Starting Session Problem

CoryMathews · 10-15-2008, 03:12 PM

Im having a small problem with a login script. When a user logs in the session is not stored, however if they log in again their session is started. I do not understand why, it is not every single time but almost every time.

On my login page it works something like this after the user hits the submit button.

PHP Code:


			
session_start();

...

//query to check user

...

$hour = time() + 3600; 

setcookie(iSearchNotes, $UserName, $hour); 

setcookie(iSearchNotes, $pass, $hour);



$_SESSION["UserName"] = $UserName;

$_SESSION["UserId"] = $uID;

//forward to main page.

then on the rest of the pages it will look like

PHP Code:


			
session_start();

...

if(isset($_SESSION['UserName']) and $_SESSION['UserName'] != '' and isset($_SESSION['UserId'])) {

echo 'Welcome '.$_SESSION['UserName'].'- <a href="user_logout.php">Log out</a>';

..

This check almost always fails on the first login. Anyone see why this is? Also you can try it out at iSearchNotes.com - Make Your Notes Searchable

Wildhoney · 10-15-2008, 10:44 PM

I'm not sure where the problem exists within that code. Perhaps there is a flaw in your logic somewhere. Take a peak at the simple session code I have written for you. See if that helps you.

CoryMathews · 10-15-2008, 11:26 PM

Thanks, I will take a look at that in the morning and see what I can figure out from it.

CoryMathews · 10-27-2008, 11:30 PM

Well I finally figured it out.

The problem came down to a www and no www problem. Not a problem with my sessions.

It would work if the user came in to the page with www in front of the url because my form was forwarding to the homepage with a www. however someone without www on the url would log in and then be forwarded to a www and they would no longer be logged in unless they took the www back off.

One hell of an annoying bug, that I finally figured out on accident. Just thought I would let others know if they are having the same problems as well.

Wildhoney · 10-27-2008, 11:45 PM

Thanks. Isn't that down to the cookie path though? You set the path that is valid for the cookie in the fourth argument in setcookie. Alternatively, however, you could simply forward all www to non-www, and vice versa. That's the best way, I would say, because it's also better for SEO.

CoryMathews · 10-27-2008, 11:48 PM

Ye gonna have to take a look at doing that, that is with the .htaccess correct?

Wildhoney · 10-28-2008, 01:19 AM

Yes, that's the one.

Code:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^talkphp.com
RewriteRule (.*) http://www.talkphp.com/$1 [R=301,L]