2

I've had this twice now. Out of the blue, my log-in system stops working, and by debugging I find out the $_SESSION variable does not survive the log-in process. Then, without an obvious cause, it resumes working. Here's the flow:

  1. User logs in at index.html, form submits to login.php;
  2. login.php does basic sanity, isset and empty checks, then checks the credentials with the database. If the email address and password are correct (i.e., exist in the database) put them in the $_SESSION variable and redirect user to home.php.
  3. home.php retrieves the $_SESSION variables. Here it fails.

The second time (a few minutes ago) I read more about it and found a forum thread I hadn't read the previous time it happened (I stopped reading about it when session variables worked again) which said you need to have <?php instead of <? before session_start();. I tried it, not expecting it to work, but when I logged in, directly after changing that (and that was the only thing I changed AFAIK) it worked. Cause found? Let's check after changing <?php back to <?. It still works. What can be the cause of this and how can I prevent it (or, if it can't be prevented, detect what's going on)?

Edit:

Something interesting: I've got a small utility function to check if the user is logged in:

function assertUserLogin() {
        try {
            $user = new User($_SESSION['email'], $_SESSION['pwd']);
        } catch(Exception $ex){
            writeToLog("Exception: " . $ex->getMessage());
            header("Location: http://www.korilu.nl/maurits/anw?requested:" . $_SERVER["REQUEST_URI"]);
        }
        writeToLog($user->email . " logged in\n");
        
        return $user;
    }

So I can just do this:

<?
    session_start();
    $user = assertUserLogin();
?>

On every page the user needs to be logged in. The interesting thing here is, that if it fails (as described above), it calls my function writeToLog() (log() is already taken by the PHP standard library):

function writeToLog($string) {
        $log = fopen("log.txt", "w");
        fwrite($log, $string);
        fclose($log);
    }

which is pretty simple. But the log remains empty. (I am sure the function writeToLog() gets called, because I get redirected to http://www.korilu.nl/maurits/anw?requested:/maurits/anw/home.php. The assertUserLogin() function is the only place that does that.)

Community
  • 1
  • 1
11684
  • 7,356
  • 12
  • 48
  • 71
  • If you provide your code snippet, it could be easy to understand your issue. – Javad Shareef May 09 '13 at 13:45
  • Your browser might be causing this issue, like may be it is losing cookie to track your session. Some anti-virus or some thing may causing this issue. Well a quick test is to try same site on other systems also try on some other network as well. – PHP Avenger May 10 '13 at 13:52

2 Answers2

0

Try session_write_close(); at all places where the script ends like exit; die(); and page end.

Adder
  • 5,708
  • 1
  • 28
  • 56
  • Thanks for the answer. I'm trying now. Why is this? – 11684 May 10 '13 at 13:22
  • I just read them. Alass, it didn't work. `header("Set-Cookie: PHPSESSID=" . session_id() . "; path=/");` did neither. – 11684 May 10 '13 at 13:27
  • Do you call `session_write_close();` before the header() is being sent? – Adder May 10 '13 at 13:30
  • Ah, sorry, I didn't know I had to do it in that order. – 11684 May 10 '13 at 13:32
  • Out of ideas .. check in browser that the cookie is being set and check the expiry date. – Adder May 10 '13 at 13:39
  • I removed all cookies and used this. Now it works. Perhaps this is only temporary, as has happened before, but you're answer was the most helpful. But if the problem reappears, I'll remove the checkmark again . – 11684 May 10 '13 at 13:49
0

I found out it is a browser-specific issue. It was caused by Google Chrome, I think, because it vanishes as soon as I use mobile Safari or Mozilla Firefox to test the Sessions. Although in the advanced settings I could see the PHPSESSID cookie, it didn't pickup the session.

Important edit

I was wrong. Mozilla started to drop the session too. After I deleted the session (session_destroy()) it worked again though. So my guess is that after the session expires on the server, the browser still has the PHPSESSID cookie. If it sends that to the server, the server can't find the session and just puts an empty array in $_SESSION, leaving me clueless. I hope this helps somebody having the same problem.

Community
  • 1
  • 1
11684
  • 7,356
  • 12
  • 48
  • 71
  • Really weird... It's like... removing the session just before logging in can fix the trouble? –  Apr 12 '17 at 14:02