0

Bear with me if this looks similar to other questions posted here, I have already gone through all answers provided but not has solved my problem. I've reduced my problem to the bare minimum.

  1. I have two pages (page1.php, page2.php)
  2. Page1.php creates a session variable and if the session variable is set it then sends the browser to Page2.php
  3. On page2.php the browser is supposed to display the value of the session variable set in Page1. php
  4. My problem is that page2.php views the session variable as not set.
  5. I have tried all the solutions posted by other users on stack overflow as you can see from my code below:

Page1.php

<?php
//start the session
session_start();

//set the session
$_SESSION['mysession'] = "Hello";


if(isset($_SESSION['mysession'])){
    //redirect the person to page 2
    session_write_close();
    header("Location: page2.php?PHPSESSID=".session_id());
    exit();
} else {
 echo "Session Not Set";
}
?>

Page2.php

<?php
//start the session
session_start();
session_id($_GET['PHPSESSID']);

if ( isset ($_SESSION['mysession']) )
   echo $_SESSION['mysession'];
else
   echo "Session not set!";
?>
Harry Karanja
  • 1
  • 1
  • 2
  • What happens when you let the session start without sending/setting id? header("Location: page2.php"); in page1 and //session_id($_GET['PHPSESSID']); in page2 – Sergey Eremin Jul 09 '12 at 14:46
  • Is the session extension configured to read out the `PHPSESSID=` parameter? (You don't usually micromanage that yourself). What's the redirected URL? Did you test it with just cookies? Did the cookie get set? – mario Jul 09 '12 at 14:47
  • Is the second page in the same domain ? – Razvan Jul 09 '12 at 14:48
  • kgb if I don't set the session_id I still can't view the session – Harry Karanja Jul 09 '12 at 15:01
  • @HarryKaranja - can you check and make sure that your browser is actually getting a cookie from the first page? – andrewsi Jul 09 '12 at 15:01
  • @mario I'm not sure I follow the question, but I set the PHPSESSID as one of the solutions I found on this site, same result if I leave it out. How can I test it with just cookies though? – Harry Karanja Jul 09 '12 at 15:02
  • @Razvan yes it is in the same domain – Harry Karanja Jul 09 '12 at 15:03
  • @andrewsi how do I test that? – Harry Karanja Jul 09 '12 at 15:03
  • @HarryKaranja - set your browser to alert you whenever a cookie is set. You should also be able to examine the contents, so you can be sure that you're looking at the right cookie, too. – andrewsi Jul 09 '12 at 15:08
  • Is your browser set to accept cookies from your site ? – Razvan Jul 09 '12 at 15:11
  • @andrewsi I've confirmed that cookies are being set correctly by the browser – Harry Karanja Jul 09 '12 at 15:20
  • @Razvan yes the browser is accepting cookies from the site – Harry Karanja Jul 09 '12 at 15:20
  • Just to mention: 1. the code works just fine on my local PC but fails on the hosting server. 2. I've tried with different browsers chrome, firefox, and safari all with same results. 3. I've even tried with different ISPs – Harry Karanja Jul 09 '12 at 15:29
  • After contacting the hosting provider the problem seems to be resolved, they don't admit it but I suspect it was a configuration issue. I have also found this [http://support.microsoft.com/kb/q176113][1] which might be of help to those hosting on Windows platforms [1]: http://support.microsoft.com/kb/q176113 – Harry Karanja Jul 09 '12 at 16:48

2 Answers2

3

session_id() needs to be called before session_start()

If id is specified, it will replace the current session id. session_id() needs to be called before session_start() for that purpose. Depending on the session handler, not all characters are allowed within the session id. For example, the file session handler only allows characters in the range a-z A-Z 0-9 , (comma) and - (minus)!

Note: When using session cookies, specifying an id for session_id() will always send a new cookie when session_start() is called, regardless if the current session id is identical to the one being set.

session_id()-Manual

You've also might check whether you'll have cookie based authentication set.

Be aware that if users post the url, they might carry the session to another client.

Community
  • 1
  • 1
worenga
  • 5,776
  • 2
  • 28
  • 50
  • The session_id querystring was only added as a workaround in case the cookies were not being set (a solution I saw somewhere in this site) however even when I leave it out, I get the same results. – Harry Karanja Jul 09 '12 at 15:11
  • php will do this for you, if there are no cookies set, so no need to worry. check http://www.php.net/manual/en/session.configuration.php#ini.session.use-cookies – worenga Jul 09 '12 at 15:15
  • thanks, checked using phpinfo() and session.use_cookies is set to On – Harry Karanja Jul 09 '12 at 15:27
1

On page2.php, interchange the first 2 lines. Change 

session_start();
session_id($_GET['PHPSESSID']);

to 

session_id($_GET['PHPSESSID']);
session_start();

See the Parameters section here..http://php.net/manual/en/function.session-id.php

web-nomad
  • 6,003
  • 3
  • 34
  • 49
  • Thanks. I've interchanged the lines but get the same result, "session not set" – Harry Karanja Jul 09 '12 at 15:00
  • see my comment about whether you may have a cookie based session handler active interferring with your manual setting, i believe thats the case. – worenga Jul 09 '12 at 15:02
  • @mightyuhu thanks, how do I do that? I should also mention that 1. the code works just fine on my localhost 2. I've tried it across different browsers on the hosted server with the same results – Harry Karanja Jul 09 '12 at 15:09
  • 1
    @HarryKaranja - can you do a `print_r($_SESSION);` right on the top of the file `page2.php`, before any other code, even `session_start()` and see if any session is present. – web-nomad Jul 09 '12 at 15:15
  • @Pushpesh nothing is printed on the browser when I place that code at the top of the page, except for "Session not set" – Harry Karanja Jul 09 '12 at 15:23