Huge Session Problem

Killswitch · 11-17-2008, 12:12 AM

I've got a huge session problem that has me absolutely stumped ( though I'm sure the problem is the stupidest of mistakes, thats usually how PHP works ).

I am building a frontend login for my users ( no users yet, testing locally ). The login form shows up in a lightbox, user submits form. Typical.

Now, I am having a problem keeping the session data. My main index pretty much runs everything. I split the url and check certain parameters and decide where the user wants to go from there.

First, I use $user = $core->loadUser() to load an object with users information. If the user doesnt have a session or certain session criteria, then null values are returned. Not the problem.

Next, I check if the user has info in the object. If they dont have info, I check if the login has been submitted. If not, I run my login function.

I actually test the login function for true/false, and print a message depending. If true, the function sets session information...

Code:

// Set some session information
session_name( sha1( $row->username . $row->usertype ) );
session_id( sha1( uniqid( microtime() . $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] ) ) );
session_start();
$_SESSION['userid']= intval( $row->id );
$_SESSION['gid'] = intval( $row->gid );
$_SESSION['usertype'] = strval( htmlspecialchars( $row->usertype ) );
$_SESSION['username'] = strval( htmlspecialchars( $row->username ) );
$_SESSION['name'] = strval( htmlspecialchars( $row->name ) );
return true;

If I login and it accepts, I have my session info printed for testing, and it shows correctly. However, if I navigate to another page on my site, the session info is lost.

Now, I think I have a problem with how I have tried to assign $user first before the login. Either way, I have never ran into this problem before.

I've checked my session save folder, and the sessions surely exist. Nothing is output before calling the login or assigning user data.

One thing that I think is in question that MAY be messing with things, is that further down in the index, I wrap whats to be loaded in a buffer. I get the buffer contents, which are printed in the main template file ( kinda like how Joomla operates ). The index is included after the buffer bit.

Here is the index code for gathering the login, user info...

Code:

// Load user object
$user = $core->loadUser();

// Check if user has value
if( !$user->id ) {
  // Check if trying to login
  if( isset( $_POST['login'] ) ) {
    if( !$core->login() ) {
      echo '<div id="login">' .$core->loginError. '</div>';
    }
  }
}

I think the $user = $core->loadUser() should come after checking if there is a value, because checking for the value is only good for checking if the user is trying to login. Maybe I'm wrong ( but that statement can be broken down a bit, if( !$user->id && isset( $_POST['login yada yada ).

Anyways, the rest with the buffer I spoke of just tests certain conditions to determine what to load, as I mentioned. I split the URL on $_GET['category']. It uses other core functions to load content based upon the values that exist in the URL from there.

Hopefully I can find some help, this is making me go bald.

Thanks guys ( and girls ).

Killswitch · 11-17-2008, 02:36 AM

Little update. I've gotten it working with some changes. I put session_start() at the top of the index. I also added the login and loadUser code directly in the index ( I can probably change back now ).

Seems the problem was in either ...

Code:

session_name( sha1( $_SERVER['HTTP_USER_AGENT'] . $_SERVER['REMOTE_ADDR'] ) );
session_id( sha1( uniqid( microtime() . $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] ) ) );

Maybe this could be due to me being on localhost? If I'm wrong about that, does anyone have a recommendation as to what I can set these to?

This is all just a basic setup. I want to eventually work with adding the info to database, as well as with cookies ( just found WildHoney's tutorial about sessions on Pixel2Life, great read ).