homepage Welcome to WebmasterWorld Guest from 107.21.187.131
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
New session id on page load
andrewsmd




msg:4611071
 8:39 pm on Sep 19, 2013 (gmt 0)

Forgive me, my php is a little rusty. I'm trying to do a simple login form but every time I refresh the page, I get a new session id. Here's the code, every time I click login, I get a different session id. Any ideas why?

<?php session_start(); include("http://crossfitarchway.com/clients/includes/header.php"); ?>
<form name="loginForm" method="post">
<h3>Login</h3>
<table cellpadding="0" cellspacing="0">
<tr>
<td class="tablePadding">Username:</td>
<td class="tablePadding">
<input type="text" name="usernameInput" value="<?php echo($_SESSION['un']); ?>" />
</td>
</tr>
<tr>
<td class="tablePadding">Password:</td>
<td class="tablePadding">
<input type="password" name="passwordInput" />
</td>
</tr>
<tr>
<td class="tablePadding">
<input type="submit" name="loginButton" value="Login" />
</td>
</tr>
</table>
</form>
<?php

//if they clicked login
if(isset($_POST['loginButton'])){


//make sure they put in a username and password
$un = $_POST['usernameInput'];
$pw = $_POST['passwordInput'];

echo(session_id());
$_SESSION['un'] = $un;


if($un == "" or $pw == ""){

echo("<span class='errorClass'>Please enter a username and password</span>");
exit();

}//if un


//if we're here we connect
connect();

}//if isset post login button

?>
<?php include("http://crossfitarchway.com/clients/includes/footer.php"); ?>

 

Readie




msg:4611083
 9:35 pm on Sep 19, 2013 (gmt 0)

The session ID is the unique identifier to tell the server to load data from the associated session file.

Presumably, every time you hit login, it's after you've logged out - and I assume you're logging out with a call to session_destroy()?

session_destroy would completley erase your session, so the login would cause the server to create a new session with another identifier, and create a cookie on your machine with the new identifier - your session id.

andrewsmd




msg:4611085
 9:53 pm on Sep 19, 2013 (gmt 0)

I'm not calling anything. You can literally copy that code and put it in a php file. I understand how sessions work and what not, I've just been developing in .net for the last 5 years so it's been a while. The only thing I'm doing on that right now is trying to output the session id and connect to my db. I even removed the connect() line and I still get a new session id every time. I have no idea why it would be getting destroyed and re created every time I hit a submit button.

andrewsmd




msg:4611283
 12:52 pm on Sep 20, 2013 (gmt 0)

Ok, it has to be something stupid but why in the hell am I getting a new session id each time. I simplified my page to this and every time I click the button, I get a new session id. Here is the simplified code.

<html>
<?php session_start(); ?>
<head></head>
<body>
<form name="form" method="post">
<br>
<br>
<input type="submit" value="submit" name="submit" />
<?php
if(isset($_POST['submit'])){
echo(session_id());
}//if isset
?>
</form>
</body>
</html>

nettulf




msg:4611284
 12:59 pm on Sep 20, 2013 (gmt 0)

It is because your include (header.php) or your test-file is encoded in UTF-8 with BOM, so it sends an (invisible) byte before the session_start().

Try to convert it to UTF-8 without BOM, I use notepad++ for that.

[edited by: nettulf at 1:03 pm (utc) on Sep 20, 2013]

omoutop




msg:4611285
 1:00 pm on Sep 20, 2013 (gmt 0)

Do you by any chance use php 5.3?
There is a similar problem mentioned in official php site here [php.net].
The problem is that you use session_id() after session_start() (if i understand the situation correctly)


Edit: if you put your session_start() at the very top of your page, your ssession_id() maintains its value (tested in 5.1.4 and 5.3.3)

[edited by: omoutop at 1:05 pm (utc) on Sep 20, 2013]

andrewsmd




msg:4611289
 1:04 pm on Sep 20, 2013 (gmt 0)

Holy crap, thanks! I never, ever would have figured that out. Any ideas on how to convert the files? I don't see how I would do that in notepad++. What I ended up doing was deleting one and creating a new text file with notepad++.

nettulf




msg:4611290
 1:07 pm on Sep 20, 2013 (gmt 0)

I have had the exact same error. :)

In notepad ++ I think it is as simple as the menu choice "Encoding -> Convert to UTF-8 without BOM" (Don't have it here at work so I cannot check). But something like that.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved