PHP - Sessions Not Registering - Internet Explorer

[masterjake]

I continue to have this problem. So far I've posted this problem two or three times in the past but no one has ever been able to successfully solve my problem. I think it was because I was not specific enough. So basically here's my problem, it's a rare one.

PROBLEM ONLY OCCURS ON INTERNET EXPLORER:
So on Internet Explorer, when people try to login to my site, it will log them in and give a success message but when they change pages they are logged out again. I think this has something to do with the sessions not registering or not staying registered in IE. I also cannot use cookies on my site cause they also won't set in IE. Can someone tell me what my problem is? My site is http://masterjake.co.nr/

Also: my code basically checks the database for the user and pass, and if it is a success then it does this

$_SESSION['username'] = $username;

the $username variable is previously set when it checks the database and seems to work propperly. At the begging of every page my first line of code is

<?php session_start(); ?>

Can someone please tell me why this is happening. I think I'm the only one with this problem. Is it Internet Explorer? If so how do I fix the site to work with IE as well. Or, is it my code? Am I not doing something right? Please help!! =]

[xPlozion]

I don't think it's Internet Explorer, since $_SESSION is completely server based, where cookies are client based. Can we see some more code, cause there could be an underlying problem in your script causing this to happen...

-xP

[marshian]

I'm quite sure Internet Explorer is not accepting cookies... As this is what you already mentioned.
Sessions are not only server-based, setting a session has to happen before any output since it sends a header, more specificly a cookie... Session-data is stored server-side, but the server has to know what session belongs to which user. When a session is created, it is stored under a session-key and this key is also send to the user as a cookie. The user sends this cookie then with the request for any further page on that domain. This allows the server to know what session data he has to use.
If the client doesn't accept cookies, the server will still store the data, but it cannot be used any more, as the client didn't remember his session key.

In short: sessions require cookies to work.

- Marshian

[freecrm]

Marshian is absolutely correct above but this doesn't mean that the user should be logged out an page change.

Looking at your code, you have

$_SESSION['username'] = $username;

Where does the $username variable come from? Normally, this comes from a login form (with password) and should be

$_SESSION['username'] = $_POST['usernamefield'];

A good login script is that used by dreamweaver by default:

Login:

<?php require_once('../Connections/databaseconnectionfile.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "loginsuccess.php";
$MM_redirectLoginFailed = "loginfail.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_name, $databasename);

$LoginRS__query=sprintf("SELECT USERNAME, PASSWORD FROM USERS WHERE USERNAME=%s AND PASSWORD=%s",
GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));

$LoginRS = mysql_query($LoginRS__query, $databasename) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";

//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;

if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>

The subsequent page checks would be:

<?php
if (!isset($_SESSION)) {
session_start();
}
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;

// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
// Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
// Parse the strings into arrays.
$arrUsers = Explode(",", $strUsers);
$arrGroups = Explode(",", $strGroups);
if (in_array($UserName, $arrUsers)) {
$isValid = true;
}
// Or, you may restrict access to only certain users based on their username.
if (in_array($UserGroup, $arrGroups)) {
$isValid = true;
}
if (($strUsers == "") && true) {
$isValid = true;
}
}
return $isValid;
}

$MM_restrictGoTo = "accessdenied.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
$MM_referrer .= "?" . $QUERY_STRING;
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
}
?>

Hope this helps...

[masterjake]

Thanks a lot guys!