I'M running a site on PHP 5.2.6, Apache 2.2.9 (shared hosting). Most of the site uses a CMS (MODx) but I have one section using home-rolled scripts. I have a file that gets included into these that checks user status by looking for the MODx session vars. On one script, this works fine. Another script can't see the session vars. Huh?

The script that works fine is a public web page. If you have admin privs, one mode of this page presents a form for various page settings. This all works fine (including checking that you have those privs). The form's submit action calls the other script - saveinfo.php - which checks for admin privs (using those same MODx session vars) and saves the info to the DB before bouncing you back to the original page. This is the one that can't see the session vars. Because it assumes you're not logged in, it fails to save the info. This script is in the site's home (public_html) dir. The one that *can* see the sessions vars is one dir down.

I have exactly the same script working in an 'add-on' domain, which is effectively hosted in the same place, just one directory down. No problems at all there. I can't understand what the difference is.

I have commented out the' session_start()' commands that I used to use in these scripts because I understand PHP5 doesn't need them.

Any idea where I might start looking for the problem? This one has me tearing my hair out, and I don't have a lot to spare.

Forgot to mention: I tried re-instating the session_start() commands - no dice.

Are you getting a "Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by" warning at the beginning of the script? If so you may have BOM characters added to the script.

Some WYSIWYG editors will add extra BOM characters before the beginning of the script causing an output prior to session_start. You won't be able to see the characters in the code editor. Open the file in Notepad and try to spot any extra characters that shouldn't be there.

Another possible problem, if the problem script is located in a directory above the others using the session vars, I dont believe that they'll be able to share the session.

Also, as far as I know, unless session_autostart is set to 1 in php.ini, you'll need to uncomment the session_start and make sure that it comes before any other output.

I'm not seeing any errors. The session vars are being set by the MODx CMS which is in the same dir as the problem script.

unless session_autostart is set to 1 in php.ini, you'll need to uncomment the session_start and make sure that it comes before any other output.

The weird thing is that other scripts are working fine. They can see the session vars and determine that the user is logged in as admin. It's just this one script that's causing problems. -=sigh=-

This article has been dead for over six months. Start a new discussion instead.