[PHP] SESSION variables losing data on WinXP?

[Larry Li]

I believe all pages in your site are protected by session variables. Try
to login first, then go where you want to go. Or try to remark codes which
check your login status.






"Jami" <listmail@lightsparkdigital.com>
09/17/2003 03:52 PM
Please respond to listmail

To: "PHP General" <php-general@lists.php.net>
cc:
Subject: [PHP] SESSION variables losing data on WinXP?



I'm working on a project, and up until recently was using my hosting
account to do projects, but decided to update PHP on my comp to be able
to work on projects locally. I'm running WindowsXP, PHP 4.3.2, Apache
1.3, and MySQL 3.23.53. The validation page is called on each page, but
if I go to a page other than the entry page (which the validation page
takes you to when you first log in), it throws me back to the login
page. Has anyone run into this and have you solved it? Anyone have a
suggestion? Code is rather lengthy, if you want it I can send it off
list.


Jami Moore
LightSpark Digital Designs
<mailto:contact@lightsparkdigital.com> contact@lightsparkdigital.com
<http://www.lightsparkdigital.com/> http://www.lightsparkdigital.com/

[Larry Li]

Did you open register_globals = On in php.ini?







Larry Li/CNTR/APPLIED MATERIALS@AMAT
09/17/2003 04:04 PM

To: <listmail@lightsparkdigital.com>
cc: "PHP General" <php-general@lists.php.net>
Subject: Re: [PHP] SESSION variables losing data on WinXP?



I believe all pages in your site are protected by session variables. Try
to login first, then go where you want to go. Or try to remark codes which

check your login status.






"Jami" <listmail@lightsparkdigital.com>
09/17/2003 03:52 PM
Please respond to listmail

To: "PHP General" <php-general@lists.php.net>
cc:
Subject: [PHP] SESSION variables losing data on WinXP?



I'm working on a project, and up until recently was using my hosting
account to do projects, but decided to update PHP on my comp to be able
to work on projects locally. I'm running WindowsXP, PHP 4.3.2, Apache
1.3, and MySQL 3.23.53. The validation page is called on each page, but
if I go to a page other than the entry page (which the validation page
takes you to when you first log in), it throws me back to the login
page. Has anyone run into this and have you solved it? Anyone have a
suggestion? Code is rather lengthy, if you want it I can send it off
list.


Jami Moore
LightSpark Digital Designs
<mailto:contact@lightsparkdigital.com> contact@lightsparkdigital.com
<http://www.lightsparkdigital.com/> http://www.lightsparkdigital.com/

[Jami]

Knew I forgot to mention something. No, register_globals are off. Using
$_SESSION[] variables. I am logging in first. I log in fine, its when I
try to go to another page via a link on the entry page that I get booted
back to the login page. My scripts work fine on a Unix server, which is
what I reluctantly had to go back to using as this projects deadline is
too close not to do so. Its just on my computer locally that this does
not work. Code is below, it is fairly long.

Example Code:

//validation.php
include_once 'db.php';
include_once 'common.php'

session_start();

$uname = isset($_POST['username']) ? $_POST['username'] :
$_SESSION['username'];
$pwd = isset($_POST['password']) ? $_POST['password'] :
$_SESSION['password'];

if(!isset($uname))
{
header("Location: login.php");
exit;
}

$_SESSION['username'] = $uname;
$_SESSION['password'] = $pwd;

dbConnect("db");
$sql = "SELECT * FROM admin WHERE
admin_uname = '$uname' AND admin_pword = PASSWORD('$pwd')";
$result = mysql_query($sql);

if (!$result) {
error('A database error occurred while checking your login
details.\\nIf this error persists, please contact
[email]support@example.com[/email].');
}

while($row = mysql_fetch_array($result))
{
$admin_id = $row['admin_id'];
}

$_SESSION['aid'] = $admin_id;

if (mysql_num_rows($result) == 0) {
unset($_SESSION['username']);
unset($_SESSION['password']);

header("Location:login.php?item=badlogin");
exit;
}

__________________________________________________ _____
//login.php
.... this is an html page with the login form. When submitted it goes to
index.php.

__________________________________________________ _____
//index.php
include('validation.php');

if(!$_SESSION['aid'])
{
header("Location:login.php");
exit;
}
..... rest of page is HTML with a php include for the navigation....
__________________________________________________ _____
//nav.php
<.a href="admin_signup.php">Add Admin</a>

__________________________________________________ _____
//admin_signup.php
include('validation.php');

if(!$_SESSION['aid'])
{
header("Location:admin_login.php");
exit;
}
..... rest of page is HTML with a form that goes to add_admin.php for
validation and submission to the database. Its when I try to go to this
page via the link that I get sent back to the login page.


Jami Moore
LightSpark Digital Designs
<mailto:contact@lightsparkdigital.com> [email]contact@lightsparkdigital.com[/email]
<http://www.lightsparkdigital.com/> [url]http://www.lightsparkdigital.com/[/url]




-----Original Message-----
From: [email]Larry_Li@contractor.amat.com[/email] [mailto:Larry_Li@contractor.amat.com]

Sent: Wednesday, September 17, 2003 3:08 AM


Did you open register_globals = On in php.ini?


-----Original Message-----
Larry Li/CNTR/APPLIED MATERIALS@AMAT
09/17/2003 04:04 PM

I believe all pages in your site are protected by session variables. Try

to login first, then go where you want to go. Or try to remark codes
which
check your login status.


-----Original Message-----
"Jami" <listmail@lightsparkdigital.com>
09/17/2003 03:52 PM

I'm working on a project, and up until recently was using my hosting
account to do projects, but decided to update PHP on my comp to be able
to work on projects locally. I'm running WindowsXP, PHP 4.3.2, Apache
1.3, and MySQL 3.23.53. The validation page is called on each page, but
if I go to a page other than the entry page (which the validation page
takes you to when you first log in), it throws me back to the login
page. Has anyone run into this and have you solved it? Anyone have a
suggestion? Code is rather lengthy, if you want it I can send it off
list.

Jami Moore
LightSpark Digital Designs
<mailto:contact@lightsparkdigital.com> [email]contact@lightsparkdigital.com[/email]
<http://www.lightsparkdigital.com/> [url]http://www.lightsparkdigital.com/[/url]

[Scott Fletcher]

Speaking of your problem, you're using the header() function to exit the
webpage to the login page. So, it all come down to the either one of these
two or both of these two....

if(!isset($uname)) {
if (mysql_num_rows($result) == 0) {

Upon closer inspection on the script, it look like either the $_POST['***']
wasn't returning data or the $_SESSION['***'] doesn't have data in it that
tripped the header() function. So, I'll take the assumption that the
$_POST['***'] does work as it alway does. So, it narrow down to
$_SESSION['***'].

Since you mentioned that you use it on both Unix and Windows. So, most
likely it all narrow down to php.ini. Can you check to verify that the
filepath is correct for Windows and that there is no issue with file
permission. Here's what I have that work for me on Windows 2000.

--clip--
[Session]
; Handler used to store/retrieve data.
session.save_handler = files

; Argument passed to save_handler. In the case of files, this is the path
; where data files are stored. Note: Windows users have to change this
; variable in order to use PHP's session functions.
session.save_path = c:\tmp

; Whether to use cookies.
session.use_cookies = 1

; This option enables administrators to make their users invulnerable to
; attacks which involve passing session ids in URLs; defaults to 0.
; session.use_only_cookies = 1

; Name of the session (used as cookie name).
session.name = PHPSESSID

; Initialize session on request startup.
session.auto_start = 0

; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_lifetime = 0

; The path for which the cookie is valid.
session.cookie_path = c:\tmp

; The domain for which the cookie is valid.
session.cookie_domain =

; Handler used to serialize data. php is the standard serializer of PHP.
session.serialize_handler = php

; Define the probability that the 'garbage collection' process is started
; on every session initialization.
; The probability is calculated by using gc_probability/gc_divisor,
; e.g. 1/100 means there is a 1% chance that the GC process starts
; on each request.

session.gc_probability = 1
session.gc_divisor = 1000

; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
session.gc_maxlifetime = 1440

; PHP 4.2 and less have an undocumented feature/bug that allows you to
; to initialize a session variable in the global scope, albeit
register_globals
; is disabled. PHP 4.3 and later will warn you, if this feature is used.
; You can disable the feature and the warning seperately. At this time,
; the warning is only displayed, if bug_compat_42 is enabled.

session.bug_compat_42 = 0
session.bug_compat_warn = 1

; Check HTTP Referer to invalidate externally stored URLs containing ids.
; HTTP_REFERER has to contain this substring for the session to be
; considered as valid.
session.referer_check =

; How many bytes to read from the file.
session.entropy_length = 0

; Specified here to create the session id.
session.entropy_file =

;session.entropy_length = 16

;session.entropy_file = /dev/urandom

; Set to {nocache,private,public,} to determine HTTP caching aspects.
; or leave this empty to avoid sending anti-caching headers.
session.cache_limiter = nocache

; Document expires after n minutes.
session.cache_expire = 180

; trans sid support is disabled by default.
; Use of trans sid may risk your users security.
; Use this option with caution.
; - User may send URL contains active session ID
; to other person via. email/irc/etc.
; - URL that contains active session ID may be stored
; in publically accessible computer.
; - User may access your site with the same session ID
; always using URL stored in browser's history or bookmarks.
session.use_trans_sid = 0

; The URL rewriter will look for URLs in a defined set of HTML tags.
; form/fieldset are special; if you include them here, the rewriter will
; add a hidden <input> field with the info which is otherwise appended
; to URLs. If you want XHTML conformity, remove the form entry.
; Note that all valid entries require a "=", even if no value follows.
url_rewriter.tags =
"a=href,area=href,frame=src,input=src,form=fakeent ry"--clip--

One thing I noticed is that I had to create a folder called 'tmp' for it to
work.

Hope that help..
Scott F.


"Jami" <listmail@lightsparkdigital.com> wrote in message
news:005501c37cf8$f6bbeaf0$3900cf0c@Katya...

