CODEWITHSUNDEEP
phpsession
Samir
Samir

Reputation: 419

PHP Session not Saving

I have this written at the very first line on every page of my website. 

include("restd.php");

and restd.php contains the following lines : 

@session_start();
if(isset($_SESSION['id']))
{
}
else
{
  header("location:index.php");
}

The problem i'm facing is that when ever i click or do something on my website. it logs me out and takes me to index.php.

im sure its something to do with the session. ive tried every single thing to avoid this problem but i ahve used restd.php because i dont want anyone to copy the url of someone and paste and get into the website.

anyone who is logged in only can view other's pages. if they arent logged in then they'll be redirected to index.php

EDIT : and guys a confusing thing is that all this is working fine on my testing server which is easyPHP-5.3.8.0 but this problem is coming up when i upload all the files to my server.

Upvotes: 20

Views: 71806

Answers (10)

almcnicoll
almcnicoll

Reputation: 425

Adding this in case it helps others. In my case, I had a writeable session path and was correctly calling session_start() in the right place.

I was trying to store a complex object in the session, and it turns out that it wasn't serializing. The "cannot serialize" error only appeared in logs when I wrote the session manually with session_write_close(), so for a long time I couldn't see that this was the issue.

If one part of the session won't serialize, it seems that the whole session write fails. You may want to put in a session_write_close() after populating the session, and check your logs.

Upvotes: 0

Michael Bolli
Michael Bolli

Reputation: 2149

In my case I forgot that I had the PHP flag session.cookie_secure set to on, while the development environment was not TLS-secured.

More information about Session/Cookie parameters.

Upvotes: 2

Hamid
Hamid

Reputation: 1563

Check maybe your session path does not exist so you can save PHP session path using:

ini_set(' session.save_path','SOME WRITABLE PATH');

Upvotes: 2

Dee Ell
Dee Ell

Reputation: 21

I know this is an old thread, but the following helped me with the same problem after hours of despair. Found on: http://php.net/manual/de/function.session-save-path.php

I made a folder next to the public html folder and placed these lines at the very first point in index.php

Location of session folder:

/domains/account/session

location of index.php

/domains/account/public_html/index.php

What I placed in index.php at line 0:

<?php 
ini_set('session.save_path',realpath(dirname($_SERVER['DOCUMENT_ROOT']) . '/../session'));
session_start();
?>

Hopefully this will save you time.

Upvotes: 1

powtac
powtac

Reputation: 41040

Your session directory (probably /tmp/) is not writable.

Check with session_save_path() if it is writable.

if (!is_writable(session_save_path())) {
    echo 'Session path "'.session_save_path().'" is not writable for PHP!'; 
}

Upvotes: 63

Zyox
Zyox

Reputation: 71

I had the same problem and found a work-around for it. If anybody can explain why the session is not read even when the cookie is there, please let me know.

<?php
//  logged.php
//  The PHP session system will figure out whether to use cookies or URLs to pass the SID

if(!isset($_COOKIE['PHPSESSID']) && !isset($_GET['PHPSESSID']) && authenticationRoutine(/* Returns true if succesfully authenticated */) ) {
    session_id(uniqid("User--"));
    session_start();
    $_SESSION['id']=session_id();
}

?>



<?php
//  Insecure restd.php (The user can forge a stolen SID cookie or URL GET request, but that is inherent with PHP sessions)

if(!isset($_COOKIE['PHPSESSID']) && !isset($_GET['PHPSESSID']) {header('Location: index.php')}

?>

.

[EDIT]

Even though the cookie was there and I prevented starting a new session, the session had not been read and started, so no session variables were available. In this case I check if the session has been started first (not using session_status() because it doesn't exist in PHP 3.5, which for some reason is the most widespread among hosts). If no session has been started within PHP, I check if it had been started before by testing the cookies and GET variables. If a session ID was found, the script resumes the session with that ID. If no ID is available, the user gets redirected to the index.

<?php
//  restd.php
if(empty(session_id())) {
    if(isset($_COOKIE['PHPSESSID']) && !empty($_COOKIE['PHPSESSID'])) {session_id($_COOKIE['PHPSESSID']);}
    elseif(isset($_GET['PHPSESSID']) && !empty($_GET['PHPSESSID'])) {session_id($_GET['PHPSESSID']);}
    else {header('Location: index.php'); exit(0);}
    session_start();
}

Upvotes: 0

David Nguyen
David Nguyen

Reputation: 8528

You still don't even answer where you SET $_SESSION['id']. $pid = $_SESSION['id'] does not set the session variable. session_start() comes before ANYTHING session related, it's not shown before your include.

Upvotes: 0

Sylver
Sylver

Reputation: 8967

Couple things:

  1. your include file doesn't have the <?php ?> tags, so the content will not be evaluated as PHP

  2. Session_start must be called before you start outputting anything. Is that the case?

Upvotes: 0

Zul
Zul

Reputation: 3608

you need declare $_SESSION['id'] :

file1.php

session_start();

$_SESSION['id'] = '123'

file2.php

include 'file1.php'

if(isset($_SESSION['id']))
{

}
else
{
  header("location:index.php");
}

Upvotes: 5

Mathieu Dumoulin
Mathieu Dumoulin

Reputation: 12244

Do you actually set $_SESSION['id'] on a page...

What you are trying to do here is:

  1. Start a session and load the $_SESSION from the session handler
  2. Check if $_SESSION contains key 'id'
  3. Redirect to index.php if $_SESSION['id'] is not set

Do you actually do this in index.php?

session_start();
$_SESSION['id'] = something;

Upvotes: 5

Related Questions