Re: session_id() is not passed to the next page

Al <news@xxxxxxxxxxxxx> · Tue, 04 Jan 2011 14:27:12 -0500

On 1/3/2011 11:46 PM, Michelle Konzack wrote:
Hello,

I am rewriting currently a login script and I encountered a problem with
sessions.  While reading the two pages

     <http://php.net/manual/de/function.session-start.php>
     <http://bugs.php.net/bug.php?id=14636>

I have not found a solution for my problem:

----8<------------------------------------------------------------------
function fncLogin($user, $pass, $redirect, $type='pam') {

   if ($user != '' and $pass != '') {

     $TEXT  = "<FONT size=\"+2\" color=\"red\"><B>Error</B></FONT><br />\n";
     $TEXT .= "<HR size=\"3\" noshade=\"noshade\">\n";
     $TEXT .= "The username does not exist or the password is wrong.<p />\n";
     $TEXT .= "<p />\n";
     $TEXT .= "Please go<a href=\"" . $_SERVER['HTTP_REFERER'] . "\">back</a>  and try it again.\n";

     if ($type == 'pam') {

       if (pam_auth($user, $pass,&$PAM_ERR) === FALSE) {
         fncError('2', $TEXT, $errpage='false');
         exit();
       }

     } elseif ($type == 'shadow') {

       $shadow_file = DIR_HOST . "/.shadow";
       if (is_file($shadow_file)) {

         $SHADOW = exec("grep \"^" . $user . ":\" " . DIR_HOST . "/.shadow |cut -d: -f2");
         if (empty($SHADOW)) {
         }

         $SALT=exec("grep \"^$user:\" " . DIR_HOST . "/.shadow |cut -d: -f2 |cut -d$ -f1-3");
         $ENCRYPTED=crypt($pass, $SALT);
         if ($SHADOW != $ENCRYPTED) {
           fncError('2', $TEXT, $errpage='false');
           exit();
         }

       } else {
         $TEXT  = "<FONT size=\"+2\" color=\"red\"><B>Error</B></FONT><br />\n";
         $TEXT .= "<HR size=\"3\" noshade=\"noshade\">\n";
         $TEXT .= "This is a system error. I can not authenticate du to a missing config.\n";
         $TEXT .= "<p />\n";
         $TEXT .= "Please inform the<a href=\"" . SYSAMIN . "\">sysadmin</a>  and try it later again.\n";
         fncError('1', $TEXT, $errpage='false');
         exit();
       }
     }

     session_register('sess_user');
     session_register('sess_timeout');
     $sess_user    = $user;
     $sess_timeout = time() + 900;
     session_write_close();
     header("Location: " . $redirect);
   }
   exit();
}
----8<------------------------------------------------------------------

which call the following page correctly, but the two vars $sess_user and
$sess_timeout are empty.

Can someone please tell me how to do this?

Thanks, Greetings and nice Day/Evening
     Michelle Konzack

Firefox has a great add-on that lets you see the server/client handshaking 
headers httpFox e.g., Cookie:   PHPSESSID=fc310ca5f2c708988bf456f691cc58c2

Thus you can easily see if PHPSESSID is set and returned to the server.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php