Hello Everybody-

I am running on windows XP with apache2, php5, and mysql all installed and good.

I am having serious problems with sessions though. I have a collection of scripts that, as a whole, do my user authentication. But, I can't for the life of me, get sessions to register.

I know that it isn't the scripts because I had the exact same scripts running on my Linux computer and it worked like a charm. Basically, I think php sets the session, but it doesn't retrieve it when one refreshes the page.

session_start(); is at the beginning of every page I have and all the variables are correct but when I turn on all error reporting, I get undefined index errors telling me that the session variables ($_SESSION['user'] etc.) don't have values!

I'm pretty sure it's my configuration but I would be glad to post the scripts if anyone thinks otherwise.

Help!
Nay

is your php.ini file set up correctly??

Try outputting the pages to a page with <?php
phpinfo();
?>
in it and check to see if the session variables are being set.

I am fairly sure my php.ini is set correctly, I have included a picture of the phpInfo section about sessions so that everyone can see.

Also, when I set it to output the page to phpinfo, the session variables were not set

That looks ok, the same as mine.
Are you actually setting the session variable, like [php]$_SESSION['user'] = $_POST['user'];[php]
Can you post your code?

yeah, here's the login script:
<?php
session_start();
header("Cache-control: private");

if(isset($_SERVER['HTTP_REFERER']) && stristr($_SERVER['HTTP_REFERER'], '?') !=== FALSE){
$redirect = preg_replace('/\?(.*)/','',$_SERVER['HTTP_REFERER']); //Remove query strings
}
else $redirect = "/index.php";

if(!isset($_POST['user']) && !isset($_SESSION['user'])) header("location: /index.php");
else{
if($_SESSION['user']){
header("location: $redirect";
}
else{
// Get the posted username and password
$user = strtolower($_POST['user']);
$pass = $_POST['pass'];

// Include the flat-file
$file = file("users.php") or die("Problem getting the user details flat-file [users.php]");

// Get the size of file
$totalLines = sizeof($file);

// Get the users details line by line
$line = 0;
$match = 0;
do{
// Check the line isn't a comment
if("//" != substr($file[$line], 0, 2)){
// Break our records up
@list($username, $password, $permission, $email, $url, $dob, $location, $joined) = explode("<del>", $file[$line]);

// Check the username and passwords match
if((strtolower($user) == strtolower($username)) && (md5($pass) == $password)) $match = 1;
else $match = 0;
}

// Exit loop if match found
if($match == 1) break;

// Increment line count
$line++;
} while($line < $totalLines);

// Include the file or send them back
if($match == 1){
$_SESSION["user"] = $user;
$_SESSION["pass"] = $pass;
$_SESSION["permission"] = $permission;
$_SESSION["email"] = $email;
$_SESSION["url"] = $url;
$_SESSION["dob"] = $dob;
$_SESSION["location"] = $location;
$_SESSION["joined"] = $joined;

// Refresh page
header("location: $redirect");
}
else header("location: /index.php?fail=1");
}
}
?>

and here's snippets of a random page that is to use sessions:

<?php //TOP OF PAGE
session_start();
header("Cache-control: private");

// ........SKIP SOME.........


if(isset($_SESSION['user'])){
echo "<br />";

print (ucfirst(strtolower($_SESSION['user'])));

echo "&nbsp;|&nbsp;";

/* if ($_SESSION['location'] !== ""){
print $_SESSION['location'];
echo "&nbsp;|&nbsp;";
} */
// CURRENTLY NOT USING ABOVE COMMENTED CODE

echo "<a href='mailto:"; print $_SESSION['email'];
echo "'>"; print $_SESSION['email'];
echo "</a>&nbsp;|&nbsp;";

if ($_SESSION["permission"] > "1") echo "Admin";
elseif ($_SESSION["permission"] == "1") echo "Moderator";
elseif ($_SESSION["permission"] == "0") echo "User";

echo "<img alt='' width='20px;' height='15' src='/images/main_spacer.jpg' />";
echo "<strong>";
echo "<a class='heading' href='/members/logout.php'>Logout</a>";
echo "</strong>";
}
?>

The above script just returns nothing and if I turn on all errors, it gives an undefined index error, which, as I was told earlier, means that the array value I'm asking for isn't there

--Thanks

This line is incorrectif(isset($_SERVER['HTTP_REFERER']) && stristr($_SERVER['HTTP_REFERER'], '?') !=== FALSE){
$redirect = preg_replace('/\?(.*)/','',$_SERVER['HTTP_REFERER']); //Remove query strings
}

it should be if(isset($_SERVER['HTTP_REFERER']) && stristr($_SERVER['HTTP_REFERER'], '?') !== FALSE){
$redirect = preg_replace('/\?(.*)/','',$_SERVER['HTTP_REFERER']); //Remove query strings
}

Not identical is !== not !===

Also this line header("location: $redirect";
should be header("location: $redirect");

Turn on error display or logging and save yourself a lot of wasted time.

...I had the exact same scripts running on my Linux...uh-huh...

I got rid of some comments and added the $redirect variable when I posted the scripts so thats why they are a lil' wacky.
The stristr($_SERVER['HTPP_REFERER'], '?') !=== FALSE part was taken directly from the PHP manual at http://us2.php.net/manual/en/function.stristr.php

With those changes, sessions still aren't working.



Error display and logging are both on, I just have it so that it won't display notices because that's how I like the configuration. Not like its a hassle to turn it on if I am having some unknown problems.

And I was using the same scripts on linux, I only made some changes that were purely for ease of use and to be visually pleasing... There isn't much reason to say that I used the scripts on linux if I didn't.

I found something new I think...

I just logged out, then logged in and went to the phpInfo.php page and the screenshot is shown below. It shows that the cookie was set and that I have a session ID

I found out that the problem is that php is, instead of continuing the previous session, creating a new session when the user is redirected. Anybody have a solution?

I have newer information in my problem--

First, I found that the session cookie is only being set some of the time. And second, I found that even when the cookie is set, the pages only sporadically follow the session ID the cookie sets, but most of the time, the pages simply write over the cookie with a new regenerated ID.

It seems that when you follow a link on the site, the ID is lost. But when you actually type a url and then follow it, the ID is kept? It's very strange.

Please help!

Sounds stupid but do you have a Temp folder setup to accept and store the sessions?

I'm having the same problem... Follow a link and a new session is set but type the url it saves state.

Does anyone have a solution or even any leads?

It doesn't seem to be version or OS specific.

Oh, and everything is set up properly, tmp directories etc...

I don't know if people have solved this yet or not... But I've finally managed to track down what my problem was and thought I'd share as this has been the most annoying problem for a long time...

One question. Are you running a firewall? If so check to see if it's blocking the cookies... Once you've opened it up it'll work fine...

Thanks for this info.

Hi I have the same problem. Tried turning off Windows Firewall but no success. Was wondering did you have to do anything else?

Donal