A Session Problem - Session Ends?

[Strangeplant]

Ok, I'm having the same problem, only now I know it's with sessions. This is what's happening, and I don't know the background mechanics of sessions/cookies to try a fix:

1. I'm at the main page and click a first link (long URL) to a first protected page in directory A.
2. I haven't logged in for a day, so the cookie has expired.
3. It takes me immediately to the login page, where I login. This is the only place where session_start(); is called.
4. The first protected page in directory A displays, and all is OK.
5. I use the browser back button to take me to the main page again.
6. Just to test to see if I'm really logged in, I click on the first link again, and the first protected page in directory A appears. Ah, fine, just like it's supposed to!
7. I use the back button again, and return to the main page.
8. Then click on a second link (long URL) to a second protected page in directory B.
9. The login page appears again, but it shouldn't have because I'm logged in, right?
10. I login again because I have no other choice, and the screen is blank, presumably because of an expected MySQL error in matching session data in the cookie to the password database. (see below.) So, somehow, I think the session has changed. How? Why? How do I keep it from changing?
11. I close the browser completely.
12. I open the browser again and go to the main page.
13. From here, I can click on both the first and second links and the protected page(s) display because the cookie is still set and I'm implicitly logged in, which is ok by me at this point, but totally unexpected because of the previous problem. Why is the session data OK now?

Something is going on with sessions that I don't understand. Using php 4.4.2

The blank screen is, I think, because of the 'or die()', at the top of each protected page. The blank screen URL is that of the protected page and not the login page, so after the second login, redirect is going to the right place:

Code:

function _check_auth($cookie)
{
  $user = array();
  $session = $cookie['SESSION'];

  $q = mysql_query(" SELECT user_id, user_name FROM sessions WHERE session = '".$session."' ")
    or die(mysql_error());
  if(mysql_num_rows($q) == 0)
    header("Location: login.php");
  else {
    $r = mysql_fetch_array($q);
    $user['user_id']   = $r['user_id'];
    $user['user_name'] = $r['user_name'];
  }
  return $user;
}

I'm totally frustrated because searching the web, I see that many people seem to have problems with cookies/sessions; I don't have anyone to talk to about this; the few others I know that use php listen and then abruptly change the subject to either the World Cup or Mets games. If you know what's going on, please, please give me some assistance. Thank you for reading all this.

[Twey]

3. It takes me immediately to the login page, where I login. This is the only place where session_start(); is called.

session_start() needs to be called on every page on which sessions are used.

[Strangeplant]

I had done that and it didn't seem to make any difference, and I had seen comments on searching the web that this should be done. And, then I also found comments that duplicates are ignored if the session is already started. I also read that it must be in the first line without even a blank line above it too.

Anyway, I will put them back, retest and post back.

BTW, the main page is html.

[Twey]

And, then I also found comments that duplicates are ignored if the session is already started.

Yes, but the session is stopped with each new request.

[Strangeplant]

OK, having added session_start(); to the top of both pages (one page in each directory), the same thing happens. I can log in one place and get to the protected page, but when I go to the second page, I need to login again, with a blank screen as a result.

If I back tab to the main page, then I can get to both pages correctly without needing to login to either of them - it knows that I'm logged in on the second time I enter the page. (But not the second page the first time.)

I didn't put the session_start(); in the included code, but it's on the first line of the page the code is included into.

Problem is still the same. Is something not being written or set in the db until I reenter? Is there a db pointer problem/issue? Does something not happen during a redirect that does happen with a hard link?

[Strangeplant]

If that's true that the session is stopped with a new session_start();, then since I have to have session_start(); in multiple places, I need to test to see if its started before I start it in error at every occurrance. So, could I say this on the first line of the protected page:

Code:

if(!isset($_SESSION['id'] && !isset['name'])
{
session_start();
}
include_once("inc/auth.inc.php"); 
$user = _check_auth($_COOKIE);

[Strangeplant]

It's acting as though there are TWO sessions, one for each directory. Is using the full path including 'http://' the problem?

[Strangeplant]

Ok, I just found something really important out, but I don't know what it means.

If I DON'T use the browser back button, but instead use the back liinks to go to the main page, then when I goto the second link, everything works fine. That is if I have no session_start(); on the linked pages. And the back button takes two presses to get back to the main page, not one, so something bad is happening during the backward flow of pages.......and messes the sessions up. How or why I don't have a clue.....

Now, how do I get around this one?

[Twey]

Code:

if(!isset($_SESSION['id'] && !isset['name'])

You mean

Code:

if(!isset($_SESSION['id']) && !isset($_SESSION['name']))

It's acting as though there are TWO sessions, one for each directory. Is using the full path including 'http://' the problem?

The thing to do would really be to test it using local paths rather than asking me, don't you think? I don't think that's the problem, but by all means check.

[Strangeplant]

The back button from the first linked page takes you back through the login page but shows the same protected linked page until on the second back button, the main page comes up. Something must be reset wrong during these events (possibly the session_start(); and maybe the $_POST(). The login.php script is this:

Code:

<?php
session_start();
include_once("inc/auth.inc.php");
_already_logged($_COOKIE);

if(isset($_POST['submit']))
{
  $user_data = _check_database(fm($_POST['user']),fm($_POST['pass']));
  if($user_data == 0) login_page();
  else _set_cookie($user_data,fm($_POST['rem']),session_id(),fm($_POST['user']));
} else
  login_page();
?>

So, will this code get around the back button problem?

Code:

if(!isset($_SESSION['id']) && !isset($_SESSION['name']))
{
	session_start();
	$_SESSION['name'] = 'CCNY';
	$_SESSION['id'] = session_id();
}