Another session problem/question

**Tarantulus** · Jun 4 '08, 07:40 AM

do a

Code:

print_r($_SESSION);

on you admin page, just to make sure that it is actually being set correctly, I can't see anything wrong outright.

**beary** · Jun 4 '08, 08:19 AM

Originally posted by Tarantulus

do a

Code:

print_r($_SESSION);

on you admin page, just to make sure that it is actually being set correctly, I can't see anything wrong outright.

Thanks, but the existing code won't let me into the admin page...

**Tarantulus** · Jun 4 '08, 08:30 AM

Originally posted by beary

Thanks, but the existing code won't let me into the admin page...

are you sure? (given the minimal amount of code you've shown) it looks like your getting bounced from the check page to the admin page and back again...

also, HTTP headers shouldn't really contain relative paths, try the full path in your header command or at least "./admin.php"

**beary** · Jun 4 '08, 08:50 AM

Originally posted by Tarantulus

are you sure? (given the minimal amount of code you've shown) it looks like your getting bounced from the check page to the admin page and back again...

Yeah I'm sure. That's what I said in my initial post: it was getting me to the admin page but then not letting me stay.

Also, I'm not sure what maximal code would be. How much more is needed?

What I can say is the following.

In the check page, if I include

Code:

session_register('$user');

and in the admin page if I include

Code:

if(session_is_registered('$user')

it lets me in just fine. But everything I've read says that session_registe r etc is no longer needed. My php version is 5.2.5.

So I guess this is a "quick fix" but I want to know why it doesn't work the other way...

**Markus** · Jun 4 '08, 01:51 PM

Hey, have a look at this, it might help:

Originally posted by bugs.php.net

[3 Feb 2002 10:32pm UTC] chris at k2labs dot org

This is actually not a bug at all but rather behavior of HTTP.

For PHP to be able to "find" a previously set session variable, it must
be able to identify the client, right? Well, the default method used to
accomplish this is via a cookie set when you initiate the session. Since
it appears you are redirecting the user to the member's only page using
the Location header on the same page the session is initiated, the
PHPSESSID cookie will not be set. Thus, once the user arrives at the
member's only page, PHP won't be able to identify the user. Their
session variable is still there, but PHP won't give it to a stranger.
:)

Basically, in your HTTP reponse that includes the Set-Cookie header, it
needs to be a regular 200 OK response and not a protocol level
redirection. If you absolutely have to have the behavior you're going
for here, you're going to have to use a meta refresh for the
redirection. Yes, it's not as cool, but it's the only way to set a
cookie and redirect the client in the same response. Otherwise, you'll
have to pass the value of the cookie on the URL, which might be a good
option for you actually.

Hope that helps.

The bug

**beary** · Jun 4 '08, 09:55 PM

Originally posted by markusn00b

Hey, have a look at this, it might help:

The bug

Thanks a lot markusn00b, That definitely explains the problem.

Cheers!

**Markus** · Jun 4 '08, 10:12 PM

Originally posted by beary

Thanks a lot markusn00b, That definitely explains the problem.

Cheers!

Welcome, beary!

See you around the forums, dude.

Another session problem/question

Another session problem/question

Comment

Comment

Comment

Comment

Comment

Comment

Comment