Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Session variables are not persisting between page loads

Tags:

Can someone tell me why the session vars are not passing between pages? They were working up to 2 days ago. Now its not? There is a third party system that logs users in based on the third party system. I direct users to the login page with the return url. The third party system logs a user in and passes their id and a token generated on their end and returns them to my site with the id and the token in the url.

If sessions are not set i try and grab the id and the token from the url and set the sessions. (working) I then generate my own token to validate against the token passed from the third party system (working) when i go to click to another page the sessions i set are not empty (????)

Here is my code:

    <?php     session_start();      // FUNCTION TO PASS THE URL THE USER IS ON SO THEY COME      // BACk TO THIS PAGE AFTER THE LOG IN. IF APPLICABLE     function curPageURL() {     $pageURL = 'http';     if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}     $pageURL .= "://";     if ($_SERVER["SERVER_PORT"] != "80") {     $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];     } else {     $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];     }     return $pageURL;     }      // DESTROY SESSION INFO IF TIMED OUT     if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800)) {     session_destroy();   // destroy session data in storage     session_unset();     // unset $_SESSION variable for the runtime     }      // SET THE SESSIONS WITH INFO PASSED FROM     // LOGIN PAGE SENT AS A GET     if(isset($_SESSION['ID']) && isset($_SESSION['token'])) {}else{     $_SESSION['ID'] = $_GET['ID'];     $_SESSION['token'] = $_GET['token'];     }      // GENERATE MY TOKEN TO MATCH THE LOGIN SYSTEM TOKEN     $userIP = $_SERVER['REMOTE_ADDR'];     $secretkey = 'A Unique Key For The Logged In User Matching the Login System Passed From mydomain.com/login.php';     $algorithm = 'md5';     $mm = date('m');     $dd = date('d');     $mmdd = $mm.$dd;     $mytoken = strtoupper(hash($algorithm, $secretkey.$_SESSION['ID'].$userIP.$mmdd));       $_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp     // THIS IS WHERE THINGS ARE GOING WRONG // SESSION token IS NO LONG SET AFTER I Go To another page // and my token isnt the same any more either because session ID // is no longer set???     if($_SESSION['token']==$mytoken){}else{     header("location: https://mydomain.com/login.php?returnURL=".curPageURL());     }     ?> 

ok this is messed up. It has to be a problem on the hosting providers PHP setup i think because i created two pages. one called info with this code:

<? session_start();  $_SESSION['ID'] = "112233"; $_SESSION['token'] = "mytoken";  print $_SESSION['ID']; print $_SESSION['token']; ?> <a href="info2.php">info 2</a> 

and one called info2 with this code:

<? session_start();  print $_SESSION['ID']; print $_SESSION['token']; ?> <a href="info.php">info</a> 

info created and printed the session ok. when i click the link to go to info2 the sessions dont print. Is this a hosting config problem?

like image 679
user520300 Avatar asked Jun 01 '11 11:06

user520300


People also ask

How long do session variables last?

By default, session variables last until the user closes the browser. So; Session variables hold information about one single user, and are available to all pages in one application. Tip: If you need a permanent storage, you may want to store the data in a database.

Is PHP sessions are persistent by default?

The default value of 0 means to end the session when the browser closes. You can override this value either directly in php. ini or set it in your application prior to starting the session using ini_set. Setting it to something greater than 0 will cause the session to live for that duration.

Do you need to start session on every page?

It must be on every page you intend to use. The variables contained in the session—such as username and favorite color—are set with $_SESSION, a global variable. In this example, the session_start function is positioned after a non-printing comment but before any HTML.

How do you store a variable in a session?

Session variables are stored in associative array called $_SESSION[]. These variables can be accessed during lifetime of a session. The following example starts a session then register a variable called counter that is incremented each time the page is visited during the session.


2 Answers

As already mentioned, ensure you're calling session_start() on each page.

Additionally, are the scripts on different subdomains?? If they are you should set the INI value session.cookie_domain to .DOMAIN.EXT.

To further debug this whole situation, do some simple cookie watching. See if PHPSESSID is present as a cookie on both page requests, if it's not then this is your problem. You can't store cookies cross-domain unless you reconstruct them.


In response to your update, try doing this underneath your call to session_start():

echo session_id(); 

Confirm that it's the same on both pages. If not, check the value of session.cookie_domain like this:

echo ini_get('session.cookie_domain'); 

Is that set to anything? By default it should be blank, if it's set, especially not to your domain, this is the problem.

You can also try debugging the cookie value of PHPSESSID like I first suggested.

like image 148
Rudi Visser Avatar answered Sep 19 '22 10:09

Rudi Visser


Check List
1. Make sure that you have used session_start(); in the next page.

2. Are you using .htaccess file?
    if so remove the .htaccess file and check the same.
    some time rewrite rules cause session probs...

3. If session is working fine and you have trouble only with token, then check the token sent in url is url_encoded.

like image 35
Jagadeesan Avatar answered Sep 20 '22 10:09

Jagadeesan