Web Analytics Made Easy -
StatCounter Weird Session problem: My session variable is getting overwritten! - CodingForum

Announcement

Collapse
No announcement yet.

Weird Session problem: My session variable is getting overwritten!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Weird Session problem: My session variable is getting overwritten!

    Hello,

    I have a file called header.php, which I include at the beginning of every file:

    PHP Code:
    <?php
    session_start
    ();
    ?>

    <html>
    <head>
    <title>Welcome</title>
    </head>
    <body>

    <?php

    if ($_SESSION['logged_in'] == 1) {
        echo 
    'Welcome <strong>'.$_SESSION['name'].' '.$_SESSION['surname'].'</strong>&nbsp;|&nbsp;';
        echo 
    '<a href="logout.php" onClick="return AskLogOut()">Logout</a>&nbsp;';
    } else {
        echo 
    '<a href="login.php">Login</a>&nbsp;';
    }
    ?>

    Rest of file...
    The variable $_SESSION['name'] is being set after a successful login via login.php:

    PHP Code:

    <?php

    $username 
    $_POST['username'];
    $password $_POST['password'];

    include (
    "db.php");
    $sql mysql_query("SELECT * FROM members WHERE username='$username' AND password='$password'");
    $login_check mysql_num_rows($sql);

    if(
    $login_check == 1) {
        while(
    $row mysql_fetch_array($sql)) {
            foreach (
    $row AS $key => $val) {
                $
    $key stripslashes($val);
            }
        }

        
    // session baslat
        
    session_start();

        
    // session degiskenleri
        
    $_SESSION['logged_in'] = 1;
        
    $_SESSION['id'] = $ID;
        
    $_SESSION['username'] = $_POST['username'];
        
    $_SESSION['email'] = $email;
        
    $_SESSION['password'] = $_POST['password'];
        
    $_SESSION['name'] = $name;
        
    $_SESSION['surname'] = $surname;

    } else {

        echo 
    "Login not successful. Go back and try again";
    }

    ?>
    Everything runs fine so far. However, I have recently written a script which allows the admin to "edit" the data and utilize the name variable again.

    PHP Code:

    <?php

    // part of the script

    if($op == "edit") {
        
    $aid $_REQUEST['aid'];
        include (
    "../db.php");
        
    $result mysql_query("SELECT name,date,lastupdate,active FROM agencies WHERE ID=$aid") or die(mysql_error());
        
    $row mysql_fetch_array($result);
        
    $name $row[name];
        
    $active $row[active];
        
    $date $row[date];
        
    $lastupdate $row[lastupdate];
        include(
    "header.php");
        
    DisplayEditAgencyForm();
        include(
    "footer.php");
        exit();
    }

    ?>
    Interestingly, when the admin clicks on a row (op=edit&aid=$aid), the name of the agency is being pulled from the db with $name = $row[name]; and the weird thing happens. Go back to header.php, where $_SESSION['name'] is displayed, instead of my $_SESSION['name'] variable, the $name = $row[name] is displayed! Ah, and the $_SESSION['surname'] is not displayed either. So, something resets or overrides these $_SESSION variables.

    Why could this happen? I thought session variables were immune to anything until I change them manually. Any ideas from the pros here?

  • #2
    this is a known problem when using sessions with register_globals ON. do this simple test:
    PHP Code:
    <?php
    session_start
    ();

    $_SESSION['var'] = 'aaa';
    $var 'bbb';
    echo 
    $_SESSION['var'];
    ?>
    with register_globals OFF you will see "aaa" (as expected). with register_globals ON you will see "bbb".

    Comment


    • #3
      The output is aaa. However my phpinfo() outputs register_globals is ON. I could easily solve this problem by changing $_SESSION['name'] to $_SESSION['firstname'] but there should be another workaround for this.

      Comment

      Working...
      X