New session id on page load - PHP Server Side Scripting forum at WebmasterWorld - WebmasterWorld

Forum Moderators: coopster

Message Too Old, No Replies

New session id on page load

andrewsmd

8:39 pm on Sep 19, 2013 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Forgive me, my php is a little rusty. I'm trying to do a simple login form but every time I refresh the page, I get a new session id. Here's the code, every time I click login, I get a different session id. Any ideas why?

<?php session_start(); include("http://crossfitarchway.com/clients/includes/header.php"); ?>
<form name="loginForm" method="post">
<h3>Login</h3>
<table cellpadding="0" cellspacing="0">
<tr>
<td class="tablePadding">Username:</td>
<td class="tablePadding">
<input type="text" name="usernameInput" value="<?php echo($_SESSION['un']); ?>" />
</td>
</tr>
<tr>
<td class="tablePadding">Password:</td>
<td class="tablePadding">
<input type="password" name="passwordInput" />
</td>
</tr>
<tr>
<td class="tablePadding">
<input type="submit" name="loginButton" value="Login" />
</td>
</tr>
</table>
</form>
<?php

//if they clicked login
if(isset($_POST['loginButton'])){

//make sure they put in a username and password
$un = $_POST['usernameInput'];
$pw = $_POST['passwordInput'];

echo(session_id());
$_SESSION['un'] = $un;

if($un == "" or $pw == ""){

echo("<span class='errorClass'>Please enter a username and password</span>");
exit();

}//if un

//if we're here we connect
connect();

}//if isset post login button

?>
<?php include("http://crossfitarchway.com/clients/includes/footer.php"); ?>

Readie

9:35 pm on Sep 19, 2013 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

The session ID is the unique identifier to tell the server to load data from the associated session file.

Presumably, every time you hit login, it's after you've logged out - and I assume you're logging out with a call to session_destroy()?

session_destroy would completley erase your session, so the login would cause the server to create a new session with another identifier, and create a cookie on your machine with the new identifier - your session id.

andrewsmd

9:53 pm on Sep 19, 2013 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

I'm not calling anything. You can literally copy that code and put it in a php file. I understand how sessions work and what not, I've just been developing in .net for the last 5 years so it's been a while. The only thing I'm doing on that right now is trying to output the session id and connect to my db. I even removed the connect() line and I still get a new session id every time. I have no idea why it would be getting destroyed and re created every time I hit a submit button.

andrewsmd

12:52 pm on Sep 20, 2013 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Ok, it has to be something stupid but why in the hell am I getting a new session id each time. I simplified my page to this and every time I click the button, I get a new session id. Here is the simplified code.

<html>
<?php session_start(); ?>
<head></head>
<body>
<form name="form" method="post">
<br>
<br>
<input type="submit" value="submit" name="submit" />
<?php
if(isset($_POST['submit'])){
echo(session_id());
}//if isset
?>
</form>
</body>
</html>

nettulf

12:59 pm on Sep 20, 2013 (gmt 0)

10+ Year Member

It is because your include (header.php) or your test-file is encoded in UTF-8 with BOM, so it sends an (invisible) byte before the session_start().

Try to convert it to UTF-8 without BOM, I use notepad++ for that.

[edited by: nettulf at 1:03 pm (utc) on Sep 20, 2013]

omoutop

1:00 pm on Sep 20, 2013 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

Do you by any chance use php 5.3?
There is a similar problem mentioned in official php site here [php.net].
The problem is that you use session_id() after session_start() (if i understand the situation correctly)

Edit: if you put your session_start() at the very top of your page, your ssession_id() maintains its value (tested in 5.1.4 and 5.3.3)

[edited by: omoutop at 1:05 pm (utc) on Sep 20, 2013]

andrewsmd

1:04 pm on Sep 20, 2013 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Holy crap, thanks! I never, ever would have figured that out. Any ideas on how to convert the files? I don't see how I would do that in notepad++. What I ended up doing was deleting one and creating a new text file with notepad++.

nettulf

1:07 pm on Sep 20, 2013 (gmt 0)

10+ Year Member

I have had the exact same error. :)

In notepad ++ I think it is as simple as the menu choice "Encoding -> Convert to UTF-8 without BOM" (Don't have it here at work so I cannot check). But something like that.