Sessions HOWTO - lacking understand and know how on my part

[mrmtek]

I have a form which sets the user id, how do you set/read/display the session variable on the called page and all other linked pages?.

called page filepath/index.php
<?php
session_start();
header("Cache-control: private");
echo $user_id;
?>

index.php - self posting form, where user enters member id and the submits form, which calls the following.

<?php
session_start();
header("Cache-control: private");
session_unset();
session_destroy();

$username = $_POST['shareid'];
$con = mysql_pconnect ("localhost", "woolnet_user", "","woolnet_exwool") or die("Error: " . mysql_error());
mysql_select_db ("$db");
$result = mysql_query("SELECT username FROM USERS WHERE username = '$username'");
$row = mysql_fetch_array($result);
if ($username = $row["username"]){
session_register('user_id');
$_SESSION['user_id'] = $username;
header("Location: filepath/index.php");
exit;
} else {
header("Location: 401.shtml");
exit;
}
?>

 

[spookie]

echo $_SESSION['user_id']  ;

should output the stroed session value for user_id, in the called page.

Also your if condition should be

if ($username =[COLOR=red]=[/color]$row["username"]){

--------------------------------------------------------------------------
I never set a goal because u never know whats going to happen tommorow.

 

[mrmtek]

Still not working , using the following to out put:

<?php
session_start();
header("Cache-control: private");
echo $_SESSION['user_id'] ;
?>

thank you, for pointing out the base error on the if statement, according to the manual it should work.

Iam using the following

Mandrake 9.2 operating system

My browser is :

Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3.1) Gecko/20030428
and PHP 4.3.0

Where do I go now?? back to reading, praying or would burning a Microsoft marketing rep help??- LOL, just joking.

thank you

 

[sleipnir214]

Here is a pair of test scripts:

test_set_session.php:

<?php
session_start();
$_SESSION['foo'] = 'bar';

print '<html><body><a href="test_get_session.php">click</a></body></html>';
?>

test_get_session.php:

<?php
session_start();

print '<html><body>The value of $_SESSIION[\'foo\'] is "'. $_SESSION['foo'] . '"</body></html>';
?>

Write both to your server and point your browser at test_set_session.php. When you click on the link, what does the second script display?



Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[mrmtek]

returns -

The value of $_SESSIION['foo'] is "bar"
which is nice!!!...

Had look at my code and got it passing the value to the first page ok, however any other page does not display the session value??

base structure as follows:

root\index.php
<?php
session_start();
session_unset();
session_destroy();
header("Cache-control: private");
$username = $_POST['shareid'];
$con = mysql_pconnect ("localhost", "user", "","database") or die("Error: " . mysql_error());
mysql_select_db ("$db");
$result = mysql_query("SELECT username FROM USERS WHERE username = '$username'");
$row = mysql_fetch_array($result);
if ($username ==$row["username"]){
session_register('user_id');
$_SESSION['user_id'] = $username;
header("Location: subfolder/index.php");
exit;
} else {
header("Location: 401.shtml");
exit;
}
?>
user enters memberid submits form - page jumps to
subfolder/index.php - session value is displayed,
using thus:
<?php
session_start();
header("Cache-control: private");
echo $_SESSION['user_id'] ;
?>

any other page from there on that is called does not display the session value on the page, ???

all other pages in the subfolder have the same code placed in them??.

Thank you for your time on this matter.

 

[bevort]

I do not understand why You, after first starting the session, unset id an destroy it?
If You destroy Your session You actualy don't have it anymore. So retriving information from it won't work.

Normaly a session shall live untill the user lives You site. I put my destroy statement in the logout form after cleaning up the session first.
If You want to destroy Your session here You must save the values in variables first. You may take a look at the password script I made for my site (its free) at prods.bevort.com. It seems to handle the most of what You want for controling login

 

[mrmtek]

thank you, the destroy bit - was my primitive effort to reset the session when the user returned to the main index.php page.

 

[mrmtek]

We are not allowed to use cookies at all, Australian laws are getting a bit too hard, so we are keeping away from cookies at all costs just to save legal problems in the future.

 

[mrmtek]

INTERESTING - I have uploaded the scripts to the web, and it works ok, must be the setup of my test php/server, thank you for the help, great to know people are willing to help out.

Now to find out what settings have to be made to my computer to get it working - wasted a lot of time.

THANK YOU

 

[sleipnir214]

Mikalm:

I noticed you're using the "Location:" HTTP header to redirect your user's browser, and you've mentioned that on your test server your code does not behave well.

Your test server wouldn't happen to be written by Microsoft, would it? Microsoft's web servers (IIS and PWS) have this weird quirk in that if you use the "Location:" header, the server will not also send cookies.



Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[mrmtek]

no i am using a linux server, getting away from microsoft products all together, in this instance.

And the script works ok on the first page called, but not for any other page after, so this problem remains open.

to reiterate the problem:

root/index.php - user enters member id, submits page, member id is matched against the sql database if ok, set the session variable to member id then jump to newpath/index.php, the session vaiable value is displayed ok, but if you move to another page the session vaiable value is lost, how do you code the other pages to keep the session vaiable value alive.

<?php
session_start();
header("Cache-control: private");
echo $_SESSION['user_id'] ;
?>

 

[sleipnir214]

Is every script that uses session variables invoking session_start()?



Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[mrmtek]

yes, is that the problem, ie session_start is causing the session value to be destroyed???

 

[sleipnir214]

Probably exactly the opposite.

PHP's session-management system must be started every time a session-using script runs. There are two ways to do this -- one is in php.ini to set session.auto_start to "1" or "on" or "true", the other is to invoke session_start().

If you don't have one, you need the other. I recommend leaving session.auto_start off and using session_start() where you need it.

As an aside, I'd dump the "Cache-control" header -- IE is very squirrely when it comes to that header.

But I'm confused. You say that the code I posted works, but yours doesn't?



Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[mrmtek]

the code works fine - I can pass a session value from one page to another just fine - however how to keep the sesssion value alive for any following pages as listed below.

page1 to page2 passes the session value, but when you try to pass the session value from page2 to page3 it does flow.

 

[sleipnir214]

What does the third script look like?



Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[mrmtek]

the third -4th and so on have the following in the top section of the page:

<?php
session_start();
header("Cache-control: private");
echo $_SESSION['user_id'] ;
?>

objective here is to get users member , so that it can be used to display reports and data relating to that members details held on the database for each page within the site

 

[sleipnir214]

So you first go to a script that sets the session variable $_SESSION['user_id'].

Then you point your browser to another script that references the variable -- and it's there.

Then you point your browser to a third script that references the variable -- and it's not.

Sounds to me like there's something screwy going on in your code.





Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[mrmtek]

correct - thats the problem

each called page has
<?php
session_start();
header("Cache-control: private");
echo $_SESSION['user_id'] ;
?>

just to display it on the top of the page to see if it is working

 

[bevort]

It seems to me that You may have a problem with Your

header("Cache-control: private");

Theres always a cookie in the clients computer to keep track of the session ID.

What I normaly do in cases like this is starting from scratch. Crate only 3 empty pages and get them to show the sessionvars correct. Than build in the rest.

"The more code You use, the more errors You get"

Vincent Bevort