Can someone tell me why the session vars are not passing between pages? They were working up to 2 days ago. Now its not? There is a third party system that logs users in based on the third party system. I direct users to the login page with the return url. The third party system logs a user in and passes their id and a token generated on their end and returns them to my site with the id and the token in the url.
If sessions are not set i try and grab the id and the token from the url and set the sessions. (working) I then generate my own token to validate against the token passed from the third party system (working) when i go to click to another page the sessions i set are not empty (????)
Here is my code:
<?php session_start(); // FUNCTION TO PASS THE URL THE USER IS ON SO THEY COME // BACk TO THIS PAGE AFTER THE LOG IN. IF APPLICABLE function curPageURL() { $pageURL = 'http'; if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";} $pageURL .= "://"; if ($_SERVER["SERVER_PORT"] != "80") { $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"]; } else { $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"]; } return $pageURL; } // DESTROY SESSION INFO IF TIMED OUT if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800)) { session_destroy(); // destroy session data in storage session_unset(); // unset $_SESSION variable for the runtime } // SET THE SESSIONS WITH INFO PASSED FROM // LOGIN PAGE SENT AS A GET if(isset($_SESSION['ID']) && isset($_SESSION['token'])) {}else{ $_SESSION['ID'] = $_GET['ID']; $_SESSION['token'] = $_GET['token']; } // GENERATE MY TOKEN TO MATCH THE LOGIN SYSTEM TOKEN $userIP = $_SERVER['REMOTE_ADDR']; $secretkey = 'A Unique Key For The Logged In User Matching the Login System Passed From mydomain.com/login.php'; $algorithm = 'md5'; $mm = date('m'); $dd = date('d'); $mmdd = $mm.$dd; $mytoken = strtoupper(hash($algorithm, $secretkey.$_SESSION['ID'].$userIP.$mmdd)); $_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp // THIS IS WHERE THINGS ARE GOING WRONG // SESSION token IS NO LONG SET AFTER I Go To another page // and my token isnt the same any more either because session ID // is no longer set??? if($_SESSION['token']==$mytoken){}else{ header("location: https://mydomain.com/login.php?returnURL=".curPageURL()); } ?>
ok this is messed up. It has to be a problem on the hosting providers PHP setup i think because i created two pages. one called info with this code:
<? session_start(); $_SESSION['ID'] = "112233"; $_SESSION['token'] = "mytoken"; print $_SESSION['ID']; print $_SESSION['token']; ?> <a href="info2.php">info 2</a>
and one called info2 with this code:
<? session_start(); print $_SESSION['ID']; print $_SESSION['token']; ?> <a href="info.php">info</a>
info created and printed the session ok. when i click the link to go to info2 the sessions dont print. Is this a hosting config problem?
By default, session variables last until the user closes the browser. So; Session variables hold information about one single user, and are available to all pages in one application. Tip: If you need a permanent storage, you may want to store the data in a database.
The default value of 0 means to end the session when the browser closes. You can override this value either directly in php. ini or set it in your application prior to starting the session using ini_set. Setting it to something greater than 0 will cause the session to live for that duration.
It must be on every page you intend to use. The variables contained in the session—such as username and favorite color—are set with $_SESSION, a global variable. In this example, the session_start function is positioned after a non-printing comment but before any HTML.
Session variables are stored in associative array called $_SESSION[]. These variables can be accessed during lifetime of a session. The following example starts a session then register a variable called counter that is incremented each time the page is visited during the session.
As already mentioned, ensure you're calling session_start()
on each page.
Additionally, are the scripts on different subdomains?? If they are you should set the INI value session.cookie_domain
to .DOMAIN.EXT
.
To further debug this whole situation, do some simple cookie watching. See if PHPSESSID
is present as a cookie on both page requests, if it's not then this is your problem. You can't store cookies cross-domain unless you reconstruct them.
In response to your update, try doing this underneath your call to session_start()
:
echo session_id();
Confirm that it's the same on both pages. If not, check the value of session.cookie_domain
like this:
echo ini_get('session.cookie_domain');
Is that set to anything? By default it should be blank, if it's set, especially not to your domain, this is the problem.
You can also try debugging the cookie value of PHPSESSID
like I first suggested.
Check List
1. Make sure that you have used session_start(); in the next page.
2. Are you using .htaccess file?
if so remove the .htaccess file and check the same.
some time rewrite rules cause session probs...
3. If session is working fine and you have trouble only with token, then check the token sent in url is url_encoded.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With