Hello and welcome to our community! Is this your first visit?
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3

Thread: Session Woes

  1. #1
    Regular Coder
    Join Date
    Jun 2007
    Los Angeles
    Thanked 5 Times in 5 Posts

    Session Woes

    I'm using sessions in my PHP web app. When someone logs into my system, I store their username in a session var.

    I have one person who when logging in, seems to lose the session data held in that $_SESSION["php_username"] var. Further debugging reveals that her browser is not holding any session vars.

    Everyone is accessing the same php code. Why would almost everyone else be able to login and use my site and this person can't login because she is losing all of the session var data? I'm puzzled.

    Thanks for any help...
    Business Text Messaging Services

  • #2
    Senior Coder
    Join Date
    Jun 2008
    New Jersey
    Thanked 259 Times in 256 Posts
    It'll be because their local security settings are wiping the session/cookies (like Firefox and other modern browsers do on closing if you want them to). If they're the only person this happens to, its a userside issue.

    That being said, if their system seems to store cookies ok (though if its losing sessions...), one thing you can do is store the data as a cookie and session, and revalidate both each page (more queries, but greater security IMO, though someone else might know why its not a good idea).

  • #3
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Saskatoon, Saskatchewan
    Thanked 2,662 Times in 2,631 Posts
    This is something we generally have to choose how to handle as well. For any non-secure site, I'd recommend allowing cookies to be disabled.
    Using the SID constant, you can make the determination if their browser is rejecting cookies. This cannot accomodate loss of cookies of course, only inability to set them.
    To use this, you need to apply SID to all your links like so:
    PHP Code:
    $sURL 'http://somelocation.com/somepage.php';
    if (!empty(
    $sURL .= '?' SID;

    As you can see, this becomes a little on the complex side when regarding current flat URL's with already existing querystrings. This can be handled by using parse_url and http_build_query instead.

    Alternatively, you can pull the lazy route (which if I use the builtin session I usually do >.<), and enable your session.use_trans_sid. This is an ini_all directive, so you can simply add it to the top of your page:
    PHP Code:
    // do some stuffs.
    echo '<a href="index.php">Home</a>';

    // Result:
    <a href="index.php?PHPSESSID=754d3b148df7a597947f5556cbe06628">Home</a>
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 
    Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)


    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts