Welcome to WebmasterWorld Guest from 107.20.75.63

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

New session id on page load

     
8:39 pm on Sep 19, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:June 10, 2008
posts: 1130
votes: 0


Forgive me, my php is a little rusty. I'm trying to do a simple login form but every time I refresh the page, I get a new session id. Here's the code, every time I click login, I get a different session id. Any ideas why?

<?php session_start(); include("http://crossfitarchway.com/clients/includes/header.php"); ?>
<form name="loginForm" method="post">
<h3>Login</h3>
<table cellpadding="0" cellspacing="0">
<tr>
<td class="tablePadding">Username:</td>
<td class="tablePadding">
<input type="text" name="usernameInput" value="<?php echo($_SESSION['un']); ?>" />
</td>
</tr>
<tr>
<td class="tablePadding">Password:</td>
<td class="tablePadding">
<input type="password" name="passwordInput" />
</td>
</tr>
<tr>
<td class="tablePadding">
<input type="submit" name="loginButton" value="Login" />
</td>
</tr>
</table>
</form>
<?php

//if they clicked login
if(isset($_POST['loginButton'])){


//make sure they put in a username and password
$un = $_POST['usernameInput'];
$pw = $_POST['passwordInput'];

echo(session_id());
$_SESSION['un'] = $un;


if($un == "" or $pw == ""){

echo("<span class='errorClass'>Please enter a username and password</span>");
exit();

}//if un


//if we're here we connect
connect();

}//if isset post login button

?>
<?php include("http://crossfitarchway.com/clients/includes/footer.php"); ?>
9:35 pm on Sept 19, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:Dec 13, 2009
posts:943
votes: 0


The session ID is the unique identifier to tell the server to load data from the associated session file.

Presumably, every time you hit login, it's after you've logged out - and I assume you're logging out with a call to session_destroy()?

session_destroy would completley erase your session, so the login would cause the server to create a new session with another identifier, and create a cookie on your machine with the new identifier - your session id.
9:53 pm on Sept 19, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:June 10, 2008
posts: 1130
votes: 0


I'm not calling anything. You can literally copy that code and put it in a php file. I understand how sessions work and what not, I've just been developing in .net for the last 5 years so it's been a while. The only thing I'm doing on that right now is trying to output the session id and connect to my db. I even removed the connect() line and I still get a new session id every time. I have no idea why it would be getting destroyed and re created every time I hit a submit button.
12:52 pm on Sept 20, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:June 10, 2008
posts: 1130
votes: 0


Ok, it has to be something stupid but why in the hell am I getting a new session id each time. I simplified my page to this and every time I click the button, I get a new session id. Here is the simplified code.

<html>
<?php session_start(); ?>
<head></head>
<body>
<form name="form" method="post">
<br>
<br>
<input type="submit" value="submit" name="submit" />
<?php
if(isset($_POST['submit'])){
echo(session_id());
}//if isset
?>
</form>
</body>
</html>
12:59 pm on Sept 20, 2013 (gmt 0)

New User

joined:Aug 15, 2011
posts:40
votes: 2


It is because your include (header.php) or your test-file is encoded in UTF-8 with BOM, so it sends an (invisible) byte before the session_start().

Try to convert it to UTF-8 without BOM, I use notepad++ for that.

[edited by: nettulf at 1:03 pm (utc) on Sep 20, 2013]

1:00 pm on Sept 20, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Oct 15, 2004
posts:941
votes: 0


Do you by any chance use php 5.3?
There is a similar problem mentioned in official php site here [php.net].
The problem is that you use session_id() after session_start() (if i understand the situation correctly)


Edit: if you put your session_start() at the very top of your page, your ssession_id() maintains its value (tested in 5.1.4 and 5.3.3)

[edited by: omoutop at 1:05 pm (utc) on Sep 20, 2013]

1:04 pm on Sept 20, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:June 10, 2008
posts: 1130
votes: 0


Holy crap, thanks! I never, ever would have figured that out. Any ideas on how to convert the files? I don't see how I would do that in notepad++. What I ended up doing was deleting one and creating a new text file with notepad++.
1:07 pm on Sept 20, 2013 (gmt 0)

New User

joined:Aug 15, 2011
posts:40
votes: 2


I have had the exact same error. :)

In notepad ++ I think it is as simple as the menu choice "Encoding -> Convert to UTF-8 without BOM" (Don't have it here at work so I cannot check). But something like that.