Session data not passed to other pages

Question

The problem I am facing is two fold:

I would like to use my session wrapper class as a way to create sessions across multiple pages.
Would like a way to expire the above sessions after a set timeout.

As an example use case, if my site required authentication before accessing a page I would create an instance of my session wrapper, if the user's credentials were valid then I would redirect them to the account page.

// index.php
if (invalidUser) {
   // Show error
} else if(userIsValid($user_email, $user_pass)) {
   $sess = new Session("MySite", 10);
   Utils::redirect("accountPage.php"); 
}

Here is the utility method that redirects to the accounts page:

// utils.php
ob_start(); // Start output buffer
/**
  * Redirects the HTTP header to another location.
  *
  * @param (String) $address the new location to send the browser.
  */
  public static function redirect($address) {
     header("Location: $address");
     exit();
  }

Here is the implementation of the session wrapper class:

// session.php
class Session {        
       /**
         * Default Constructor.
         *
         * @param (String) $name the name of the session, as well as the session cookie name 
         * @param (String) $timeout the amount of time to permit the existence of 
         * this session.
         * -1, indicates that the session should live on indefinetely.
         */
        function __construct($name, $timeout = -1) {
            session_name($name);
            session_start();

            $_SESSION["timeout"] = $timeout;
            $_SESSION["created"] = time();
        }

    /**
     * Determines if the session is still considered "alive" based on its 
     * timeout + creation time.
     * If the session has expired we remove the session effectively "Timing out".
     */
    public static function isExpired() {

        // Default infinite timeout case
        if ($_SESSION["created"] == -1) {
            return false;
        }

        // Evaluate time left on session
        if(($_SESSION["timeout"] + $_SESSION["created"]) <= time()) {
            // Remove Session
            return true; 
        } else {
            // Session has not expired yet
            return false;
        }
    }
}

I would expect data within the $_SESSION global array on this page but its NULL. I have read similar posts but I guess I am missing something with my specific implementation.

// accountsPage.php
 false
print_r($_SESSION); => NULL

I know it partially works because If I do not redirect and then print the $_SESSION global array there is data within it. I know about adding session_start() at the beginning of each page but I would like to alleviate creating additional sessions and cookies.

Any help would be great thanks in advance!

DNX · Accepted Answer

Your Session::isExpired is behaving correctly by returning FALSE because the index of requested $_SESSION is not found and it is not under the same session_name.

Let's say on first page you called new Session('MyWebsite', 10);. In other pages, you need to call MyWebsite session name before starting session and getting $_SESSION values.

Session name will reset to default name for each new request if developer didn't specify which session name need to be recalled. That's why it will return null. I am changing your code a little bit.

function __construct($name, $timeout = -1) {
   session_name($name);
   session_start();

   if(!isset($_SESSION['created'])) {
      $_SESSION["timeout"] = $timeout;
      $_SESSION["created"] = time();
   }
}

public function isExpired() {
   /* your code here */
}

I am taking of the static from isExpired(), static didn't call class contructor. Example for your second page

isExpired();
print_r($_SESSION);

Session data not passed to other pages

Answers (2)

Related Questions