0

I have read dozens of blogs, forum postings amd the PHP manual on this but do not seem to get an answer.

my code

$_SESSION['sessionname']=$variable;
session_write_close();
echo "<script language='javascript'>";
echo "parent.location.reload(true)";
echo "</script>";

works well with chrome, as I can check the existence of the session for other jobs, after the code above is executed.

However, with IE, the session seems to be lost after the page is reloaded.

Please note (and please do not slaughter me) I am using iframes, and because the action of setting the session is happenning in the iframe, I need to refresh the parent frame to display data which is derived from the existence of the session.

Also, please note, I am only using session when the using stipulates they do not want to or cannot use cookies, otherwise cookies are created and I do not get this problem.

Oh, and session start is declared at the top of every page, in accordance with PHP manual.

Any suggestions (even writing the session id to a database) will be received graciously as I have spent hours searching for plausible answers.

2
Contributors
8
Replies
10
Views
7 Years
Discussion Span
Last Post by Thorby68
0

Do you have cookies enabled because with the method your using only cookie powered sessions will work. This is because php is unable to pass to the parent http header information and/or the SID in the url. So make sure you have cookies enabled in IE.
If however cookies are enabled in IE then try removing the session_write_close(); function from your code. Also it would be good if you could post your full script because I only have a vague idea of what the code looks like and believe should be something as follows.

<?php
session_start();
$_SESSION['sessionname']=$variable;
echo "<script language='javascript'>";
echo "parent.location.reload(true)";
echo "</script>";
0

Many thanks for your help, i really appreciate it.

As you will see the script in question is a login script with some limited added checks and balances.

I believe have attached all relevant code, however if you require anything else please let me know.

For this exercise, I have enabled cookies in IE with the following options:
Override automatic cookie handling (true)
First pary cookies->accept (true)
Third party cookies->accept (true)
Always allow session cookies (true).

The login script includes the following (loginstatus.php)

<?php

    //connect to database
    mysql_connect("localhost","root","Password1") or die("Connection failed");
    mysql_select_db("playersclub") or die ("No such database");

        //login check function
        function loggedin()
        {
        if (isset($_SESSION['username'])||isset($_COOKIE['username']))
        {
            $loggedin = TRUE;
            return $loggedin;
                    }else{
            $loggedin = FALSE;
            return $loggedin;
            }
        }

?>

Also my index.php I includes the following snippet. Please note, the requirement of the refresh is due to the login page being called in a separate iframe (mainframe), as referenced in the else statement of the snippet.

 <td bgcolor="#FF0000">
      <div align="center"><span class="style4">
    <?PHP
include 'loginstatus.php';

if (loggedin())
{
echo'you are logged in <a href=logout.php>Logout Now</a>';
echo"the session id is".$_SESSION['username'];
}else{
echo 'you are NOT logged in <a href=login.php target=mainframe>Login Now</a>';
}
    ?>
      </span></div>
 </td>

The full login script is below (I apologize upfront for some of the seemingly unnecessary code, there are valid reason for it.

The full logion script:

<?php
session_start();
include 'loginstatus.php';

if (loggedin())
    {
    header ("Location: ../Pages/home.htm");
    }
    else
    {}

        if (!isset($_POST['logggg']))
        {
        echo 'Please enter username and password';
        }
        else
        {
        $username=$_POST['username'];
        $password=$_POST['password'];

        if(isset ($_POST['rememberme']))
        {
        $rememberme=$_POST['rememberme'];
        }
        else
        {
        $rememberme="off";
        }

            if($username&&$password)
                {
                $login = mysql_query("SELECT * FROM user_register WHERE username ='$username'");
                    while ($row = mysql_fetch_assoc($login))
                        {
                        $db_password = $row['password'];
                            if($password==$db_password)
                            {
                                if($rememberme=='on')
                                {
                                setcookie('username', $username, time()+7200); 
                                echo "<script language='javascript'>";
                                echo "parent.location.reload(true)";
                                echo "</script>";                                                
                                }
                                else
                                {
                                $_SESSION['username']=$username;
                                session_write_close();
                                echo "<script language='javascript'>";
                                echo "parent.location.reload(true)";
                                echo "</script>"; 
                                //header("Location: ../pages/home.htm");    
                                }
                            }
                            else
                            {
                            echo "incorrect username or password";
                            }
                    }
        }
        else
        {
        echo "you must enter a username or password";
        }
}                   
?>
<div align="center"><img src="../pics/pokerlogo.png" width="355" height="113"></div>
<form action="login.php" method="post">
  <p align="center" class="style1">
    <label>Username
    <input type="text" name="username"/>
    </label>
  </p>
  <p align="center" class="style1">
    <label>Password
    <input type="password" name="password"/>
    </label>
  </p>
  <p align="center" class="style1">
     <label>Remember me
       <input type="checkbox" name="rememberme"/>
    </label>    
  </p>
  <p align="center">    
    <input type="submit" name="logggg" value="submit" />   
  </p>
</form>

Edited by mike_2000_17: Fixed formatting

0

Perhaps try the following and why do you have a cookie when you have sessions?

