I’m kinda keeping this “general” for now. Happy to answer any specifics, but want to keep it simple. I’ve done similar things on other projects involving sessions, but this is stumping me.
Sessions on various pages work sometimes, but not others. Generally the “first” time you login, session is there on one page, but if you click a link to go to another page, it forgets. session_start() is at the top of every page just after the opening php tag.
OK, site under development is password protected. No pages can be viewed without logging in. Additionally, can only be logged in once.
So, on valid username and password entry, I log it in the database that “you” are logged in. (This works, so I know who “you” are.) At that time, I set session variables about “you.” If you are an admin, I redirect you to an admin page. If you are not an admin, I redirect you to a “customer” page. Both redirects are done via the header location: function of php. The re-direct always happens and an admin always shows up at the proper page and a non-admin correctly lands at the proper page. I display their name (from a session var) at the top so I know that re-directing didn’t kill the session.
Now here is where it dies “the first time.” Click on a link that “includes” a menu page (let’s say displaymenu.php") and the code within displaymenu.php that detects if session var x is set says "No it’s not; therefore I say “You are not logged in…”
So here’s what I’ve tried to debug:
A. I thought having 2 back to back session starts (in the loaded file and in the include file) was the problem. So I made a “test” file that said session_start(); then set a variable. Then in the same file, did a session_start(); Added 1 to the variable then output the var. No errors and no dead session.
B. I’m logging at the top of each “new” page the contents of session vars (along with the page section I am in to track where the data is being lost) including print_r of the session data. When I first login and re-direct, the session data is logged to file properly. I can refresh my screen and everytime I refresh a new line gets added to the log file; still data is preserved. I click the link to the “new” page and log shows empty session. (100% of the time if this is the first time I am logged in. That is, if I reset the login flag in the database and stay in the webbrowser and login again, it’s fine.) So that implies that something is getting set later in the program, but not in the beginning. But continue reading, please.
C. So, at the top of every program. Login, redirect to “main menu”, click a link to “new” page, I did a print_r and exit so I have screen prints of every session variable along the way. When it “crashes” it just says Array(). When it works, it displays all of my preserved values.
D. I found a page on the internet that warned that if you’re doing header redirects, that you have to close the write of the session. I added that code in and no change.
session_write_close(); // write session just before the page redirect.
There are 2 pieces to this project that are different than past session-based projects that are working just fine.
A. In past projects, I just had an html file “call” the php script, that validated login, logged the login, checked for “blocked” users, etc. In this project, I’m doing all of those functions “inline” in index.php calling self, etc. Logins are being logged properly, etc.
B. In past projects, it didn’t matter whether someone was logged in more than once. In this project it does. When session dies, and logout.php is run, it can’t find the record to update in the database so they appear to still be logged in. logout.php is also the exclusive place that I’m destroying the session explicitly and I’m not clearing session variables like “name” etc. in code once set on login to the system.
Past projects have had no problem linking to other php programs without killing sessions, so I’m stumped.
I am grateful for any thoughts about other debugging I can try or any other advice about what can be going on here.
I’m persevering, but don’t know what else to try.