PHP Session Resetting on 2nd Page

Please post a little bit more code, for example your second page. If the problem isn't your subsequent pages, then it is probably your php.ini settings.

I have 3 separate sections where Sessions are used. $_SESSION['userID'] for a user that logs in, $_SESSION['newPwd'] which is used when a user is setting a new password and finally $_SESSION['matchedIDs'] which comes from an XML file based on a search.

In each case the opening 2 lines of the page are:
[php]
<?php session_start() ;
//depending on the page, one of the next 3 lines
$_SESSION['userID'] = "User Not Found";
$_SESSION['newPwd'] = "";
$_SESSION['matchedIDs'] = "No Match Found";
?>
[/php]

Then in the code (last thing before the </head> tag in HTML). (again, depending on the page)
for User ID:
[php]
//snipet $member comes from a master XML file
if ($member->FirstName == $_POST['txtFName'] && $member->LastName == $_POST['txtLName'] && $member->Password == strtoupper($_PO ST['txtPwd']))
{
$_SESSION['userID']=$member->ID;
[/php]

for New Password:
[php]
if (isset($_POST['cmdChange']))
{
$newPwd = $_POST['txtNew'];
$_SESSION['newPwd'] = $newPwd;
}
[/php]

and finally for Matches:
[php]
//again, called from an XML file
function search()
...
//list of matches from user text boxes, matched to XML file
$matchedIDs = $matchedIDs . $member->ID . ", ";
...
return $matchedIDs;

//saved in
$_SESSION['matchedIDs'] = search();
[/php]

Now, all of this saves fine (I've checked with echo statements). However when I go to reference it on the next page, it is back to whatever the original value was (1st code block). This code for these pages is:
[php]
<?php session_start() ; ?> //top of every page

//before the </head> tag - page specific
$member = simplexml_load_ file('/cgi-bin/XML/' . $_SESSION['userID'] . '.xml'); //load XML file for logged in user
$IDs->$pwds->nodeValue = $_SESSION['newPwd']; //change password, update XML
echo $_SESSION['matchedIDs']; //search, temp testing for now
[/php]

Sorry all for the lengthy post and numerous code blocks. But there it is for you. Hope it helps and provides enough info. I'm trying to finish up the project and get it off my plate as soon as I can. Thanks everyone, and thanks to clai83.
- LB

oh yeah, and I am not the server owner so I don't have access to the php.ini file. Please tell me that's not the issue. Lie if you have to ...

I don't see anything wrong with the code you posted that would affect your $_SESSION['user_id'] variable. I would do the following to check to see if the session is being properly stored.

1. echo the $_SESSION['user_id'] in the first and second page.
2. echo the session_id() to make sure that they are the same.
3. If the session id is not the same then for some reason a new session is being created somewhere.
a) Check the directory where session variables are stored (by default this is /tmp but it could be something else if your server has changed the setting). See if a session file with a matching id is stored in there.
4. Check the phpinfo() and check to see the session settings.
a) session.save_ha ndler = files
b) session.use_coo kies = 1
c) session.use_onl y_cookies = 1
d) session.name = PHPSESSID
pay close attention to the PHP session garbage collector
If these settings put a high probability of deleting your session
data, that may be a reason too, why the session data is disappearing though I doubt this but check it anyway. This is my setting.

session.gc_prob ability = 1
session.gc_divi sor = 1000

5. For testing purposes echo out all your globals to see how data is being propagated. might find something useful there.

6. If all else fails try to manually propagate your session in the URL in a test page and see if the session data keeps.

I'm sorry if I'm being abstract on my possible solutions, I just don't see any thing yet in your code that can cause it to reset to " ".

hopefully this is of some help

thanks again. Yeah, I couldn't see anything in the code either that would be causing any of these problems. Hence me coming here. Except that I have only been using PHP full time for about 3 months.

Clarification: If I'm using a session variable, do I need session_start() at the top of EVERY page? When I originally heard this, I assumed that would create a new session each time. Is there not a session_continu e? Or is it not implied (as with ASP) until session_destroy ();

I'll investigate your suggestions. Problem being I will need to contact the server owner. As previously mentioned, I don't have access to the server settings (that I know of). The project was thrown together super quick by the sponsors and they got server space for REAL cheap off someone they knew. Ideally, the server would be my baby and I could control what my php did.

Oh well, c'est la vie. thanks again. I'll e-mail our guy and post back.

^_^ you do need to session_start() on top of every page. You would think that this would restart a new session, but it doesn't. Basically PHP will do all the background work to see if the user has a cookie (if you are using that method) that has a php session id that matches a session that is currently being stored. If there is a match then all your session variables are stored in the $_SESSION super global

hopefully this is the answer

it does help explain why session_start() goes on every page. Still haven't had a chance to look at the solutions above yet. But when I do, as mentioned I'll report back. By the sounds of what you're talking about it could be different session IDs which could suck.

I've also been reading about session_registe r(); what does that do? And how does HTTP_SESSION_VA R something like that differ from $_SESSION (which I've seen around). I'm led to believe HTTP whatever it is more of a legacy coding concept replaced by the $_SESSION global.

Again, sorry for basic questions, I'm VERY new at this. Thanks for all the help.
- LB

Yes HTTP_SESSION_VA RS is deprecated. Same thing though.

session_registe r() is a deprecated way of registering new session variables. Just use $_SESSION superglobal for all your session needs.

1. Make sure you allow cookies on your browser when you are testing your script. If the session cookie is not stored properly on your side then the session_start will always bring up a new session.

2. While you are testing your code check the cookie stored on your computer and make sure that the cookie php session id matches the current session you are working with. Just do a quick echo session_id().

3. Even if you are not the server owner, if your server allows htaccess overrides then you can set your own phpini settings using that. Google 'phpini htaccess' and there are a bunch of pages that will show you how.

4. There is also a ini_set function that you can use to set phpini settings through your script. I'm not completely sure about the scope of this function. You may want to consult php.net manual for more details.

In any case do a small test on your server.

For example

PAGE 1
[PHP]
<?php
session_start() ;
$_SESSION["testvar"] = "testing";
echo session_id()."< br />";
?>

<html>
<head><title>Pa ge 1</title></head>
<body>
<p>
<a href="page2.php " title="Page 2">Page 2 Link</a>
</p>
</body>
</html>
[/PHP]

PAGE 2
[PHP]
<?php
session_start() ;
echo $_SESSION["testvar"]."<br />";
echo session_id()."< br />";
?>
[/PHP]

If there are matching session IDs and if your testvar displays right then there is something wrong with your code or the server PHP settings.

Also, remember to put session_start() at the top of your script (before you start displaying things in HTML) otherwise that may also be a reason why your session vars are disappearing.