ID: 24144 User updated by: lehel at bin dot hu Reported By: lehel at bin dot hu Status: Bogus Bug Type: Session related Operating System: Linux 2.4.8 PHP Version: 4.3.2 New Comment:
Processing order index.php => submitted script => start.php Why I do not think this to be a script error is because: If index.php contains a <?php session_start (); $_SESSION["UserID"]=-1; $_SESSION["lastactive"]=time ()-4000; ?> at its beginning the problem vanishes, the $_SESSION array in start.php contains the expected values. But if I move this code into the login script, then everything goes wrong. I've checked the values in the $_SESSION array before jumping to start.php, and it contained the expected values, but when I removed the checker script, and restarted IE then the checker in start.php showed up with the wrong values. If I did not close IE but simply started the process all over, the expected values showd up in start.php . To me it seems, that the usage of the $_SESSION array is having a bug, which omits itself only in the script where the session_start () function is used the first time. In that script the second modification of values in the $_SESSION array somehow is not saved on the server, but if the script starts with an already active session then the modifications are saved. Previous Comments: ------------------------------------------------------------------------ [2003-06-12 04:43:23] [EMAIL PROTECTED] You're always unconditionally setting the two sessions variables: $_SESSION["UserID"]=-1; $_SESSION["lastactive"]=time ()-4000; Sounds like a script error -> bogus ------------------------------------------------------------------------ [2003-06-12 04:40:45] lehel at bin dot hu Description: ------------ This script is for logging in a user on a page. After the query $_SESSION variables are set according to the values stored in the database, I've checked them by echoing them. But when checking the same variables in start.php they contain the pre-set values that were set at the beginning of this script. After going back to the index script, and starting all over the login procedure, the results are as expected. It seems so that the session engine does not handle multiple value changes in the script where session_start is used at the first time on the page, bcause the usage of session_start on the submitting page solves the problem. db_Exec and db_Result are simple database wrappers. Reproduce code: --------------- session_start (); include_once ("Include/Common.php"); $_SESSION["UserID"]=-1; $_SESSION["lastactive"]=time ()-4000; $dbconn=db_Connect (); $query=db_Exec ($dbconn,"SELECT * FROM users WHERE username='$_POST[UserName]' AND userpwd='$_POST[UserPwd]';"); if (db_Num_Rows ($query)==0) { nupi_error ("Jelszó, vagy felhasználónév hiba!"); } $row=db_Fetch_Row ($query); $_SESSION["UserID"]=$row["user_id"]; $_SESSION["lastactive"]=time (); header ("Location: start.php"); Expected result: ---------------- $_SESSION["UserID"] = 0 $_SESSION["lastactive"] ... actual time in start.php Actual result: -------------- $_SESSION["UserID"] = -1 $_SESSION["lastactive"] ... actual time-4000 in start.php ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=24144&edit=1