VCL corrupts session? - Delphi-PHP Forums

Holgerwa · #1 (**permalink**) 27th June 2009, 16:20

I do something like this directly at the top of a page that requires to be logged in:

PHP Code:


			
<?php

  session_start();

  if ($_SESSION ['LOGGEDIN'] != true)

  {

    header ("Location: login.php");

    exit;

  }

This happens before all the VCL-includes. There are also other $_SESSION variables I set when the user logs in.
When this page is loaded, the VCL adds a whole bunch of additional values to the $_SESSION array.

Now I am logged in and the page is shown as should be.
If I load the page again in another browser tab, the above code still "sees" LOGGEDIN as true and doesn't redirect to login.php.
But when the VCL include:

PHP Code:


			
use_unit("forms.inc.php");

happens, the contents of all my $_SESSION variables is deleted. They are still "isset" but have no contents anymore.

That results in the page being shown but with no meaningful contents because the $_SESSION values are not there anymore.

Now I am not sure if opening the logged in page again in another browser tab is considered to be a new session or not.

But if it should be a new session, why are the $_SESSION variables still valid at the beginning of the php script?

If it should not be a new session and the user should be logged in at the new tab, too, why does the VCL delete my $_SESSION variables?

Thanks for any insight!

405hp · #2 (**permalink**) 28th June 2009, 03:58

It may be:
if you are running it out of the IDE it auto appends restore_session=1 to it and that clears session.

Holgerwa · #3 (**permalink**) 28th June 2009, 17:12

Yes, I am running it out of the IDE, so that might cause the problem.

How would I run it without the IDE, but locally on my machine (Windows XP PC)?
The IDE creates some URLs that seem to call PHP to run the scripts. Is there an easy way to do this manually?

405hp · #4 (**permalink**) 29th June 2009, 04:25

apache friends - very easy apache, mysql, php and perl installation without hassles

But you can also run them after deleting the restore_session from the url.

Holgerwa · #5 (**permalink**) 29th June 2009, 09:39

Great, thanks, I'll try this.

Holgerwa · #6 (**permalink**) 30th June 2009, 10:07

Yes, that was the problem, it all works without restore_session from the IDE :-)
Thanks a lot!

Holgerwa · #7 (**permalink**) 30th June 2009, 15:05

I found this post about restore_session, which seems to solve the problem:
VCL for PHP :: View topic - Avoid "?restore_session=1" and keep session data

Question: Wouldn't it be easier to just get rid of the GET-variable "restore_session" if it exists?
Something like

PHP Code:


			
if (isset($_GET['restore_session']))
  unset($_GET['restore_session'])

If this is done right at the top of the PHP file, it cannot do any harm and it's only one line to add instead of the solution in that post.

It seems to work fine, or do I miss anything?

405hp · #8 (**permalink**) 30th June 2009, 17:52

The ide is the only thing that automatic appends restore_session so normally it isn't a problem.

The reason you must be able to use it is when you make program changes things just don't change because of persistence. If you always wipe it out then you will have to close and reopen all instances of your browser to reset the cookie.

Holgerwa · #9 (**permalink**) 4th July 2009, 16:12

Thanks for the explanation, that makes sense :-)

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)