Dill
July 23rd, 2009, 10:54 PM
I'm having issues with browsers other than Firefox accepting the PHPSESSID cookie generated by a session in a PHP script.
At the start of every page, I include a script that starts the session; then, if the user is making a login attempt (in this case, the $_POST array should include information on login_username and login_password), then data is fetched from the DB and included as session variables:
session_start();
// To start, $user_id is empty
$user_id = '';
// Establish a connection to the DB by instantiating a mysqli object
$mysqli = new mysqli($config['mysql_host'], $config['mysql_user'], $config['mysql_passwd'], $config['mysql_db']);
/* Check to see if there were any errors in connecting; if so, print a message to users
and e-mail the TCDB admins, as well */
if (mysqli_connect_errno()) {
print "Sorry -- it looks like TCDB is having trouble connecting to the database. <br />
Please contact " . $config["tcdb_admin_email"] . " and let them know";
$to = $config["tcdb_admin_email"];
$subject = "TCDB connection error";
$message = "TCDB had an error in connecting to the DB: " . mysqli_connect_error();
mail($to, $subject, $message);
exit();
}
// If we have both a username and password, and if neither is empty, this is a login attempt
if ((isset($_POST['login_username']) && isset($_POST['login_password']))
&& $_POST['login_username'] != '' && $_POST['login_password'] != '') {
// Look up the user ID that corresponds to the username (and escape strings)
$query = sprintf("SELECT id, username, password
FROM users
WHERE username = '%s'
AND password = sha1('%s')",
mysqli_real_escape_string($mysqli, $_POST['login_username']),
mysqli_real_escape_string($mysqli, $_POST['login_password']));
$result = $mysqli->query($query, MYSQLI_STORE_RESULT);
list($user_id, $username, $user_password) = $result->fetch_row();
$result->free();
// Set session information; ensure that $user_id is set and is numeric
if (isset($user_id) && is_numeric($user_id)) {
$_SESSION['user_id'] = $user_id;
$_SESSION['username'] = $username;
$_SESSION['user_password'] = $user_password;
}
When I check to see if a user is logged on, I check if $_SESSION['user_id'] is set and go from there. From all of my testing in Firefox thus far, this has worked fine.
When using Safari, Chrome, Internet Explorer, etc., I've been having some issues. Specifically, it can't seem to retrieve session data (as I mentioned above, every login check I have is based off $_SESSION['user_id'] being set; once a user is logged on and DOES NOT POST login credentials, the session data seems to disappear).
Basically, browsers other than Firefox aren't storing the PHPSESSID cookie upon login, and I can't seem to figure out why. Each browser is set to accept all cookies, and none (except Firefox) retains the PHPSESSID cookie. As a result, the client can't retrieve its session data.
I've also played around with session lifetime settings in php.ini (setting the session lifetime to 0 so that the session dies only when the browser is closed), but I've had no luck -- Firefox still works fine, where other browsers fail to hold on to session data.
Perhaps I'm missing something big (or small) here, but if anyone has any advice, it'd be very much appreciated.
Also, all associated code can be found at http://code.google.com/p/gc-tcdb/source/browse/trunk , in case anyone would like to take a look.
Cheers,
Dill
At the start of every page, I include a script that starts the session; then, if the user is making a login attempt (in this case, the $_POST array should include information on login_username and login_password), then data is fetched from the DB and included as session variables:
session_start();
// To start, $user_id is empty
$user_id = '';
// Establish a connection to the DB by instantiating a mysqli object
$mysqli = new mysqli($config['mysql_host'], $config['mysql_user'], $config['mysql_passwd'], $config['mysql_db']);
/* Check to see if there were any errors in connecting; if so, print a message to users
and e-mail the TCDB admins, as well */
if (mysqli_connect_errno()) {
print "Sorry -- it looks like TCDB is having trouble connecting to the database. <br />
Please contact " . $config["tcdb_admin_email"] . " and let them know";
$to = $config["tcdb_admin_email"];
$subject = "TCDB connection error";
$message = "TCDB had an error in connecting to the DB: " . mysqli_connect_error();
mail($to, $subject, $message);
exit();
}
// If we have both a username and password, and if neither is empty, this is a login attempt
if ((isset($_POST['login_username']) && isset($_POST['login_password']))
&& $_POST['login_username'] != '' && $_POST['login_password'] != '') {
// Look up the user ID that corresponds to the username (and escape strings)
$query = sprintf("SELECT id, username, password
FROM users
WHERE username = '%s'
AND password = sha1('%s')",
mysqli_real_escape_string($mysqli, $_POST['login_username']),
mysqli_real_escape_string($mysqli, $_POST['login_password']));
$result = $mysqli->query($query, MYSQLI_STORE_RESULT);
list($user_id, $username, $user_password) = $result->fetch_row();
$result->free();
// Set session information; ensure that $user_id is set and is numeric
if (isset($user_id) && is_numeric($user_id)) {
$_SESSION['user_id'] = $user_id;
$_SESSION['username'] = $username;
$_SESSION['user_password'] = $user_password;
}
When I check to see if a user is logged on, I check if $_SESSION['user_id'] is set and go from there. From all of my testing in Firefox thus far, this has worked fine.
When using Safari, Chrome, Internet Explorer, etc., I've been having some issues. Specifically, it can't seem to retrieve session data (as I mentioned above, every login check I have is based off $_SESSION['user_id'] being set; once a user is logged on and DOES NOT POST login credentials, the session data seems to disappear).
Basically, browsers other than Firefox aren't storing the PHPSESSID cookie upon login, and I can't seem to figure out why. Each browser is set to accept all cookies, and none (except Firefox) retains the PHPSESSID cookie. As a result, the client can't retrieve its session data.
I've also played around with session lifetime settings in php.ini (setting the session lifetime to 0 so that the session dies only when the browser is closed), but I've had no luck -- Firefox still works fine, where other browsers fail to hold on to session data.
Perhaps I'm missing something big (or small) here, but if anyone has any advice, it'd be very much appreciated.
Also, all associated code can be found at http://code.google.com/p/gc-tcdb/source/browse/trunk , in case anyone would like to take a look.
Cheers,
Dill