PHP SESSION data lost between page loads with WAMPserver 2.0 on localhost

Question

I have a PHP authentication system on my website using the $_SESSION variable.

A form submits a username and password to the file "login.php". It is handled like this:

<?php include '../includes/sessionstart.inc.php'; ?>
<?php ob_start(); ?>

if($_POST){
    $q = mysql_query("SELECT id, company FROM users WHERE username = '".mysql_real_escape_string($_POST['username'])."' AND password = '".md5($_POST['password'])."'");
    if(mysql_num_rows($q) >= 1){
        $f = mysql_fetch_Array($q);
        $_SESSION['company'] = $f['company'];
        $_SESSION['id'] = $f['id'];
        $_SESSION['logedin'] = true;
        session_write_close();

        ob_clean();
        header("Location: index.php");

}

Afterwards, index.php is loaded and checks whether 'logedin' is true.

<?php include '../includes/sessionstart.inc.php'; ?>
<?php if(!isset($_SESSION['logedin'])) header('Location: login.php'); ?>

On my production server, it continues, but on my Wampserver, it reverts back to login.php. I notice that Wampserver is very slow in page loading, this might have to do something with it. That's why I included the session_write_close, to make sure session data is saved before the pages are switched, but it doesn't help.

The contents of session_start.inc.php are simply:

<?php
    session_start();
?>

I used to have more code in there, but at the moment it's just this. The problem also existed before I started using an include file.

Does anybody have an idea what I'm doing wrong? Why doesn't Wampserver transmit my SESSION data to the next PHP file?

Have you checked the headers coming from your server, that they actually include the session cookie? — nikc.org, Jan 28 '10 at 09:40
When I do a print_r($_SESSION), nothing displays. How can I check the raw headers? — littlegreen, Jan 28 '10 at 09:48
You can do it with the Firefox extensions Firebug or Live http headers, or use a network sniffer. — nikc.org, Jan 28 '10 at 10:02

score 6 · Answer 1 · edited Nov 29 '12 at 13:10

WAMP server 2 - settings are not set by default for $_SESSION var.

PHP.ini requires the following settings

C:\wamp\bin\apache\apache2.4.2\bin\php.ini
session.cookie_domain =
session.use_cookies = 1
session.save_path = "c:\wamp\tmp"   ;ensure the \ is used not /

Session testing - load.php -- load $_SESSION var.

<?PHP
session_start();
$_SESSION['SESS_MEMBER_ID'] = 'stored variable';
session_write_close();
header("location:print.php");
?>

print.php -- print $_SESSION var.

<?PHP
session_start();
var_dump($_SESSION);
?>

run the script in your browser var_dump() should produce results

go to c:\wamp\tmp Files containing the session data will appear here.

score 2 · Answer 2 · answered Jan 28 '10 at 09:44

First of all: the index logedin seems strange for keeping track of a user being logged in. Is this just a typo on SO, or really a code-typo?

Second (depending on the desired behavior), try another approach for making pages login-protected. Your page should look something like

<?php
  include 'login.inc.php';

  if(authorized()) {
    // put some more script here, if needed
    ?>
    // put some plain HTML here  
    <?php
  }
?>

Where login.inc.php handles the session, cookies. In particular, the authorized function should return TRUE if a client is already logged in. If a client is not logged in, it should display a form with action $_SERVER['PHP_SELF'] and return FALSE. If you name the submit-input something like login_submit, you can let login.inc.php handle the verification.

This way, you don't need to refer users to a dedicated login page, and after logging in, user are directly shown the requested page. You can tweak this a bit to make query-strings persistent through login as well.

The 'logedin' is an inherited typo from the previous developer working on this project. — littlegreen, Jan 28 '10 at 09:47
Thanks.. I implemented your approach, the code is much more tidy now and the login falls through to the actual page instead of doing the redirect. Although I'm still not sure what caused the problem, I have a solution, and that's most important! — littlegreen, Jan 28 '10 at 11:25

score 1 · Answer 3 · answered Jan 28 '10 at 10:39

1

Try to replace

if($_POST){...}

with

if( isset($_POST['username']) && isset($_POST['password']) ){...}

... at least for debugging purposes. It's possible that some different settings are causing a non-empty $_POST array where it's not expected.

Also, your code seems to be missing exit() calls after header() redirections. Sending an HTTP Location header doesn't automatically stop your script.

answered Jan 28 '10 at 10:39

Álvaro González

142,137
41
261
360

thanks.. i was already busy implementing Martijn's approach, stumbled upon the if($POST){...} line and corrected it myself. Nice that you also mention it. I'll also check for missing exit calls. – littlegreen Jan 28 '10 at 11:27

score 1 · Answer 4 · answered Dec 07 '11 at 15:47

I had this problem using WAMPSERVER for development on /localhost. I needed to change session.use_only_cookies either in-line or in the php.ini setting from

session.use_only_cookies = 1

to

session.use_only_cookies = 0

Explanation

Using default cookie-based sessions was working as expected but I needed a cookie-less solution. A test starting page:

<?php
// page1.php

ini_set('session.use_cookies', '0');
session_start();

$_SESSION['time'] = time();

echo '<br /><a href="page2.php?' . SID . '">page 2</a>';
?>

The session data was created and stored successfully in the WAMPSERVER temp directory, e.g., C:\wamp\tmp\sess_0rkdlonl5uia717rf03d4svs16. The link generated by the above code looks similar to (note the UID matches the session data file name):

page2.php?PHPSESSID=0rkdlonl5uia717rf03d4svs16

But the destination page2.php was throwing undefined errors for the variable 'time' whilst attempting to retrieve the session data:

<?php
// page2.php

ini_set('session.use_cookies', '0');
session_start();

echo date('Y m d H:i:s', $_SESSION['time']);

echo '<br /><a href="page1.php?' . SID . '">page 1</a>';
?>

By setting session.use_only_cookies FALSE in either the script before session_start();:

ini_set('session.use_only_cookies', '0');

or changing it globally in php.ini:

; This option forces PHP to fetch and use a cookie for storing and maintaining
; the session id. We encourage this operation as it's very helpful in combatting
; session hijacking when not specifying and managing your own session id. It is
; not the end all be all of session hijacking defense, but it's a good start.
; http://php.net/session.use-only-cookies
session.use_only_cookies = 0

solved the problem.

score 0 · Answer 5 · edited Aug 02 '14 at 13:37

0

Faced the same problem but it was being caused by

session_regenerate_id(true);

So I just deleted it from my code.

edited Aug 02 '14 at 13:37

Alexander Tobias Bockstaller

4,657
4
36
58

answered Aug 02 '14 at 13:29

grill

1

score 0 · Answer 6 · answered May 19 '15 at 16:32

0

Update to WAMP 2.5 and now the problem is solved!

answered May 19 '15 at 16:32

user3157444

53
7

score 0 · Accepted Answer · answered Aug 25 '10 at 18:43

After a long time I have fixed this bug finally.

On my localhost WAMP, the session data is not saved between page loads, because the session data is stored in a cookie, and there is no cookie domain to be set for localhost.

The solution:

'session.cookie_domain' should be set to empty string for all local domain names, not only for 'localhost' (but should not be empty for local IP addresses):

<?php
ini_set('session.cookie_domain', (strpos($_SERVER['HTTP_HOST'],'.') !== false) ? $_SERVER['HTTP_HOST'] : '');
?>

Thanks to Marcin Wiazowski who posted it here.

PHP SESSION data lost between page loads with WAMPserver 2.0 on localhost

7 Answers7

Linked