canoebrain canoebrain -4 years ago 72
PHP Question

Session variable working in IE and Safari, but not Chrome, Opera or Firefox?

I'm setting a session variable from a log in page ($_SESSION['login']). I've tested thoroughly, the variable is definitely being created and the correct value is being stored ($_SESSION['login'] = '1'), but the variable isn't recognized in the next page using Chrome, Opera or Firefox - oddly enough, the same script works as I expect in Safari and Internet Explorer.

Any help at all would be greatly appreciated - I've been trying to figure this one out for a while and just can't get it - I'm at a complete loss here.

Here's the step by step -

<?php
// log in page
// if logged in successfully set the session variable

session_start();

if (// log in credentials good) {
$_SESSION['login'] = '1';
header('location:inside_page.php');

// echo $_SESSION['login'] ;
// ----------------------
// commenting out the redirect and echoing
// the session variable works as expected
// in IE, Safari, Chrome, Opera and Firefox
}

?>


Here's my Check_login class - it get's instantiated in the next page (inside_page.php) -

class:

<?php

if (! defined('EXT')){ exit('Invalid file request'); }

class Check_login {
private $login = null ;

function __construct() {
session_start();
$this->login = $_SESSION['login'];
if ($this->login != '1') {
header('location:../index.php');
}

// $login = $this->login ;
// echo $login ;
// $session = $_SESSION['login'];
// echo $session ;
// ----------------------
// commenting out the redirect and echoing the
// session variable shows 1 in IE and Safari, but
// empty in Chrome, Opera and Firefox
}

}

?>


page (inside_page.php):

<?php

require('../lib/Check_login.php');

session_start();

$login = new Check_login;

?>


Again, any help at all would be really awesome. Thanks!

Answer Source

I figured this out - I can't say that I understand WHY this is the case, but this is what fixed my problem. In my log in page, after verifying the login credentials I set the session variable 'login' to 1 and then explicitly redirected to another page. I realized after testing, that using a relative URL for my redirection fixed the problem.

My original post didn't even illustrate the URL because I didn't think it was necessary, but here's where the problem was -

<?php
// log in page
// if logged in successfully set the session variable

session_start();

if (// log in credentials good) {
    $_SESSION['login'] = '1';
    header('location:https://www.somedomain.com/inside_page.php'); // *** PROBLEM
}

?>

By setting the location relatively, my problem went away -

<?php
// log in page
// if logged in successfully set the session variable

session_start();

if (// log in credentials good) {
    $_SESSION['login'] = '1';
    header('location:inside_page.php'); // *** FIX
}

?>

I double-checked, and the secure connection definitely wasn't the problem, it was the explicit URL.

Using a relative location my session variable showed up in the next page in Internet Explorer, Safari, Chrome, Opera and Firefox. Using an explicit location it showed up in IE and Safari, BUT NOT in CHROME, OPERA and FIREFOX.

You can recreate this easily and try it for yourself -

<?php

// ------- page_one.php -------

session_start();

$_SESSION['val'] = '1';

header("location:http://www.somedomain.com/page_two.php") ;
// header("location:page_two.php") ;

?>

<?php

// ------- page_two.php -------

session_start();

if ($_SESSION['login'] != '1') {
    echo 'false' ;
} else {
    echo 'true' ;
}

?>

Hopefully this saves someone else some time (and headache).

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download