Join 244,146 PHP Programmers for FREE! Get instant access to thousands of PHP experts, tutorials, code snippets, and more! There are 1,351 people online right now. Registration is fast and FREE... Join Now!
I am currently working on an authentication system that was built before I took over the site. Everything was working fine, but all of a sudden the sessions are changing the id when I go to a particular page.
I have pages index.php, admin.php, set_order.php.
All three of the pages have session_start() at the top, and nothing before them.
The user logs in at index.php, and is redirected to admin.php. At this point the session stays the same. However, moving from admin.php to sort_order.php causes the session_id() to change, thus logging my users out. the set_order.php file is located in the 'scripts' directory.
Finally, this is the content of set_order.php.
php
<?php
session_start();
if (isset($_GET['order'])) $_SESSION['order'] = $_GET['order']; header("Location ../admin.php");
?>
When I echo out session_id() on that page, it's different.
Any help would be greatly appreciated. I'm about at my wits end here.
This post has been edited by akozlik: 6 Oct, 2008 - 10:50 AM
you probably don't want to post the entire admin.php, but could you at least show us some of it? There must be something in that code that is changing it. Are you switching on a header/exit method or a clicked link?
Basically the admin.php gets to the set_order.php page by dynamically creating a link like
set_order.php?order= and then whatever order to sort by.
The sessions stay the same from index.php to admin.php, but change when it navigates to the set_order.php file. The set_order file sets a session variable, and then redirects via a header()
Also, I just tried changing the link
html
<a href="scripts/set_order.php?order=last_name">
to
html
<a href="admin.php?order=last_name">
That didn't work either, so something weird's going on. All my links are relative paths, and not direct URLs.
have you tried printing the id at the beginning and end of the admin.php page? It seems most likely this is the culprit as there is little code in set_order to do anything, let alone change the id, also have you checked any includes for problems?
Without more php code it is hard to know what is causing it.
This post has been edited by William_Wilson: 6 Oct, 2008 - 11:41 AM
limiting the code in your admin page may help track it down as well. Try commenting out all lines that use includes and anything that occurs more than once, like your links, so that only 1 remains, this will allow you to comment them out one or a few at a time and find it, I've run into these random issues myself and often it is simply an overlooked line.
That's the thing is that most of the code on the admin.php page is simply making some queries, looping through the results and echoing them out the page. There aren't many included files, and those that are included, I ran through the session_ids and they were fine. The problem's only happening when I refresh the admin.php, or link to another page from it.
Is the app not using cookies for session ID transmission, and the PHPSESSIONID is not being passed in the URL that's constructed? Could there be a permissions problem on the directory where sessions are stored?
I double checked like CTphpnwb did but also was unable to find an error, the only thing I can think is prehaps the ini file has the sessions set to a few seconds, this would then distroy the session file and when the session_start is called again generate a new. Only thing I can think that would really do it at this point.
When the new session is created, does the data from the old session (not including ID) get transferred to the new session?
If it does, then I would have to assume that session_regenerate_id() is being used somewhere else, and you should get rid of it wherever it is.
If it is not transferring other session data, then the session timeout is probably very small, and you probably will have to use ini_set() to change the session.gc_maxlifetime setting in your php.ini file to something bigger.
The session holds data between the index and admin pages, but not when the admin page refreshes, or goes to the set_order page. The session is not timing out because it holds the session data between the working pages without timing out. I'm starting to think it's a server issue or something. I'll check the max_life setting in my ini and see if that works. I think I may end up rewriting the whole thing anyway, just because it runs super slow and needed some improvements.
Nope, unfortunately I think it's a problem that lies farther than what's in the code. I'm going to be rewriting it this week though, so hopefully no problems will occur.
I just tried to duplicate the problem but can't. Even with multiple session_start() calls.
It is very possible that this has been resolved, but it was an issue I ran into with past version of PHP and thought it was worth a shot.
If you are willing to share the code, or pm it to me, I could test it and make sure it is within your code, but this is completely up to you. I'd hate for you to rewrite it and it's a PHP installation issue.
Unfortunately I can't send the code. It's a proprietary site being written for my university's use, and they'd go bonkers if they found out about that.
However, rewriting it won't be a problem. The person who wrote it before me front loaded all of the information from the database and echoed it out to the browser. Unfortunately we have 100+ students apply to this program, so whenever the page was refreshed it would literally take a minute to load. That was after any sort of change, so it definitely needs to be rewritten.
No worries, if you figure out what the problem was, or have a guess after re-writing, post it, I'm kind of interested to know what's causing it.
Yeah it's something I'm going to be taking a deeper look at. I've been running through server logs and reading all my session files, and nothing's helping. I'll have to take a closer look once I have some time.
Forum Index:
Programming Help |
C and C++ |
VB6 |
Java |
VB.NET |
C# |
ASP.NET |
PHP |
ColdFusion |
Perl and Python |
Ruby |
Databases |
Other Languages |
Game Programming |
Mobile Development |
Software Development |
Computer Science |
Industry News |
Programming Tutorials |
C++ Tutorials |
Visual Basic Tutorials |
Java Tutorials |
VB.NET Tutorials |
C# Tutorials |
Linux Tutorials |
PHP Tutorials |
ColdFusion Tutorials |
Windows Tutorials |
HTML/JavaScript Tutorials |
CSS Tutorials |
Flash Tutorials |
Web Promotion Tutorials |
Graphic Design & Photoshop Tutorials |
Software Development Tutorials |
Database Tutorials |
Other Language Tutorials |
ASP.NET Tutorials |
Game Programming Tutorials |
Even with multiple session_start() calls. 
| 
