$_SESSION['loggedin'] not working properly

**Steve Belanger** · Apr 16 '07, 08:25 PM

Re: $_SESSION['loggedin'] not working properly

not sure if that will help, but if PHP was set to use cookies on client side
to save session, and the user doesn't have cookies enabled, it might pause a
problem.

Steve.

"damezumari " <jannordgreen@g mail.comwrote in message
news:1176746218 .779211.135160@ n59g2000hsh.goo glegroups.com.. .

When a user logs in to my site http://iwantyourquestion.com I set
$_SESSION['loggedin'] to true if his username and password are OK.
When he calls a page I check if $_SESSION['loggedin'] is true. If it
not I ask him to log in.
>
Every page has at the start:
>
session_start() ;
ob_start();
>
A user just told me that he was asked to log in again after he entered
his username and password. If they were incorrect he would be sent
back to the login page, but that was not what happened. He was asked
to log in again.
>
The only reason I can think of is that $_SESSION['loggedin'] was not
stored correctly. But why not?
>
When he tried to log in a second time everything worked fine. He was
allowed in.
>
Has anyone else experienced this and know why it happens?
>
Regards,
>
Jan Nordgreen
>

**Gordon Burditt** · Apr 16 '07, 10:45 PM

Re: $_SESSION['loggedin'] not working properly

>When a user logs in to my site http://iwantyourquestion.com I set

>$_SESSION['loggedin'] to true if his username and password are OK.
>When he calls a page I check if $_SESSION['loggedin'] is true. If it
>not I ask him to log in.
>
>Every page has at the start:
>
>session_start( );
>ob_start();

You forgot the part that begins <?php and *DOES NOT* have a DOCTYPE
line or any white space before it.

>A user just told me that he was asked to log in again after he entered
>his username and password. If they were incorrect he would be sent
>back to the login page, but that was not what happened. He was asked
>to log in again.

This is believable if he started a new session, which could happen a
number of ways:

- The user's browser doesn't accept cookies.
- The user cleared cookies.
- The user exited and restarted the browser, and your page uses
session cookies.
- The cookie expired. I'm not sure what your expire time is, but maybe
the user stayed logged in over a long lunch or weekend?.
- One of your pages forgot the session_start() call.

>The only reason I can think of is that $_SESSION['loggedin'] was not
>stored correctly. But why not?

Losing the session cookie is a major possibility. So also is running
out of disk space to store session data in.

>When he tried to log in a second time everything worked fine. He was
>allowed in.
>
>Has anyone else experienced this and know why it happens?
>
>Regards,
>
>Jan Nordgreen
>

**Vince Morgan** · Apr 17 '07, 02:05 AM

Re: $_SESSION['loggedin'] not working properly

"Gordon Burditt" <gordonb.cdgrp@ burditt.orgwrot e in message
news:1327v1qcni edkd4@corp.supe rnews.com...

Losing the session cookie is a major possibility. So also is running
out of disk space to store session data in.

Jan Nordgreen

>
>

If I may, how is session data saved to disk? Do you mean at the client end,
with cookies, or on the server?
I've always thought that, on the server, session data is always in memory,
unless it gets swapped out by the OS in a low memory situation. But then
again what I know about sessions at this point could be written on a postage
stamp with lipstick.
Vince

**Gordon Burditt** · Apr 17 '07, 02:35 AM

Re: $_SESSION['loggedin'] not working properly

>Losing the session cookie is a major possibility. So also is running

>out of disk space to store session data in.

>

>
>Jan Nordgreen
>

>>
>>

>If I may, how is session data saved to disk? Do you mean at the client end,
>with cookies, or on the server?

Session data never reaches the client. It is saved on the server.
One of the advantages of sessions is that the data never reaches the
client, so the client can't tamper with it.

The default session save handler uses lots of little files, one for
each session. Other handlers can store the info in a database.

Session *cookies* are saved on the client. Any loss of the cookie
screws up the session.

>I've always thought that, on the server, session data is always in memory,
>unless it gets swapped out by the OS in a low memory situation. But then

Don't think that. It's a reasonable interpretation *while a PHP
script is running*. Session data can survive web server (e.g.
Apache) restarts. It might survive server reboots.

>again what I know about sessions at this point could be written on a postage
>stamp with lipstick.

**damezumari** · Apr 17 '07, 05:15 PM

Re: $_SESSION['loggedin'] not working properly

My webhost has this to say in a kb article re this problem:

PHP Sessions do not work as expected

Symptoms:

* Sessions are not saving when transitioning from HTTP to HTTPS
protocols. If a PHP session needs to begin in HTTP and switch to
HTTPS, there will be some issues where the session is not maintained
across that transition.
* General problems with sessions not seeming to be carried across
web requests.
* Sessions in general behave inconsistently. Your script has a
dependancy on writing data to the /tmp directory.

NOTE: [Although this workaround is intended for a few issues we've
noticed in regards to specific cases, this will most likely fix a
large majority of cases where you're having problems with sessions
working properly - if you are having problems with sessions and your
symptoms don't quite exactly fall into the description above, we
suggest you try this workaround anyway.]

Solution:

This can be fixed by configuring a directive inside of a custom
php.ini file to explicitly direct session files to save in a local
directory on your (gs) Grid-Server instead of the default global '/
tmp' folder.

NOTE: If you are not yet using a custom php.ini file on your server,
you may follow this KB article on the process before proceeding with
the steps in this article.

NOTE: It has been reported that PHPMyAdmin does not work once you make
this change. Here is how to use a desktop database tool as a
workaround to this side effect.

The directive that must be placed inside of your php.ini file is:

session.save_pa th = /home/####/data/tmp

Where '####' is your actual site number.

so, for s1234.gridserve r.com, you would use the following:

session.save_pa th = /home/1234/data/tmp

After saving these changes, make sure to navigate to your 'data'
directory and create a folder called 'tmp'. The next session created
will start behaving properly and the problem should no longer occur.

+++

Great! I will have to give up PHPMyAdmin for them to fix the problem!

No way! I rather look for another web host!

By the way, I have tested this a bit further. After visiting from
three to twelve pages I lose the session variable for loggedin. I have
swtiched between the same pages and it happens sooner or later.

Regards,

Jan Nordgreen

$_SESSION['loggedin'] not working properly

$_SESSION['loggedin'] not working properly

Comment

Comment

Comment

Comment

Comment