<?php
session_start();
include 'loginstatus.php';

if (loggedin())
{
header ("Location: ../Pages/home.htm");
}
else
{}

if (!isset($_POST['logggg']))
{
echo 'Please enter username and password';
}
else
{
$username=$_POST['username'];
$password=$_POST['password'];

if(isset ($_POST['rememberme']))
{
$rememberme=$_POST['rememberme'];
}
else
{
$rememberme="off";
}

if($username&&$password)
{
$login = mysql_query("SELECT * FROM user_register WHERE username ='$username'");
while ($row = mysql_fetch_assoc($login))
{
$db_password = $row['password'];
if($password==$db_password)
{
if($rememberme=='on')
{
setcookie('username', $username, time()+7200); 
echo "<script language='javascript'>";
echo "parent.location.reload(true)";
echo "</script>"; 
}
else
{
$_SESSION['username']=$username;
echo "<script language='javascript'>";
echo "parent.location.reload(true)";
echo "</script>"; 
//header("Location: ../pages/home.htm"); 
}
}
else
{
echo "incorrect username or password";
}
}
}
else
{
echo "you must enter a username or password";
}
} 
?>
<div align="center"><img src="../pics/pokerlogo.png" width="355" height="113"></div>
<form action="login.php" method="post">
<p align="center" class="style1">
<label>Username
<input type="text" name="username"/>
</label>
</p>
<p align="center" class="style1">
<label>Password
<input type="password" name="password"/>
</label>
</p>
<p align="center" class="style1">
<label>Remember me
<input type="checkbox" name="rememberme"/>
</label> 
</p>
<p align="center"> 
<input type="submit" name="logggg" value="submit" /> 
</p>
</form>
0

Again,

Many thanks, but unfortunately this did not work either.

I'm not sure if it would help, but I can attach the full files to give you a better hook on what's happening.

Regarding the cookie and the session, the idea is to create either a cookie or session, not both. If the user does not want to use cookies, or has disabled cookies in their browser, then I intend to create a session for the duration of their stay, otherwise I will create a cookie that will last for 61 days (we only expect user to return once in a calendar month).

Please let me know if it's ok to forward the files in their entirety.

Many thanks

0

Again,

Many thanks, but unfortunately this did not work either.

I'm not sure if it would help, but I can attach the full files to give you a better hook on what's happening.

Regarding the cookie and the session, the idea is to create either a cookie or session, not both. If the user does not want to use cookies, or has disabled cookies in their browser, then I intend to create a session for the duration of their stay, otherwise I will create a cookie that will last for 61 days (we only expect user to return once in a calendar month).

Please let me know if it's ok to forward the files in their entirety.

Many thanks

The only problem with that system is that sessions use cookies for identification. So if cookies are disabled then sessions are disabled. So perhaps you should enable cookies then you will see your sessions working again.

0

Ah, that sort of makes sense...I have a couple of questions though.

If the user has cookies enabled and wants to be remembered, should I then setcookie and create a session?

If the user does NOT want to be remembered or does not have cookies enabled, would I be correct in saying that there is no need to create a session, just check the database?

Also, when I view the session on the server I see a file names something like sess_abcdef0123.....

Is the abcdef0123..... an encrypted value of the cookie name and/or value(s)? The only reason I ask is because if I open the session file with a text editor, I see there is nothing inside and I was wondering how the cookies and sessions matched each other?

As you can see I have only a limited knowledge of PHP, but as usual big ideas on what I want to achieve with it. Can you recommend any books that would assist me, I find the PHP manual difficult to understand as I am not familiar with all of the terminology or acronyms (the examples/questions though are very useful), I'am a pretty quick learner so a php for dummies would only be good for me for a day.

Once again many thanks for your invaluable help.

0

Well I'm not sure how exactly sessions are stored on the server but I do know that the server stores an Id array or string array containing the identification code for every machine currently using sessions with that server. This is so that different users have different data stored and the identification code tells the server to send which data to which person. But for this system to work the server needs to tell apart each of the users. There are two methods. The default method is cookies. So in this method a cookie is sent to each user with the cookie name by default PHPSESSID. This cookie contains the identification code for the session. However the session identification code can be placed into the url bar by the server so that if cookies are disabled then sessions will work provided the identification is in the url bar. Below is an example of how to do that although it looks ugly having that thing in the url.

<?php session_start();
$_SESSION['test']='test';
echo '<a href="test.php?'. SID .'">test</a>'; //All links would have SID

?>

Second page (test.php)
<? session start();
echo $_SESSION['test'];
0

Thanks for your help with this.

FYI, if the user does not allow cookies I have implemented a hidden form on each page to pass the username and password between pages and maintain my login status, security and functionality.

Also, I've implemented a "temporary" cookie so I can re-direct the user back from where they came. Unfortunately, because I am using iframes I need to refresh the home page to display the user is logged in, and thus I would not be able to use the HTTP_SERVER to do this, so I set a "temporary" cookie with the target page url, go to home page, refresh to display you are looged in, them redirect to url in temporary cookie, them destroy the cookie so it does not redirect each time I go to the home page.

Again many thanks for your help, without it I would still be going round in circles.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.