ID:               24144
 User updated by:  lehel at bin dot hu
 Reported By:      lehel at bin dot hu
 Status:           Bogus
 Bug Type:         Session related
 Operating System: Linux 2.4.8
 PHP Version:      4.3.2
 New Comment:

Processing order
index.php => submitted script => start.php

Why I do not think this to be a script error is because:
If index.php contains a
<?php
        session_start ();
        $_SESSION["UserID"]=-1;
        $_SESSION["lastactive"]=time ()-4000;
?>

at its beginning the problem vanishes, the $_SESSION array in start.php
contains the expected values.
But if I move this code into the login script, then everything goes
wrong.

I've checked the values in the $_SESSION array before jumping to
start.php, and it contained the expected values, but when I removed the
checker script, and restarted IE then the checker in start.php showed
up with the wrong values.

If I did not close IE but simply started the process all over, the
expected values showd up in start.php .

To me it seems, that the usage of the $_SESSION array is having a bug,
which omits itself only in the script where the session_start ()
function is used the first time. In that script the second modification
of values in the $_SESSION array somehow is not saved on the server,
but if the script starts with an already active session then the
modifications are saved.


Previous Comments:
------------------------------------------------------------------------

[2003-06-12 04:43:23] [EMAIL PROTECTED]

You're always unconditionally setting the two sessions variables:

        $_SESSION["UserID"]=-1;
        $_SESSION["lastactive"]=time ()-4000;

Sounds like a script error -> bogus

------------------------------------------------------------------------

[2003-06-12 04:40:45] lehel at bin dot hu

Description:
------------
This script is for logging in a user on a page.

After the query $_SESSION variables are set according to the values
stored in the database, I've checked them by echoing them.
But when checking the same variables in start.php they contain the
pre-set values that were set at the beginning of this script.
After going back to the index script, and starting all over the login
procedure, the results are as expected.

It seems so that the session engine does not handle multiple value
changes in the script where session_start is used at the first time on
the page, bcause the usage of session_start on the submitting page
solves the problem.

db_Exec and db_Result are simple database wrappers.

Reproduce code:
---------------
        session_start ();
        include_once ("Include/Common.php");

        $_SESSION["UserID"]=-1;
        $_SESSION["lastactive"]=time ()-4000;

        $dbconn=db_Connect ();

        $query=db_Exec ($dbconn,"SELECT * FROM users WHERE
username='$_POST[UserName]' AND userpwd='$_POST[UserPwd]';");
        if (db_Num_Rows ($query)==0) {
                nupi_error ("Jelszó, vagy felhasználónév hiba!");
        }
        $row=db_Fetch_Row ($query);
        $_SESSION["UserID"]=$row["user_id"];
        $_SESSION["lastactive"]=time ();

        header ("Location: start.php");


Expected result:
----------------
$_SESSION["UserID"] = 0
$_SESSION["lastactive"] ... actual time

in start.php

Actual result:
--------------
$_SESSION["UserID"] = -1
$_SESSION["lastactive"] ... actual time-4000

in start.php


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=24144&edit=1

Reply via email to