Environment: Linux , PHP 4.2.3,MySql 3.23.39,Apache, and so on
The Problem:
I have a user authentication script that uses sessions to track the user
id. Everything works fine with HTTP, but $_SESSIONS['var'] renders nothing
under a secure connection (SSL). Using $_SESSION['myVar']=
'myValueGoesHere' loses its value, once I move to another page. Even when
I use SESSION_START() before accessing the value (like echo
$_SESSION['myVar']).
The PUZZLE:
If I print a character before starting the session (as we all know is
illegal), the secured page will access $_SESSION['myVar'] with no
problems - minus the warning messages for printing chars before
session_start(). print_r($_SESSION) will display all of its
content properly, but will be lost when I move to another page.
Any suggestions?
===Sample CODE =====
===Class_Page.php has ===
//this is a general class that handles the general site
//it pretty much holds all the application's functions
...
//the function AuthenticateUser() is used to valid a user's access.
//if $_SESSION['userid'] exist, then the user is logged in.
//otherwise, the user is prompted to login
class Page {
var $INFO;
function Page(){
session_start();
...
}
.
.
.
function AuthenticateUser(){
if(isset($_SESSION['userid']) and !empty($_SESSION['userid']) ...){
//user is already logged in
$this->INFO = $this->getUserInfo($_SESSION['clientid']);
return True;
}else{
$usr = $_POST['username']; //simplified code. no security.
$pas = $_POST['password'];
$qry = mysql_query('select * from users where usr=$usr and
pass=$as ...) or die($this->ErrorDisplay);
if(mysql_num_rows($qry)>0){
$validUser = mysql_fetch_object($qry);
session_start();
$_SESSION['userid'] = $validUser->uid;
$_SESSION['username'] =$validUser->uname;
...
return True;
}else{
$_SESSION=Array();
session_destroy();
$this->ErrorDisplay('invaliduser');
return False;
}
}
} //end of class
//==== Privatepage.php
include(class_Page.php);
$page = new Page;
//access control
if($page->AuthenticateUser()=='True'){ //a valid user
//display content
print_r($_SESSION) //test session contents
}else{
$page->ErrorDisplay('noaccess');
}
The above code fails when runned as-is. However, if I print any character
before testing the sesion values, it will run.
Like:
function AuthenticateUser(){
//normal: DOES NOT WORK
session_start();
print_r($_SESSION); //prints empty array
//weird: WORKS with HEADER() warnings...
echo ' ';
session_start();
print_r($_SESSION); //prints SESSION content
...
}
=P e p i e D e s i g n s
www.pepiedesigns.com
Providing Solutions That Increase Productivity
Web Developement. Database. Hosting. Multimedia.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
