Broken Sessions - Dev Shed

Dev Shed Forums Sponsor:

Stop making mediocre tutorials.The best tutorials are video! Camtasia Studio makes it easy to create engaging, buzz-building screen videos at any size, in any popular format. Download the free trial!

May 8th, 2008, 07:15 PM

jakenoble

System.out.println("eh?");

Join Date: Feb 2004

Location: Derbyshire

Posts: 817

Time spent in forums: 5 Days 10 h 8 m 25 sec
Reputation Power: 25

PHP5 - Broken Sessions

Hi All

I have been working on some OO code in PHP5 for a site. I have just broken sessions, and I have no idea how.

I only ever unset() them on a logout page, this is never viewed/accessedd in this case.

1) I POST to login, it validates, then writes the sessions
2) A META refresh then reloads the page with these valid sessions and takes me to my account
3) All is well
4) If I click refresh or go to another page, as soon as the new page loads (straight after I call session_start()) $_SESSION is completely empty, the PHPSESSID cookie remains, but the session data server side has gone.

Has anyone else had this happen unexpectedly to them also?
Is there anything in PHP that can unset or break sessions, even without calling unset()?

Thanks for any help, I am going out of my tree with this one

May 10th, 2008, 06:50 PM

mr.mofo

Contributing User

Join Date: Aug 2005

Posts: 101

Time spent in forums: 1 Day 12 h 48 m 4 sec
Reputation Power: 3

Where is your session_start(); ?
It should be the very first line after <? php

__________________
We Live; We Love. We Hate; We Die.

May 10th, 2008, 08:19 PM

GameYin

Contributing User

Join Date: Jan 2008

Location: Whiteford, MD

Posts: 348

Time spent in forums: 3 Days 11 h 54 m
Warnings Level: 5
Reputation Power: 60

He said he did that. Post the code for the page that is "broken" and the page where session is set. The original one.

__________________
Adwords Professional
You can give me

May 12th, 2008, 03:03 PM

jakenoble

System.out.println("eh?");

Join Date: Feb 2004

Location: Derbyshire

Posts: 817

Time spent in forums: 5 Days 10 h 8 m 25 sec
Reputation Power: 25

Quote:

Originally Posted by GameYin

He said he did that. Post the code for the page that is "broken" and the page where session is set. The original one.

Hi

Thanks for the input. I have included the code below, I do not know how much of a use it will be.

PHP Code:

Original - PHP Code

function isCron()
{
    if(isset($_SERVER['SHELL']) &&  $_SERVER["SHELL"]== "/bin/sh")
        return true;
}
if(!isCron())
{
    session_start();
    date_default_timezone_set('Europe/London');
}
 
 
 
date_default_timezone_set('Europe/London');
 
 
define("SITE_GENERIC_ERROR_MESSAGE", WEBSITE." error - please go back and try again.");
 
ini_set('include_path', '.:'.PEAR_ROOT.':'.OBJECT_ROOT.':'.SCAFFOLD_ROOT.':'.UTIL_ROOT.':'.TYPES_ROOT.':'.SMARTY_ROOT.':'.IN  TERFACE_ROOT.'');
 
require_once ('ut_global_functions.inc');
require_once ('interface_object.inc');
require_once ('object.inc');
require_once ('type.inc');
require_once ('ut_page.inc');

This function ( login() ) is caled once POST data has been verified, this executes successfully and then calls onLogin.

PHP Code:

Original - PHP Code

 
    public function login()
    {
        if($this->load($this->login_admin_username,'username'))
        {
            if($this->get('lock_until') > time())
                return '<span class="error">You have failed to login in too many times, your account has been automatically locked for '.LOCKOUT_MINS.'</span>';
 
            else if(trim($this->login_admin_password) !=  $this->get('password'))
            {
                $fails = $this->get("failed_logins");
                $fails++;
                $this->set("failed_logins", $fails);
                if($fails >= FAILED_LOGIN_LIMIT)
                    $this->set("lock_until", time()+(60*LOCKOUT_MINS));
                
 
                $this->save();
                
                return '<p class="error">The details you entered were incorrect.</p>';
            }
            else if(trim($this->login_admin_password) ==  $this->get('password'))
                if($this->onLogin())
                    return '<span class="success">Your login was successful</span><meta  http-equiv="refresh" content="0;url='.LIVE_ADMIN_URL.'">';
                else
                    return '<span class="error">An internal error occured while processing your login, please try again.</span>';
            else
                return '<span class="error">An internal error occured while processing your login, please try again.</span>';
        }
        else
            return '<span class="error">The details you entered were incorrect.</span>';
    }

Line 23 above returns true and the page is redirected, once the page is redirected and I var_dump($_SESSION) everything is set. If I then refresh or go to another admin page the sessions have gone completely. onLogin function below is where the sessions are set.

PHP Code:

Original - PHP Code
private function onLogin($isAuto = false) { $_SESSION['password'] = $this->login_admin_password; $_SESSION['username'] = $this->login_admin_username; $_SESSION['logged_in_at'] = time(); $logins = $this->get('logins'); $logins++; if(!$isAuto) $this->set("logins",$logins); $this->set("failed_logins",0); $this->set("lock_until",0); $this->save(); return true; }

 
    private function onLogin($isAuto = false)
    {
        $_SESSION['password'] = $this->login_admin_password;
        $_SESSION['username'] = $this->login_admin_username;
        $_SESSION['logged_in_at'] = time();
 
        $logins = $this->get('logins');
        $logins++;
        
        if(!$isAuto)
            $this->set("logins",$logins);
            
        $this->set("failed_logins",0);
        $this->set("lock_until",0);
        $this->save();
 
        return true;
    }

Thanks for your time and efforts.

Jake

Viewing: Dev Shed Forums > Programming Languages > PHP Development > PHP5 - Broken Sessions

« Previous Thread | Next Thread »

Thread Tools	Search this Thread
Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts vB code is On Smilies are On [IMG] code is On HTML code is Off

View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox

Forum Jump

Free IT White Papers!

Accelerating Trading Partner Performance
One in five. That's how many partner transactions have at least one error. That is an amazing statistic, particularly given the extraordinary leaps in innovation across the global supply chain during the past two decades. Download this white paper to learn more.

Competing on Analytics
This Tech Analysis is designed to help identify characteristics shared by analytics competitors, and includes information about 32 organizations that have made a commitment to quantitative, fact-based analysis.

Cost Effective Scaling with Virtualization and Coyote Point Systems
An overview of the industry trend toward virtualization, how server consolidation has increased the importance of application uptime and the steps being taken to integrate load balancing technology with virtualized servers.

Five Checkpoints to Implementing IP Telephony
Implementation planning for IP PBX software and IP telephony has become vital as businesses replace discontinued legacy PBX phone systems. This informative whitepaper outlines five "checkpoints" for any implementation plan that will help make IP communications a successful proposition.

Hosted Email Security: Staying Ahead of New Threats
In the last two years, email has become a fierce battleground between the nefarious forces of spam and malware, and the heroes of messaging protection. The spam volumes increased alarmingly every month, bringing clever new forms of phishing and virus propagation attacks.

More Free IT White Papers!