Posted by Erwin Moller on 08/31/07 15:07

Eddie wrote:
> I am having difficulty in setting variables in a session, and then
> accessing those variables throughout the web pages that they click
> on. After having them set a user name and password, successfully
> authenticating against Active Directory, I send them from the
> login.php page to the index.php page. But when I get to the index.php
> page, the session ID is visible, but the session variables and values
> are not. Can you help me out? Also, I'm curious how to distinguish
> between various sessions if multiple ones are available. My files are
> below. Thanks.
>
> Eddie

Hi Eddie,

First: A client (browser) does NOT have multiple sessions.
It can have multiple sessions to DIFFERENT DOMAINS, but not within one.

The session is defined by the value of PHPSESSID, which can be stored in
a cookie, or via URL-rewritting, or even hidden var in POST.
As long as PHP received a PHPSESSID, you have a session.

IF PHP has a corresponding file with that id, you have a session.


>
> -- excerpt of login.php page
>
> start_session();
>
> $user= $_POST[u];

Why don't you use formal notation for associative arrays?
$_POST["u"];

> $pass= $_POST[p];
>
> if (isset($_SESSION[user]) and ($_SESSION[user]==$user)){
>
> $_SESSION[auth] = admin_all;

What is admin_all?
Didn't you mean:
$_SESSION["auth"] = "admin_all";
or maybe
$_SESSION["auth"] = $admin_all;



> $_SESSION[user] = $user;
> $_SESSION[timelast] = time();
> $_SESSION[email] = 'testemail@testdomain.com';
>
> header('Location: http://mydomain.com/index.php');

You forgot the exit command here.
Setting a header will NOT stop the script.
It runs on, and I have no clue what follows. Maybe a reset on the session?

> }
>
> but when I go to the on to the index.php page, I cannot see the
> results. What am I missing?
>
>
> -- excerpt of index.php page
>
> $sessname = session_name();
> $sessid = session_id();
> session_start();
>
> print "<pre>\nContents of \$_COOKIE:\n";
> foreach ($_COOKIE as $k => $v) {
> print " $k = $v\n";
> }

This can be done much easier with print_r, like this:
echo "<pre>";
print_r($_COOKIE);
echo "<pre>";

same for $_POST and $_GET and $_SESSION.
Use print_r() (with pre) to dump ANY (complex) array.


>
> print "\nContents of \$_SESSION:\n";
> foreach ($_SESSION as $k => $v) {
> print " $k = $v\n";
> }
> print "</pre><br>";
>
> print "sessionuser = " . $_SESSION[user] . " <br>";
> print "sessiontimelast = " . $_SESSION[timelast] . " <br>";
>
> -- output of index.php page
>
> Contents of $_COOKIE:
> PHPSESSID = e12d796fc6e373569202c58d8f096815
>
> Contents of $_SESSION:
> user =
> timelast =
>
> Session name = PHPSESSID
> Session id = e12d796fc6e373569202c58d8f096815
>
> -- excerpt of php.ini file
>
> session.use_cookies = 1
> session.name = PHPSESSID
> session.auto_start = 0
> session.cookie_lifetime = 0
> session.serialize_handler = php
>

Also: are you sure you stay in the same domain after the
header("Location.....");
??
Sessions cannot (easily) span domains, luckily. ;-)

Regards,
Erwin Moller

[Back to original message]