2

Related: session variable not carrying over

Problem

Any $_SESSION[""] variables are lost when I navigate from a page to another, though I'm using session_start(); before trying to acces them.

It seems that session_start() will automatically start a new session unless a session_name() or a session_id() is passed to it to specify what session to resume.

So, when it's time to show/hide buttons from server-side, the buttons never get shown, though a verified user has previously been authenticated.

I have read in a few articles that state that setcookie() would do the trick.

EDIT

I have to set the cookie manually for session id as stated here:

Can I restore a PHP SESSION by its ID?

Code Samples

login.php

<?php
require_once "logout.php";
require_once "../data/data_access.php";

$sid = session_id();
if (empty($sid)) session_start(); 

$userName = "";
$password = "";

if (isSet($_REQUEST["userName"])) $userName = $_REQUEST["userName"];
if (isSet($_REQUEST["password"])) $password = $_REQUEST["password"];

echo login($userName, $password);

function login($login, $pass) {
    if (isAuthenticUser($userName, $password)) {
        session_regenerate_id(true);
        $_SESSION["authenticated"] = true;
        setcookie("cookie_name", session_id(), time() + 1200);
    } else $_SESSION["authenticated"] = false;

    return $_SESSION["authenticated"];
}

another_file.php

<?php
$sid = session_id();
if (empty($sid)) session_start($_COOKIE["cookie_name"]); // Will this make it?
?>

Does it suffice to retrieve the session id through $_COOKIE["cookie_name"] or shall I do something else in order to be able to carry over my session variables values?

UPDATE

Ater some deeper digging, I see that under normal circumstances, one doesn't need to work with cookies to restore a session, as PHP does it automatically through the PHPSESSID cookie, which I don't have to care about.

However, I'using jQuery $.post() and $.ajax() functions to communicate with the PHP server, so it can't use the URL to GET/POST the SID automatically as it normally would.

Considering this, I managed to find a way to work with cookies manually, so I don't mix things up with session and cookies as mentioned here to another SO user:

PHP Session Not Restoring from Cookies

UPDATE #2

As per the answer I received, I have verified the PHP.ini configuration file to see if the cookies were enabled, etc.

Here it is:

session.save_path = "c:/wamp/tmp"
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly = 
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor = 100
session.gc_maxlifetime = 1440

That's it for the cookies and sessions! And though this configuration shall work flawlessly the majority, it doesn't work. The session_start() function always starts over a new session. The best example is when I go to a section where a session_start() has been called and that I cannot access my $_SESSION["authenticated"].

Community
  • 1
  • 1
Will Marcouiller
  • 23,773
  • 22
  • 96
  • 162
  • `Any $_SESSION[""] variables are lost when I navigate from a page to another` are you really want to solve this issue by code? – Jason OOO Oct 08 '13 at 05:24
  • Actually, that is because I use jQuery to navigate through the different sections of the website. So, the automatic mechanism used by PHP, that is, placing his own session id at first position in the url arguments, doesn't work. So, I'm looking to do something manually. – Will Marcouiller Oct 08 '13 at 14:51

2 Answers2

2

if you want to use Session's you dont need to create Cookie, since its created by php, like you said.

In order to work with session place session_start() in the beginning of every php page.

If you want to change the cookie name created by PHP session, use session_name("CookieName")

//Sample Php Page
<?php
session_name("eNGiT");
session_start();
/*Do your Session Based Stuff Below using $_SESSION variable*/
?>
Engit
  • 158
  • 1
  • 9
  • The fact is that this work great when using standard web pages. However, this mechanism does not work at all when you're using jQuery to post, ajax, or to load content within a simple div within the page itself, so the URL never changes, though you navigate on the website. – Will Marcouiller Oct 08 '13 at 14:49
  • Be sure to use session_start() on the pages that are called using jQuery ajax calls, as the ajax calls made by jQuery automatically binds the cookies in their request. please check this answer http://stackoverflow.com/a/1564496/2858188 Try the ajax with a simple page to debug the problem, and use within the ajax return result print the content using console.log – Engit Oct 08 '13 at 16:46
  • +1 Mentioning manually the name of the cookie which contains the session ID works. Perhaps could you elaborate a little on how to set the cookie and make it work properly for future references? – Will Marcouiller Oct 09 '13 at 15:30
  • Your php.ini session config seems fine. Could you give the sample code you are using ? Since, it seems like you are using session_name() on one page and in the next you aren't calling it before session_start() , these functions work together, meaning that you'd have to call session_name(), if you using it, and then session_start() on every page that does works with the $_SESSION, and about the cookies, you don't need to create them for PHP SESSION. – Engit Oct 10 '13 at 04:19
2

you don`t need to set cookie name when using session. php handles every thing sessions need. php sets cookie with name PHPSESSION and handle session id with cookie. your project should be like this.

login.php

<?php
session_start(); 

require_once "logout.php";
require_once "../data/data_access.php";



$userName = "";
$password = "";

if (isSet($_REQUEST["userName"])) $userName = $_REQUEST["userName"];
if (isSet($_REQUEST["password"])) $password = $_REQUEST["password"];

echo login($userName, $password);

function login($login, $pass) {
    if (isAuthenticUser($userName, $password)) {
        $_SESSION["authenticated"] = true;
    } else $_SESSION["authenticated"] = false;

    return $_SESSION["authenticated"];
}

another_file.php

<?php
session_start();

echo $_SESSION["authenticated"];
?>

But remember you should call session_start() function in begining of file or set session.auto_start = true in php.ini [ php configuration file ]

Mohsen Alizadeh
  • 1,595
  • 12
  • 25
  • This shall work under normal circumstances. However, it doesn't work in my scenario as I use jQuery and jQuery UI to popup dialogs and navigate between the site's section without changing the URL ever! So, it doesn't work. When I come to access $_SESSION["authenticated"], the page says that I try to access an undefined variable, that is, because `session_start()` always starts a new fresh session instead of resuming the one I want. So, in order to be able to resume the session, I need to set session cookies to remember the session identity and to resume this very session, instead of a new one. – Will Marcouiller Oct 08 '13 at 17:14
  • +1 This didn't actually solve my problem, but this in fact works after a clean up of `session_start()` here and there. One of the reason why I never got authenticated is that the `$login` parameter is never used. My bad, since I refactored the code and omitted to change the `$userName` parameter for `$login` in call to `isAuthenticuser()`. Thanks for answering, though! =) – Will Marcouiller Oct 09 '13 at 15:33