CODEWITHSUNDEEP
phpmysqlsessionhttp-postsession-variables
Alex
Alex

Reputation: 7688

Can't get php to set sessions

I just can't get to set sessions in php, and I can't find the reason why.

Hope you can give me a clue, on where I might be doing something wrong!

index.php

<?php
    // Inialize session
    session_start();

    include_once("commons/config.php");
    $authenticated = checkLoggedIn("yes", FALSE);
    //flushMemberSession();

    var_dump($authenticated);

    echo "<pre>";
    var_dump($_SESSION);
    echo "</pre>";
?>
... followed by html and some php ifs

jquery ajax call WHICH RETURNS TRUE or FALSE, as it should, from checkPass() inside actions.php

$('#login').click(function(){
    var data = $('#login-form').serialize();
    $.post('commons/actions.php', data, function(result){
        if(result == true){
            console.log(result);
            //location.reload();
        }else{
            console.log('not authenthicated');
        }
    },'json');
    return false;
});

actions.php

session_start();
if (!$_SERVER['SERVER_ADDR'] == $_SERVER['REMOTE_ADDR']){
    header('HTTP/1.0 400 Unauthorized', true, 400);
    exit;
} else {

    include('config.php');

    $user = mysql_real_escape_string(stripslashes($_POST['username']));
    $pass = mysql_real_escape_string(stripslashes($_POST['password']));

    $response = checkPass($user, $pass); // false or

    $debug = array('user'=>$user, 'pass'=>$pass, 'response'=>$response);

    print_r(json_encode($response));

}

functions:

function checkLoggedIn($status, $redirect=TRUE){
    switch($status){
        case "yes":
            if(!isset($_SESSION["loggedIn"])){
                if($redirect) {
                    header("Location: login.php");
                    exit;
                } else {
                    $authenticated = false;
                    return $authenticated;
                }
            } else {
                checkLoggedIn("no");
            }
        break;
        case "no":
            if(isset($_SESSION["loggedIn"]) && $_SESSION["loggedIn"] === true ){
                //header("Location: members.php");
                $authenticated = true;
                return $authenticated;
            }
        break;
    }   
    return true;
}

function checkPass($username, $password) {
    $query="SELECT username, password FROM users WHERE username='$username' and password='$password'";
    $result=mysql_query($query, $link) or die("checkPass fatal error: ".mysql_error());

// Check exactly one row is found:
if(mysql_num_rows($result)==1) {
    cleanMemberSession($username);
    return true;
    /*$row=mysql_fetch_array($result);
    return $row;*/
}
//Bad username:
return false;
}

function cleanMemberSession($username) {
session_regenerate_id();
$_SESSION["username"]=$username;
$_SESSION["loggedIn"]=true;
session_write_close();
}

UPDATE

AJAX Headers

Response Headers
Connection  Keep-Alive
Content-Length  4
Content-Type    text/html
Date    Sun, 27 May 2012 19:36:54 GMT
Keep-Alive  timeout=5, max=100
Server  Apache/2.2.21 (Win32) mod_ssl/2.2.21 OpenSSL/1.0.0e PHP/5.3.8 mod_perl/2.0.4 Perl/v5.10.1
X-Powered-By    PHP/5.3.8
Request Headers
Accept  application/json, text/javascript, */*; q=0.01
Accept-Encoding gzip, deflate
Accept-Language en-us,en;q=0.5
Connection  keep-alive
Content-Length  31
Content-Type    application/x-www-form-urlencoded; charset=UTF-8
Cookie  PHPSESSID=qhbjq76f4np7iug09jrnl4j5j1
Host    localhost
Referer http://localhost/tw/Tevienes/web/
User-Agent  Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0
X-Requested-With    XMLHttpRequest

UPDATE2

BTW, the response to var_dump($_SESSION); is array(0) { }

UPDATE3

I just added $_SESSION['test'] = 'alex'; after session_start(); in index.php, and the session variable has been set... so It must be something with the function setting the variables... or who know what else

Upvotes: 0

Views: 635

Answers (2)

sivann
sivann

Reputation: 2131

Put session_start() in all called .php files, also the ones called from ajax. Also at the start of actions.php put parentheses on the comparisons. ! operator has higher precedence than < or >.

change

 if (!$_SERVER['SERVER_ADDR'] == $_SERVER['REMOTE_ADDR']){

to 

 if (!($_SERVER['SERVER_ADDR'] == $_SERVER['REMOTE_ADDR'])){

Upvotes: 2

Phil
Phil

Reputation: 851

Long shot and silly, but check that the date and time is set correctly on both the server and client. If either is set in the incorrectly, the session cookie will/might not get set.

Upvotes: 0

Related Questions