Welcome to WebmasterWorld Guest from 220.127.116.11
Every now and then, a user will contact me to say that he entered his username and password and logged in successfully, but when he then clicks on a link to go to another page it tells him he's not logged in and redirects him to the login page again. He repeats the process and the same thing happens again.
As I understand the way PHP's sessions work, it attempts to write a session cookie first. If that fails then it rewrites the URL with the session ID appended. I have tried turning off cookies in my browser and it does indeed switch to the URL-rewriting method and continues fine.
So why are my users having problems? I even set up a page I can send them to that mails me the details of their browser, OS, etc. The only common factor I can see is that they do have cookies turned off.
Has anyone else experienced such problems with their users?
You can ensure that the session ID is always passed, whether the user's browser will accept cookies or not by appending the session ID to the link eg
<a href="nextpage.php?<?php print SID;?>">Next Page</a>
I take your point about forcing the SID to be appended to each link, but I only want to go down that route as a last resort (it would involve a lot of amendments, and it doesn't look as 'neat').
All my links are prefixed with "/" (root) as they are in an include file which is included from various subfolders (so "../" wouldn't work).
Is that still classes as relative? I guess it is. I certainly don't have links beginning http://
And besides, the point I keep coming back to is that it works fine for me when I turn off cookies, which I think implies that it must be some configuration at the client end rather than server end.
The problem is probably something else. The cookies off is the first clue but there must be some other common element between them.
Are the sesions being started properly? Have you looked at how you are testing if they are logged in?
Try echoing the value of $mymember at the top of each page (if necessary, stick it inside an HMTL comment) so you can track it's value.
I have echo'd $mymember and it shows fine.
The thing that's puzzling me is that it all works fine for me and 99% of my users. I can log in and navigate around without any problems. It even continues to work fine when I turn cookies off.
But there is a small number of new members each week who mail me to say they experience this problem. This is what leads me to believe it has to be some configuration at the client-end, but it's really got me stumped.
(note: that is only 1 of many possible cookie problems that exist)
That's what I don't understand. Why should I have to explicitly append a session ID to every single link and include it as a hidden field in every single form, when PHP is supposed to handle that for me?
And indeed, when I turn off cookies on my browser, PHP does handle it for me and starts putting the session ID on each URL automatically. Why is this apparently not happening for everyone with cookie problems - that's my real question.
Thanks for your help so far though! :-)
For example, if their date is earlier than the servers date, the cookie will automatically expire...
Ehm, that can't be right? Then they would expire for anyone who live in a different time zone! Or, what about those that live in areas where they use a different calendar than we do (like muslim countries, or China)