Re: Validation and session variables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



--- Stuart Felenstein <stuart4m@xxxxxxxxx> wrote:
> Thank Chris , but met with same behaviour.

Well, it was certainly a problem, so at least it's one less thing to worry
about. :-)

> 2 Questions:
> 1- Should I drop the $url line ? I tried both ways ,
> no change though.

It doesn't matter. Your method was fine, but $url needs to be an absolute
one (http://example.org/path/to/script.php).

> 2- Do I still need to call the SID ?

This was a separate suggestion given by someone else, the idea being that
perhaps the browser is not sending the cookie. This is a good suggestion,
because most of these lost session problems are a result of the browser
not identifying itself (by sending the session identifier by some means).
The causes of this problem range, but this is the first thing to check.

On each page, it might be good to add some debugging information near the
top (where session_start() is):

<?php
session_start();
echo '<pre>' . htmlentities(print_r($_COOKIE, true)) . '</pre>';
echo '<pre>' . htmlentities(print_r($_GET, true)) . '</pre>';
echo session_id();
...

What you may notice is a lack of a session identifier in the $_COOKIE
superglobal or $_GET superglobal and/or the session identifier (from the
session_id() call) changing for every page.

Chris

=====
Chris Shiflett - http://shiflett.org/

PHP Security - O'Reilly     HTTP Developer's Handbook - Sams
Coming December 2004        http://httphandbook.org/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux