Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New to the CF scene
    Join Date
    Mar 2015
    Posts
    6
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Log In Session Issue

    I created an online ordering webapp in HTML/PHP/JS but it suffers from a user not logged in issue that I cannot seem to figure out.

    User logs in and user id stored in php session variable user_id.
    User modified the cart (add/delete). Here is where things get weird

    The webapp will process the request. I check to see if the session variable exists and is not empty. That passes. The db is modified. Then when I do a header location redirect poof the user is no longer logged in.

    Here are snippets of code:

    check session code

    /* Session Check */
    public function session_check() {
    if(isset($_SESSION['user_id']) && !empty($_SESSION['user_id'])) {
    if($_SESSION['expiration_time'] < $_SERVER['REQUEST_TIME']) {
    return "Expired";
    }
    else {
    return "User";
    }
    }
    else {
    return "Guest";
    }
    }

    cart code

    if($check_session == "User") {
    }

    I use this regularly. So clearly the program sees a logged in user. Also there are times I log the transaction to the db and it successful writes the user_id to the table. In other words I do not think this is where the program goes wrong. The simple case is user removes something from the cart:

    case "deduct":
    if (isset($_GET["cart_id"]) && (is_numeric($_GET["cart_id"]))) {
    $cart_id = $_GET["cart_id"];
    $user_id = $_SESSION['user_id'];
    $cart_deduct = $cart -> deduct_cart($cart_id,$user_id);
    }
    else {
    }
    // Redirect Browser
    header("Location: http://www.website.com/cart.html");
    exit();
    break;

    The webapp then goes to cart.html, the user is no longer logged in (I check to see if the user is logged in on every page that requires a user logged in) and it redirects user to sign in page. The really odd part is if you log back in the transaction was processed (item was removed from cart) and it allows you to modify the cart without this bug occurring again. This bug happens only when a user logs in for the very first time.
    Last edited by nicksti; Aug 10th, 2018 at 03:41 PM.

  2. #2
    New to the CF scene
    Join Date
    Mar 2015
    Posts
    6
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Okay I found out the issue.

    header("Location: http://www.website.com/cart.html");

    Why does this delete the session variables? And how do I fix it?

    Edit: Seems I am still having the same issue even if I use a javascript redirect
    Last edited by nicksti; Aug 10th, 2018 at 03:49 PM.

  3. #3
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    4,236
    Thanks
    3
    Thanked 550 Times in 535 Posts
    This is a common symptom when the redirect changes the host-name/sub-domain in the url (the www. vs no www.), and the session cookie 'domain' settings isn't set up to match all variations of the host-name/sub-domain.

    If you are using a link/short-cut/book-mark to initially visit the web page and it doesn't have the www. on the url, the header() redirect is then going to the url with the www., and unless the session cookie domain setting is set to match all variations of the domain name, the session cookie won't be sent from the browser to the server since it only matches the variation of the url where it was set at.

    You need to set the session cookie domain setting to be your domain, with a leading dot, to match all variations of the domain name. If you consult the php.net documentation for this setting, it will show you an example.
    Finding out HOW to do something is called research, i.e. keep searching until you find the answer. After you attempt to do something and cannot solve a problem with it yourself, would be when you ask others for help.

  4. Users who have thanked CFMaBiSmAd for this post:

    nicksti (Aug 10th, 2018)

  5. #4
    Master Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    5,290
    Thanks
    121
    Thanked 623 Times in 609 Posts
    Echo the $_SERVER[`HTTP_HOST`] variable into that redirect instead of hard coding it.


 

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •