PHP Session broken after server (Linux Redhat) move

Posted on 2010-09-24
Medium Priority
Last Modified: 2013-12-12
I have a login section of my website that features a sessionvalidate.php script that is included on each page to make sure that a person is authorized to view the web page.  The server move was a lateral move with PHP 5 and MySQL 5 and Apache on both machines.  Obviously there is some PHP variable not turned on possibly?

Here is the code for the validate page that works on the original server and not on the new server.

	include "../scripts/dbconnection.php";
	$myConn		= dbConnect();
	if(myConn==false)	header("Location: index.php?errCode=-3");
		$adminid	= $session_array['adminid'];
		$adminuser	= $session_array['adminuser'];
		$sql 		= "";
		$sql 		= "SELECT * FROM tbl_admin 
						WHERE user_uid='$adminid' AND
			header("Location: index.php?errCode=-4");
		header("Location: index.php");

Open in new window

Question by:pda4me
  • 3
  • 2

Expert Comment

ID: 33752425
You did not tell us what the actual error is ...
This is the script, but when you run it, where does it take you? index.php, index.php?errCode=-3 or index.php?errCode=-4?

Also, I would suggest using $_SESSION instead of $HTTP_SESSION_VARS ....

Author Comment

ID: 33752466
ziceva, that worked!  I changed it to $_SESSION and its working fine?  Why is that, what is the difference?

Expert Comment

ID: 33752587
$HTTP_SESSION_VARS is the deprecated version of $_SESSION (php4 or so)

Accepted Solution

ziceva earned 2000 total points
ID: 33752610
And a more complete answer


$_SESSION variable is an associative array hold session variable available to the current script. This is automatic global variable also called super global variable. By default, this variable is available in all scopes throughout the script.


Despite of $_SESSION variable, $HTTP_SESSION_VARS variable is not by default auto global but hold same information as $_SESSION variable. register_globals directive is required to set in php.ini file to make this variable available throughout the script.

So the register_globals was the culprit ... anyway, it is good practice to use $_SESSION instead of $HTTP_SESSION_VARS


Author Closing Comment

ID: 33752645
Awesome help and one of the most complete answers I have ever had from an Expert.  Thanks for the help!

Featured Post

Train for your Pen Testing Engineer Certification

Enroll today in this bundle of courses to gain experience in the logistics of pen testing, Linux fundamentals, vulnerability assessments, detecting live systems, and more! This series, valued at $3,000, is free for Premium members, Team Accounts, and Qualified Experts.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This post contains step-by-step instructions for setting up alerting in Percona Monitoring and Management (PMM) using Grafana.
The title says it all. Writing any type of PHP Application or API code that provides high throughput, while under a heavy load, seems to be an arcane art form (Black Magic). This article aims to provide some general guidelines for producing this typ…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…

587 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question