Web Analytics Made Easy - StatCounter Weird Session problem: My session variable is getting overwritten! - CodingForum

Announcement

Collapse
No announcement yet.

Weird Session problem: My session variable is getting overwritten!

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Weird Session problem: My session variable is getting overwritten!

    Hello,

    I have a file called header.php, which I include at the beginning of every file:

    PHP Code:
    <?php
    session_start    ();
    ?>

    <html>
    <head>
    <title>Welcome</title>
    </head>
    <body>

    <?php

    if ($_SESSION['logged_in'] == 1) {
        echo     'Welcome <strong>'.$_SESSION['name'].' '.$_SESSION['surname'].'</strong>&nbsp;|&nbsp;';
        echo     '<a href="logout.php" onClick="return AskLogOut()">Logout</a>&nbsp;';
    } else {
        echo     '<a href="login.php">Login</a>&nbsp;';
    }
    ?>

    Rest of file...
    The variable $_SESSION['name'] is being set after a successful login via login.php:

    PHP Code:

    <?php

    $username     $_POST['username'];
    $password $_POST['password'];

    include (    "db.php");
    $sql mysql_query("SELECT * FROM members WHERE username='$username' AND password='$password'");
    $login_check mysql_num_rows($sql);

    if(    $login_check == 1) {
        while(    $row mysql_fetch_array($sql)) {
            foreach (    $row AS $key => $val) {
                $    $key stripslashes($val);
            }
        }

            // session baslat
            session_start();

            // session degiskenleri
            $_SESSION['logged_in'] = 1;
            $_SESSION['id'] = $ID;
            $_SESSION['username'] = $_POST['username'];
            $_SESSION['email'] = $email;
            $_SESSION['password'] = $_POST['password'];
            $_SESSION['name'] = $name;
            $_SESSION['surname'] = $surname;

    } else {

        echo     "Login not successful. Go back and try again";
    }

    ?>
    Everything runs fine so far. However, I have recently written a script which allows the admin to "edit" the data and utilize the name variable again.

    PHP Code:

    <?php

    // part of the script

    if($op == "edit") {
            $aid $_REQUEST['aid'];
        include (    "../db.php");
            $result mysql_query("SELECT name,date,lastupdate,active FROM agencies WHERE ID=$aid") or die(mysql_error());
            $row mysql_fetch_array($result);
            $name $row[name];
            $active $row[active];
            $date $row[date];
            $lastupdate $row[lastupdate];
        include(    "header.php");
            DisplayEditAgencyForm();
        include(    "footer.php");
        exit();
    }

    ?>
    Interestingly, when the admin clicks on a row (op=edit&aid=$aid), the name of the agency is being pulled from the db with $name = $row[name]; and the weird thing happens. Go back to header.php, where $_SESSION['name'] is displayed, instead of my $_SESSION['name'] variable, the $name = $row[name] is displayed! Ah, and the $_SESSION['surname'] is not displayed either. So, something resets or overrides these $_SESSION variables.

    Why could this happen? I thought session variables were immune to anything until I change them manually. Any ideas from the pros here?
    Tags: None
  • #2
    this is a known problem when using sessions with register_globals ON. do this simple test:
    PHP Code:
    <?php
    session_start    ();

    $_SESSION['var'] = 'aaa';
    $var 'bbb';
    echo     $_SESSION['var'];
    ?>
    with register_globals OFF you will see "aaa" (as expected). with register_globals ON you will see "bbb".

    Comment

    • #3
      The output is aaa. However my phpinfo() outputs register_globals is ON. I could easily solve this problem by changing $_SESSION['name'] to $_SESSION['firstname'] but there should be another workaround for this.

      Comment

      Previous template Next
      Working...
      X