a single tab) and run your app.
Try this 1:
<?php
if(!isset($_SESSION))
{
session_start();
}
?>
Or
2: If you have php>=5.4.0, better use this:
$status = session_status();
if($status == PHP_SESSION_NONE){
//There is no active session
session_start();
}else
if($status == PHP_SESSION_ACTIVE){
//Destroy current and start new one
session_destroy();
session_start();
}
Hope this helps..

move session_start(); to top of your page
<?php
session_start();
require '../session_handler.inc.php';
require 'global_functions.php';
if(isset($_SESSION['id1'])){
$actusr=$_SESSION['id1'];
}
session_handler.inc.php or global_functions.php may already contain session_start() so move the session_start() of index.php to the top. also note that this should be the first statement in index.php
or insert the code below at page top of index.php
<?php
session_start();
?>
and remove the other session_start() in index.php

Session ID from class into an other php file

I've got a class, in which i start a Session.
Now I would need the Session ID from this Session in an other file - my header.php file.
Im quite new to PHP, so I would appreciate any help.
Thanks a lot Rohan

If you wish to use the Session in other files, you can simply use it using the $_SESSION variable.
A simple example::
test1.php
<?php
session_start();
$_SESSION['Test_Value'] = "100"; //set session variable.
?>
test2.php
<?php
session_start();
echo $_SESSION["Test_Value"]; //get session variable.
?>
Now when you open test1.php and then open test2.php you will see output of 100 which was set from test1.php

Use Session in Parent Folder in PHP

I have 2 folders/directories:
login/helper.php
dashboard/index.php
I have set a session in helper.php in the login folder. I am trying to retrieve a session on the index page in the dashboard folder. Somehow i cannot retrieve the session in another folder or a parent directory.
Here is the Code on the login/helper.php
session_start();
$_SESSION['userID'] = $checklogin['userID'];
Here is the code on the dashboard/index.php
echo $_SESSION['userID'];
Is there a way to make a session available in a parent directory and all it's folders?
Kind Regards

Just start the session again in dashboard/index.php:
session_start();
echo $_SESSION['userID'];

In your case looks like you need to add session_start() at the starting of your file.
But as per coding standards I would suggest to put that session_start() in a common file and may be try to include that file in your all pages, that way you don't need to include session_start(0) everywhere.

PHP Session not Saving

I have this written at the very first line on every page of my website.
include("restd.php");
and restd.php contains the following lines :
#session_start();
if(isset($_SESSION['id']))
{
}
else
{
header("location:index.php");
}
The problem i'm facing is that when ever i click or do something on my website. it logs me out and takes me to index.php.
im sure its something to do with the session. ive tried every single thing to avoid this problem but i ahve used restd.php because i dont want anyone to copy the url of someone and paste and get into the website.
anyone who is logged in only can view other's pages. if they arent logged in then they'll be redirected to index.php
EDIT : and guys a confusing thing is that all this is working fine on my testing server which is easyPHP-5.3.8.0 but this problem is coming up when i upload all the files to my server.

Your session directory (probably /tmp/) is not writable.
Check with session_save_path() if it is writable.
if (!is_writable(session_save_path())) {
echo 'Session path "'.session_save_path().'" is not writable for PHP!';
}

Do you actually set $_SESSION['id'] on a page...
What you are trying to do here is:
Start a session and load the $_SESSION from the session handler
Check if $_SESSION contains key 'id'
Redirect to index.php if $_SESSION['id'] is not set
Do you actually do this in index.php?
session_start();
$_SESSION['id'] = something;

you need declare $_SESSION['id'] :
file1.php
session_start();
$_SESSION['id'] = '123'
file2.php
include 'file1.php'
if(isset($_SESSION['id']))
{
}
else
{
header("location:index.php");
}

In my case I forgot that I had the PHP flag session.cookie_secure set to on, while the development environment was not TLS-secured.
More information about Session/Cookie parameters.

I know this is an old thread, but the following helped me with the same problem after hours of despair. Found on: http://php.net/manual/de/function.session-save-path.php
I made a folder next to the public html folder and placed these lines at the very first point in index.php
Location of session folder:
/domains/account/session
location of index.php
/domains/account/public_html/index.php
What I placed in index.php at line 0:
<?php
ini_set('session.save_path',realpath(dirname($_SERVER['DOCUMENT_ROOT']) . '/../session'));
session_start();
?>
Hopefully this will save you time.

Check maybe your session path does not exist
so you can save PHP session path using:
ini_set(' session.save_path','SOME WRITABLE PATH');

Couple things:
your include file doesn't have the <?php ?> tags, so the content will not be evaluated as PHP
Session_start must be called before you start outputting anything. Is that the case?

You still don't even answer where you SET $_SESSION['id']. $pid = $_SESSION['id'] does not set the session variable. session_start() comes before ANYTHING session related, it's not shown before your include.

I had the same problem and found a work-around for it. If anybody can explain why the session is not read even when the cookie is there, please let me know.
<?php
// logged.php
// The PHP session system will figure out whether to use cookies or URLs to pass the SID
if(!isset($_COOKIE['PHPSESSID']) && !isset($_GET['PHPSESSID']) && authenticationRoutine(/* Returns true if succesfully authenticated */) ) {
session_id(uniqid("User--"));
session_start();
$_SESSION['id']=session_id();
}
?>
<?php
// Insecure restd.php (The user can forge a stolen SID cookie or URL GET request, but that is inherent with PHP sessions)
if(!isset($_COOKIE['PHPSESSID']) && !isset($_GET['PHPSESSID']) {header('Location: index.php')}
?>
.
[EDIT]
Even though the cookie was there and I prevented starting a new session, the session had not been read and started, so no session variables were available. In this case I check if the session has been started first (not using session_status() because it doesn't exist in PHP 3.5, which for some reason is the most widespread among hosts). If no session has been started within PHP, I check if it had been started before by testing the cookies and GET variables. If a session ID was found, the script resumes the session with that ID. If no ID is available, the user gets redirected to the index.
<?php
// restd.php
if(empty(session_id())) {
if(isset($_COOKIE['PHPSESSID']) && !empty($_COOKIE['PHPSESSID'])) {session_id($_COOKIE['PHPSESSID']);}
elseif(isset($_GET['PHPSESSID']) && !empty($_GET['PHPSESSID'])) {session_id($_GET['PHPSESSID']);}
else {header('Location: index.php'); exit(0);}
session_start();
}

Why is $_SESSION not carrying data to separate PHP file?

I have a login page that sets a $_SESSION['usertype'] when I log in. I have a separate PHP file that contains a menu that loads on the side. That file is loaded on every PHP file through
<?php include('menu.php') ?>
But when I check for $_SESSION['usertype'] in menu.php, it is not set.
Why is this?

Just checking whether you're using session_start() before you include the file which needs to access $_SESSION['usertype']?
Have a check through this tutorial.

Do you have session_start() at the top of menu.php or before the include of menu.php?

Categories