> Knew I forgot to mention something. No, register_globals are off. Using
> $_SESSION[] variables. I am logging in first. I log in fine, its when I
> try to go to another page via a link on the entry page that I get booted
> back to the login page. My scripts work fine on a Unix server, which is
> what I reluctantly had to go back to using as this projects deadline is
> too close not to do so. Its just on my computer locally that this does
> not work. Code is below, it is fairly long.
>
> Example Code:
>
> //validation.php
> include_once 'db.php';
> include_once 'common.php'
>
> session_start();
>
> $uname = isset($_POST['username']) ? $_POST['username'] :
> $_SESSION['username'];
> $pwd = isset($_POST['password']) ? $_POST['password'] :
> $_SESSION['password'];
>
> if(!isset($uname))
> {
> header("Location: login.php");
> exit;
> }
>
> $_SESSION['username'] = $uname;
> $_SESSION['password'] = $pwd;
>
> dbConnect("db");
> $sql = "SELECT * FROM admin WHERE
> admin_uname = '$uname' AND admin_pword = PASSWORD('$pwd')";
> $result = mysql_query($sql);
>
> if (!$result) {
> error('A database error occurred while checking your login
> details.\\nIf this error persists, please contact
> [email]support@example.com[/email].');
> }
>
> while($row = mysql_fetch_array($result))
> {
> $admin_id = $row['admin_id'];
> }
>
> $_SESSION['aid'] = $admin_id;
>
> if (mysql_num_rows($result) == 0) {
> unset($_SESSION['username']);
> unset($_SESSION['password']);
>
> header("Location:login.php?item=badlogin");
> exit;
> }
>
> __________________________________________________ _____
> //login.php
> ... this is an html page with the login form. When submitted it goes to
> index.php.
>
> __________________________________________________ _____
> //index.php
> include('validation.php');
>
> if(!$_SESSION['aid'])
> {
> header("Location:login.php");
> exit;
> }
> .... rest of page is HTML with a php include for the navigation....
> __________________________________________________ _____
> //nav.php
> <.a href="admin_signup.php">Add Admin</a>
>
> __________________________________________________ _____
> //admin_signup.php
> include('validation.php');
>
> if(!$_SESSION['aid'])
> {
> header("Location:admin_login.php");
> exit;
> }
> .... rest of page is HTML with a form that goes to add_admin.php for
> validation and submission to the database. Its when I try to go to this
> page via the link that I get sent back to the login page.
>
>
> Jami Moore
> LightSpark Digital Designs
> <mailto:contact@lightsparkdigital.com> [email]contact@lightsparkdigital.com[/email]
> <http://www.lightsparkdigital.com/> [url]http://www.lightsparkdigital.com/[/url]
>
>
>
>
> -----Original Message-----
> From: [email]Larry_Li@contractor.amat.com[/email] [mailto:Larry_Li@contractor.amat.com]
>
> Sent: Wednesday, September 17, 2003 3:08 AM
>
>
> Did you open register_globals = On in php.ini?
>
>
> -----Original Message-----
> Larry Li/CNTR/APPLIED MATERIALS@AMAT
> 09/17/2003 04:04 PM
>
> I believe all pages in your site are protected by session variables. Try
>
> to login first, then go where you want to go. Or try to remark codes
> which
> check your login status.
>
>
> -----Original Message-----
> "Jami" <listmail@lightsparkdigital.com>
> 09/17/2003 03:52 PM
>
> I'm working on a project, and up until recently was using my hosting
> account to do projects, but decided to update PHP on my comp to be able
> to work on projects locally. I'm running WindowsXP, PHP 4.3.2, Apache
> 1.3, and MySQL 3.23.53. The validation page is called on each page, but
> if I go to a page other than the entry page (which the validation page
> takes you to when you first log in), it throws me back to the login
> page. Has anyone run into this and have you solved it? Anyone have a
> suggestion? Code is rather lengthy, if you want it I can send it off
> list.
>
> Jami Moore
> LightSpark Digital Designs
> <mailto:contact@lightsparkdigital.com> [email]contact@lightsparkdigital.com[/email]
> <http://www.lightsparkdigital.com/> [url]http://www.lightsparkdigital.com/[/url]
>
>
>
>
>
>
>

[Jami]

Scott,

thanks for the suggestion, but my php.ini is the same as yours. And I
still have the problem. Any idea why $_SESSION[] variables would loose
data on my server type and not on another?

Jami Moore
LightSpark Digital Designs
[email]contact@lightsparkdigital.com[/email]
[url]http://www.lightsparkdigital.com/[/url]


-----Original Message-----
From: Scott Fletcher [mailto:scott@abcoa.com]

Upon closer inspection on the script, it look like either the
$_POST['***']
wasn't returning data or the $_SESSION['***'] doesn't have data in it
that
tripped the header() function. So, I'll take the assumption that the
$_POST['***'] does work as it alway does. So, it narrow down to
$_SESSION['***'].

Since you mentioned that you use it on both Unix and Windows. So, most
likely it all narrow down to php.ini. Can you check to verify that the
filepath is correct for Windows and that there is no issue with file
permission.