My web application sets session every time a user logs in.
I checked that sessions are properly set in http://mydomain.com/sessionfolder directory.
But I can't get those session values.
For example, in 'member_check.php' in root directory ('/'),
echo "Your name is = ".$_SESSION['membername'];
I get 'Your name is (blank)'
Thanks.
Have you tried setting the session savepath manualy? When I am using the servers supllied by my school I always have to set it by my self, because of some setting on the servers.
The following line should be included BEFORE the session_start();
session_save_path('your_path_here');
DonĀ“t forget to create the folder and set the folder permissions to read and writeable for everyone..
At the top of your script you must init sessions:
if ( ! session_id())
{
session_start();
}
Related
I am setting user id to the session on login in my website.On echoing the session variable soon after being set, it is displayed.But after that iam redirecting this to another page where session is strated and then checked for the session.But it displays error message that undefined index user_id.This code is working in localhost,was working in server also.But now it displays error.Unable to login to the website due to the problem in setting session.
$_SESSION['user_id'] = $user_id;
header('location:home.php');
In home.php
include('session.php');
in session.php
session_save_path('include/session_store');
session_start();
if(!(isset($_SESSION['user_id'])))
{
header('location:signin.php');
}
On advise from fellow stackoverflow users ,I tried this.Created a test.php file.
session_save_path('include/session_store');
session_start();
$_SESSION['yahoo'] = 'yahoo';
header('location:test2.php');
in test2.php
session_save_path('include/session_store');
session_start();
echo $_SESSION['yahoo'];
Now in localhost yahoo is printed.But in server, blank screen is displayed.The session_store folder contain some 0kb files also.
make sure yout do session_save_path('include/session_store');
session_start(); on signin.php and also make sure include/session_store is writable
you said its working on,localhost, then definitely problem is include/session_store is not writable.
Do you have right permissions on include/session_store ? It has to be 777.
You may print echo session_save_path() to ensure that the option is setted.
And at last, without changing the save_path the session works correctly? Your server may have some redirecting rules (mod_proxy) that could have repercussion on your session.
If you have php 5.4 you could try to print session_status()
http://www.php.net/manual/it/function.session-status.php
Problem could be from the path where the session is stored
On your Web hosting file manager set the session path to /tmp/
If there's no folder called tmp then create it
I have a login page where user enters his username ans password. If successful I redirect him to index.php where I start a session:
session_start();
from index.php he can navigate to a different page ("p1.php") and on top of "p1.php" I have this check:
<?php
if(!isset($_SESSION))
{
exit;
}
?>
This works on my local server, but when I deploy this on remote server !isset($_SESSION) always returns true.
What could be happening here?
EDIT: I found on my hosting provider side a request to add this in php.ini:
session_save_path("your home directory path"/phpsessions);
And to create a phpsessions folder in my path.
I did but that didn't help.
I tried to do this as well:
in index.php:
session_start();
if(isset($_REQUEST['lecturer_id']))
{
echo "lecturer_id set";
$_SESSION['lecturer_id'] = $_REQUEST['lecturer_id']; // store session data
}
and in p1.php:
session_start();
if(!isset($_SESSION['lecturer_id']))
{
exit;
}
And the page always exits i.e. session variable is not defined
The server is most likely creating a PHP session silently which your local server is not configured to do.
Try checking for a specific $_SESSION eg $_SESSION['x'] rather than just a $_SESSION.
Edit:
Instead of checking isset($_SESSION) you should check for whatever session variable you set specifically: isset($_SESSION['SESSION_VARIABLE_YOU_SET'])
isset($_SESSION) returns true once session_start() is called, that's why you need to check for the specific $_SESSION variable you set
You'll just need to make sure you have session_start(); at the very top of your p1.php page and any page that uses session data.
Probably the remote server is configured for session autostart. If you can configure this php instance you can check it in php.ini file (session_autostart directive).
Update: Sorry, I did not understand correctly your question. Really, if session autostart is set to "on" session always exists. You can not use isset($_SESSION) to determine if user is logged or not.
I encountered the same scenario and what I did was I unset the first the variable for example, $_SESSION['loggedin']),
I will unset it first using :
session_start();
unset($_SESSION['loggedin']);
then i will comment out unset($_SESSION['loggedin']);
the problem solved.
I have a main directory named System with a sub-directory named Subsystem. My session from main directory is not working in the sub-directory.
When I echo session_save_path(); in both folders, they show me "/tmp".
Then, I tried to put session_save_path("../tmp"); in my sub-directory but it shows me "This webpage has a redirect loop".
session.php in System directory:
<?php
session_start( );
if (!($_SESSION['uid']))
{
header("Location:index.php");
}
else
{
$_SESSION['uid'] = $_SESSION['uid'];
}
?>
session.php in Sub-system folder:
<?php
session_save_path("../tmp");
session_start( );
if (!($_SESSION['uid']))
{
header("Location:index.php");
}
else
{
$_SESSION['uid'] = $_SESSION['uid'];
}
?>
I have Googled all over, but I still cannot get it to work.
