Hi, I have a login page that creates a session and registers the variables in the member page. that works. but when I journey around the site and come back to the member page, it tells me the invalid user variable.
here is the code for the login


session_start( );
if (session_is_registered('username') && session_is_registered('pass'))
{
header ("Location: http://127.0.0.1/mysite/member.php");
Exit;

}else{

then have the login form...

that works if I don't have a session in the first place. but if a session exist it loads the members page and that is where I get the error statement of not being a valid user.

here is the members page.


session_start( );
if (!$SESSID)
{
print("<p><br><h2>$name_of_site</h2><p>");
start_tbl();
// If user is not found, display Not Authorized message
print("$la_not_authorized_member");
end_tbl();
exit; //end check for seesion ID
}else{

have the members page here.....


maybe I don't understand this session stuff, :)

so could you help me sort it out, please.

Off the top of my head... I'm wondering about that header() call. 127.0.0.1 is equivalent to localhost, so why don't you just rip that out and use '/mysite/member.php'? I'm thinking that the session domain may be set to your domain name, and the session is not transfering over when you start using the IP.

I'm actually quite curious how that redirect works with 127.0.0.1. I would have thought that would tell the client to connect to it's localhost. Are you accessing this from the server itself? Or from a remote computer?

I have apache and php and mysql installed on my computer. this is not on the net as of yet. so localhost is correct for me :D of course all that will change when it gets loaded on the net. but for now it works. it calls it just fine.

Ah ha! I called it! You are on the server. Muhahaha!

How are you tracking session vars?
If you are using cookies, make sure your browser is accepting them. And make sure that the domain and path arguements don't change.

yes max, I can see it save the session to my folder and it records the variables I need. I watch as I roam the pages and the session id never changes. it's just that when I load the login page again it sees the session but the member pages is what loses the session it seems. the session is still there with the variables and everything. and I can't get back to the login unless I delete the session and start from the beginning like I never been on the site.

I know the browser is accepting them because it loads the variable when I need. until i leave the members page. haven't tried to load the varialbes from any other page.

So you are using cookies?
Find the cookie, and open it in notepad... Do you see 127.0.0.1? If not, it may be setting the domain as something else, and so the script at the IP cannot read it.

Here is a snippet from a cookie on my machine:


bbuserid
189
www.vbulletin.org/
1024
3475446912
29524078
606855712
29450653

the first line is the $var name
the second is the value
the third is the domain that set the cookie, this is the only place you can read this cookie from

nope, nothing like that. I have to pull it from memory as I am not on my computer.

it is something like this

username|s:1"variable" pass|s:1"variable"

something like that or pretty close.

I have no idea what that is that you just posted.

session_start();
session_register('username, pass');

makes this

sess_5c1654446850e6a57a4f634db7f0ba78

and has this stored in it

username|s:6:"scoutt";pass|s:6:"pass";

I still don't get it.

I'm guessing that this is the session id:
sess_5c1654446850e6a57a4f634db7f0ba78

And this is the session data:
username|s:6:"scoutt";pass|s:6:"pass";

Is that what I'm looking at?

That still doesn't tell me where the session was created. Or it's scope.

yes that is the session ID. And that is the data.

I looked for cookies in my temp internet folder and found none. and I looked in the php.ini file and it is saving sessions in a folder under the php folder called tmp. that is where I got that information.

that is all I know.

"That still doesn't tell me where the session was created. Or it's scope"

not sure what you're talking about. the session was created in my login.php file. this (so I have read) is more secure than cookies. the SID is created on the server instead of on the client.

Sessions have a scope. Scope being where they can be access from. This is usually restricted to domains.

If you create a session on "localhost", and try to access it from "127.0.0.1", it may not work. They are different domains, even though they end up at the same box. That's what I'm getting at.

yes it will be on a domain. but for now it is on my computer and apache/php work well with teh sessions. I was just checking for teh wrong variable. I fixed it (for now) as to see if they have logged on or not.

instead of this


if (!$SESSID)
{
print("<p><br><h2>$name_of_site</h2><p>");
start_tbl();
// If user is not found, display Not Authorized message
print("$la_not_authorized_member");
end_tbl();

I needed to do this


if (!$username)
{
print("<p><br><h2>$name_of_site</h2><p>");
start_tbl();
// If user is not found, display Not Authorized message
print("$la_not_authorized_member");
end_tbl();