[PHP-DB] Re: Sessions help needed !!!

[Neil Smith [MVP, Digital media]]

At 22:19 17/02/2006, you wrote:

From: Chris Payne [EMAIL PROTECTED]
To: php-db@lists.php.net
Date: Fri, 17 Feb 2006 17:18:57 -0500
Message-ID: [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary==_NextPart_000_000F_01C633E6.3C6626A0
Subject: Sessions help needed !!!

Hi there everyone,

OK this script worked perfectly on my own apache webserver and I had to move
it to the main live server, but for some reason it's not passing session
values in the same way and i'm positive it's something damn obvious.

On my server I can use:

echo $credits_system;
echo $credits_left;
echo $foldername;



Does it work if you ask for $_SESSION[credits_system] etc ?

The reason I ask is from the code above, you're using globally scoped 
variables, which would require you to be using either an old version 
of PHP on your test server, or have to manually enabled register_globals.


Register globals is of course a major security risk in that it 
pollutes your variable namespace with whatever the user feels like 
sending to your server in $_GET, $_POST, $_COOKIE etc etc. So your 
code can be easily manipulated into undefined behaviours unless you 
declare and initialise every variable it uses.




To display the information to make sure it is being passed, but it returns
blank on their server (Same versions of everything except I didn't install
it so it may have something turned off in the config - which i don't have


I think you need to look at phpinfo() for that server. Check 
register_globals, it will be 'off'.
Turn it 'off' on your test server so it mirrors the live environment 
and see if your code still works (it probably won't).


The other check to make with the hosting company - I've only seen 
this once or twice on cheap hosting :
See if they're using multiple servers. The session handler by default 
uses files, which are local to an individual server.


If you visit the 'page' again, you may well be being server from 
another web server in a cluster. Of course that server knows nothing 
about the local session files on the server you initially got sent 
the page from, cause they're on another machines' filesystem, thus 
replicating your problem.


The answer in that case is to register your own session handler (such 
as a DB) which resides on a known server.




control over, sigh).  The thing is, the last one - $foldername I MUST have
access to as the database uses this as a reference for searches and without


I don't understand what you mean by that, can you expand some more ?
It's not clear how the database uses 'foldername' - is it 
concatenated as part of a query ?




this working I can't pull the data I need ($foldername is an ID and also
refers to physical folders/directories on the apache webserver for video



If as noted above your host clusters servers, then you're SOL and 
will have to manage a central file repository or call across servers 
with fopen() etc to get at the [distributed] data in the $foldername path.


Cheers - Neil  


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DB] Re: Sessions help needed!

[Ronaldo Villarosa]

It recently happened to me too... however, I use the session_id() to keep
track of the same session... I also use a table to check on who's who..

Anyway, it was working fine and all of a sudden the client complained that
no one can log in...  I echoed the session id of the pages and saw that
different session ids were being given by SESSION_ID() when the user goes
from one page to another...

Basically, the system thought that each page visited is another session...
when I can the session table, i saw that the user was autheticated ok... and
that the session was log during login.

When he was transfered to the welcome page, the check_session routine,
checked the session_id agaisnt the log and since it gave him a new session
id, the system thought he wasn't logged in and proceeded to ask him to log
again...

Anyway, in both our cases, the session wasn't being kept -- making each page
visit seem a new session...

SOLUTION -- at least for us:

It turns out that their sysad upgraded to the latest PHP and with it came a
new config:

SESSION_ONLY_COOKIES

This is a new config and it was ON and it wasn;t present in the previous PHP
version.  I just asked them to turn it of and test it and it worked again.
session ids were the same and therefore...

Hope this helps..

John Fuller [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]

 Hello all,
 I am new to php in general and am trying to set up a user
authentification system with mysql.  The registration page works well and
sends all of the data to the appropriate table in mysql.  However, when I
try to get the registered user to log in and start a session, the system
will not remember the session information past the page.  For instance, this
page will not work (the one that initially is supposed to register the
session from the login form):

 ?
 session_start();
 $username=chris;
 $database=login;

 $login = $_POST['login'];
 $password = $_POST['password'];
 if((!$login) || (!$password)){
  echo Please enter ALL of the information! br /;
  include 'login.php';
  exit();
 }
 mysql_connect(localhost,$username);
 @mysql_select_db($database) or die( Unable to select database);
 $sql=mysql_query(SELECT * FROM login WHERE login='$login' AND
password='$password');
 $login_check = mysql_num_rows($sql);
 if($login_check  0){
   // This is where I register the session
   session_register('login');
   $_SESSION['login'] = $login;
   mysql_close();
 include 'success.php';
 } else {
  echo You could not be logged in! Either the username and password do not
match or you have not validated your membership!br /
  Please try again!br /;
  include 'login.php';
 }
 ?

 It proceeds to login the user for that page (I know this happens because I
have played around with it looking at the error checks), but it will not
display any variable that resembles $_SESSION['login'].
 The next page sequentially (success.php) looks like this:

 ?
 session_start();
 echo 'Successful login for $_SESSION['login']';
 ?

 Any and all variations of this page come up blank and white whenever the
variable $_SESSION['login'] is called to display. It shows no memory of me
registering a session.  Any variation of quotes verse apostrophes changes
nothing, so I figure that either I am blatantly screwing up the session code
(possible for I have never written any sessions before) or my system is not
supporting sessions.  I have a php4 something, windows, apache 1.3.27 for my
home network server, and mysql.  Any help on this problem would be greatly
appreciated.
 Thanks a lot for your time, John




 -
 Do you Yahoo!?
 SBC Yahoo! DSL - Now only $29.95 per month!



-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php