The directory does not affect your session state (all directories of a given Apache-PHP website will access the same session in a standard configuration). You should not have to use session_save_path().
I think the problem in part is that you're setting 'uid' to itself ($_SESSION['uid'] = $_SESSION['uid'];) - therefore potentially never actually setting it to a value - and potentially redirecting indefinitely if it's not set.
I suggest this simple test to ensure that your sessions are, in fact, working:
/session_set.php
<?php
session_start();
$_SESSION['uid'] = 123;
/sub_dir/session_get.php
<?php
session_start();
echo $_SESSION['uid'];
A session creates a file in a temporary directory on the server where registered session variables and their values are stored. This data will be available to all pages on the site during that visit.
The location of the temporary file is determined by a setting in the php.ini file called session.save_path. so pleasse check this path.
Also [session-save-path()][1] Get and/or set the current session save path.
I think u dont need to write this line and check your php.ini for correct path.
for session i found some useful article http://www.tutorialspoint.com/php/php_sessions.htm
Thanks.
Problem PHP session in different folder.
I have problem with PHP session.
There are two folder: A AND B When I already logged in Folder A then i click link access to folder B when come to index.php file in Folder A. It doesn't to recognize session state.
PHP Code:
if(!isset($_SESSION))
{
session_cache_expire (21900);
$cache_expire = session_cache_expire();
session_start();
}
How can i check session redirect ?
f(!isset($_SESSION['a'])){
redirce to a
}
f(!isset($_SESSION['b'])){
redirce to b
}
Best Regards
Try this:
if(!session_id()) {
session_start();
session_cache_expire (21900);
}
Check your phpinfo() and look for suhosin.
If it is installed then you should disable it in order to let sessions be shared betwen different paths.
This is happening because the validity scope of the PHPSESSIONID cookie is restricted to the folder A, so in folder B it doesn't get fed the same cookies. You have to change that to the parent folder containing both A and B.
I've got a simple login system using PHP sessions, but just recently it seems that if you visit pages not in a certain directory (/login/) you will always be flagged as not logged in, even when you are. It seems that my session data is being lost when I change directories (say, to /login/user/).
I don't think I've touched the code myself since the problem appeared, is there something my web host could have done to my PHP installation that would delete the session data, and is there a workaround?
EDIT:
Inside each file that needs authorization, it loads a loginfunctions.php file which calls session_start() and checks the login. Files which work in /login and i copy and paste into /login/user stop working, even though i update all the relevant paths and links.
EDIT2:
Okay, some code.
In the actual pages that are giving me the error, this is the auth. code:
require_once("../../../includes/loginFunctions.php");
$login = new login;
$login->checkLogin(0);
Inside loginFunctions.php is this:
class login{
function checkLogin($requiredAccess){
session_start();
if($_SESSION['accesslevel'] < $requiredAccess || $_SESSION['logged_in'] != TRUE){
die("You don't have access to this area. If you should have access, please log in again. <a href='/login/'>Login</a>");
}
if (isset($_SESSION['HTTP_USER_AGENT'])){
if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT'])){
session_destroy();
die("Bad session. Please log in again. <a href='/login/'>Login</a> ");
}
} else {
$_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
}
if (!isset($_SESSION['initiated'])){
session_regenerate_id();
$_SESSION['initiated'] = true;
}
}
}
The $requiredAccess variable is the access level that you need to access this page, so if you have an accesslevel of 3 in the database you can view level 0, 1, 2 and 3 pages. This is specified when the function is called in the main page and is compared to the access level of the current user which is defined in $_SESSIONS when they log in.
I'm getting the error 'You don't have access to this area etc." when i try to access these pages. If i try to print the $_SESSION variables, nothing shows; they appear to be empty. However, if I move the file to the /login/ folder (one level up) and update the links, they work perfectly and all the variables print out fine. This makes me think the code is not the part that's not working, but some setting in my PHP install that has been changed without my notice.
maybe you aren't calling session_start() at the begging of pages not in /login/ ..?
I had a similar problem.
Check you don't have a php.ini file. Removing this sorted the problem out. Still looking ito exactly why. The php.ini file could even be blank and it would stop session data from carrying over to more than one directory...
It's possible that they changed the php.ini setting session.cookie_path.
You should call session-set-cookie-params before you call session_start and make sure you set the cookie path yourself. Set it to the highest level directory you want the session to be valid for. EG if you set it to /login it will be valid for /login and /login/user. If you want your session to be valid for the etire site set the path to be /
i had a similar issue. you may want to use:
<?
setcookie("TestCookie", $value, time()+3600, "/~rasmus/", ".example.com", 1); ?>
or something similar. i know cookie and session variables are a different desired solution, but this was able to clear up my issue.
See here for documentation
Make sure you have the same php.ini file in each directory that you want to access the session variables from.
This is why you shouldn't use directory to make false friendly URLs...
Don't forget to call session_start() every time you need the session.