Avatar of atsalis
atsalis
 asked on

PHP session variable changes value

Dear Experts,
 I have come into this problem. I am trying to build an administration system for some website and I am getting the following weird behaviour.
 What happens is first I have the login page. The user can login with username and password. I check the values against the database and I set two session variables. The username and the ID of that username. When I redirect the user to the first page of his administration system the two session variables are set and ready to go. When I go to a second page, for example the upload images page the Username session variable is set however the second session variable ID changes from eg 2 to 1.
 This happens on the server. On my localhost everything works great with no problem.
 Does anyone know what the problem could be or from where could I at least start looking? Is it the development server's problem?
I have a big portion of the website with this on my mind and it would be a great deal of work to do it again without this importand session ID variable
 Thanks In advance...
PHPWeb ServersProgramming Languages-Other

Avatar of undefined
Last Comment
Rurne

8/22/2022 - Mon
Rurne

Does the username in the session retain its set value?  What versions of PHP are you running on the development server vs. localhost?
atsalis

ASKER
Yes the username session variable retain its set value while I forgot to mention that on some pages the ID session variable retain its value as well...on others it is just set to some other value, as I said on the example from 2 to 1 or from 2 to 3.
 Both on my localhost as well on the development server the php version is 5.2.5...The only sure thing is that on my localhost I run Apache 2.2.6 and on the development server some other that i iwll find out what is it...I dont know yet.
I start to think that maybe there is some conflict with some variable maybe? I dont know...
Rurne

Yes, it sounds like you're getting some conflict here.  Can you provide any sample code for how you're obtaining the session variable?  Ideally, you should be accessing the session data through the $_SESSION superglobal:

<?php
session_start();

echo $_SESSION['id'];

?>

If you're relying on $id to be populated by the register_globals directive in php.ini, this is bad practice and will actually break when PHP 6 launches.  register_globals is considered deprecated in PHP 5, but is still kept for backwards compatibility with PHP 4 code.  However, a better look at some example code would help determine if this is the case.
Your help has saved me hundreds of hours of internet surfing.
fblack61
atsalis

ASKER
Ok here is a sample of how I do things on the page in question...
That is pretty much what happens there...All the variables on that page are those on the code snippet.
<?php
require_once('database connection file');
//other required files
?>
<?php
if (!isset($_SESSION)) {
  session_start();
}
 
//do the restrict page code that is required for the page
?>
<?php
$member_id = $_SESSION['Id'];
$Id=$_REQUEST['prof_Id'];
$screen_name=$_REQUEST['screen_name'];
$proff=$_REQUEST['proff'];
$registered=$_REQUEST['registered'];
$parent_id=$_REQUEST['parent_id'];
 
//on this part of the code I just make connections to different tables of the database I need based on the REQUEST variables I get back
 
?>

Open in new window

Rurne

If I'm reading this correctly, you've provided one page broken into  three <?php...?> blocks?

One recommendation I'd make would be to remove lines 6 and 8.  As of 4.3.3, any secondary call to session_start() will raise an E_NOTICE message and the second session will be ignored, so you're not going to klobber your original session.  I get the distinct feeling something is happening in the require statements in 2 & 3 we aren't seeing.

Alternatively, on the pages where you are experiencing the changed id, I would add the following lines to make sure the session isn't actually changing:
<?php
session_start();    // immediately start the session before _any_ logic starts
print_r($_SESSION); // dump out the session data immediately when the page starts; should not be different than the previous page
 
...
// process require_once statements here
print_r($_SESSION); // did the $_SESSION get klobbered in one of your require statements?
...
?>

Open in new window

atsalis

ASKER
Ok thanks,
  what I notice...on the page where the ID variable changes it takes the value of the REQUEST Id variable on line 14...that is if the $_REQUEST['prof_Id'] = 3 then the $_SESSION['Id'] =3....
 Second notice, if I remove the session_start() then I get an error not input file specified by the server...so you mean I should just remove the if statement there...
  Third notice, I dumped the $_SESSION twice right after I called the session_start and then at the end of the php code. The first time I call the print_r before or after the require statements and the value is correct. The second print_r changes the value of the ID session variable to the value of the  $Id variable on line 14. So I guess that would be the conflict there...let me just check this out...
Yep that is it.....found the mistake...
Replacing the name of the $Id variable to $prof_Id solves the problem....WHY?...? this is so strange aint it?
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
ASKER CERTIFIED SOLUTION
Rurne

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
atsalis

ASKER
Hi again and thanks for the responses...
 I can easily confirm that on the required files I dont have any session stuff going on there. Mostly these required files are functions that I use a lot or connections to the database. So I am 100% sure, no session stuff on the required files...
 Secondly, I also DO NOT use the session_register function as well. I knew that I dont have to use it from before that problem showed....
So I guess there is something else sinister going on there? ...?
 I can also tell you that whenever on any script I used a $Id variable the session variable ID changes to that value...by just altering the name of this $id variable then I get the desired behaviour....
 I am atrtaching you the full code of the previous script that wasnt working but now it works just in case you see something again.
 Thanks  a lot again...
<?php 
session_start();
print_r($_SESSION);
//this dump would work great on all cases
 
require_once('../Connections/jobs.php'); 
 require_once('lib/is_authorized.php');
 require_once('lib/prof_trans.php');
?>
<?php
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";
 
$MM_restrictGoTo = "reg_confirm.php?confirm=5";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
 
// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
  $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}
 
if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
  //to fully log out a visitor we need to clear the session varialbles
  $_SESSION['MM_Username'] = NULL;
  $_SESSION['MM_UserGroup'] = NULL;
  $_SESSION['PrevUrl'] = NULL;
  unset($_SESSION['MM_Username']);
  unset($_SESSION['MM_UserGroup']);
  unset($_SESSION['PrevUrl']);
  unset($_SESSION['Id']);
	
  $logoutGoTo = "home.php";
  if ($logoutGoTo) {
    header("Location: $logoutGoTo");
    exit;
  }
}
?>
<?php
$member_id = $_SESSION['Id'];
$prof_Id=$_REQUEST['prof_Id'];
//this was the variable that was causing the conlfict. 
//It used to be $Id=$_REQUEST['prof_Id']; and it was
//setting its value to the $_SESSION['Id'] variable.
//Changing the name fixed the problem.
 
$screen_name=$_REQUEST['screen_name'];
$proff=$_REQUEST['proff'];
$registered=$_REQUEST['registered'];
$parent_id=$_REQUEST['parent_id'];
//$profession = $_POST['profession'];
//$profile_Id = $_POST['profile_Id'];
 
 
mysql_select_db($database, $something);
//just calling some database connection with all the variables I posted or requested or have them as SESSION variables
 
print_r($_SESSION);
//before renaming the variable name to $prof_Id this dump would show
//me that the $_SESSION['Id'] has changed unwantedntly. Now it works //fine
?>

Open in new window

SOLUTION
Rurne

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.