Problems with PHP $_SESSION;

Question

I'm using SESSIONS to store data from a database when a user logs in. However, when I query a database on another page the SESSION variables change without me assigning new values to them.

Does anyone know what the problem could be?

The login page that saves the variables:

enter code here
    session_start();

    if($_POST['login_button']) {

    require_once('includes/config.inc.php');

    $username = $_POST['login_username'];
    $password = $_POST['login_password'];

    $hash_pwd = sha1($password);

    if(($username != NULL) && ($password != NULL)) {

    $conn = mysql_connect('localhost', 'admin', 'root') or die(mysql_error());
mysql_select_db('main') or die(mysql_error());

    $check_users =  "SELECT * ".
   "FROM users ".
   "WHERE email = '{$username}' AND password = '{$hash_pwd}'         ".
   "LIMIT 1";

    $result = mysql_query($check_users);
    $counted = mysql_num_rows($result);

    if($counted != 1) {

    header("location:login.php?fail");  } else {

    while ($row = mysql_fetch_array($result)) {

$useR_login_un = $row['name'];
$useR_login_user_id = $row['user_id'];
$useR_login_login_time = $row['login_times'];
$useR_login_user_email = $row['email'];
$useR_login_course = $row['course'];
$useR_login_campus = $row['campus'];

$useR_login_login_time = $useR_login_login_time + 1; 

$useR_login_datenow = date("Y-m-d") . " " . date("H:i:s");

$useR_login_sid = sha1($useR_login_user_id) . rand() . md5($pinch_o_salt);

$update_login_times =  "UPDATE users ".
      "SET login_times = '{$useR_login_login_time}', last_login = '{$useR_login_datenow}' ".
      "WHERE email = '{$useR_login_user_email}' AND user_id = '{$useR_login_user_id}'";

mysql_query($update_login_times);


mysql_close($conn);

$_SESSION['sid'] = sha1($useR_login_user_id) . $pinch_o_salt;
$_SESSION['user_id'] = $useR_login_user_id;
$_SESSION['username'] = $useR_login_user_email;
$_SESSION['name'] = $useR_login_un; 
$_SESSION['course'] = $useR_login_course;

if($useR_login_login_time == 0) {
session_write_close();
header("Location: first_run.php"); 
exit;
} 
else { 
session_write_close();
header("Location: home.php"); 
exit;
}
    }

    } 

    } else { header("Location: login.php?fail"); exit; } }

EDIT: It stores the variables and when i go to another page, the variables appear, but when i refresh, some of them are lost some of them stay the same, and some change to information from another user in the database.

EDIT2: I've realised that this only happens when I query the database again.

The thing that's causing problems is (ON home.php):

$conn = mysql_connect('localhost', 'ggordan_admin', 'valeg0r') or die(mysql_error());
mysql_select_db('ggordan_wmin') or die(mysql_error());

$query =  "SELECT * ".
   "FROM users ".
   "WHERE course = '".$_SESSION['course']."' ".
   "LIMIT 3";

$result = mysql_query($query);
$numrows = mysql_num_rows($result);

echo $numrows;

while ($my = mysql_fetch_array($result)) {

$id = $row['user_id'];
$name = $row['name'];

}

If I comment this out, it doesn't seem to happen.

EDIT : I've realised that it has something to do with variable clashes on another script. Should that be happening

$conn = mysql_connect('localhost', 'ggordan_admin', 'valeg0r') or die(mysql_error());
mysql_select_db('ggordan_wmin') or die(mysql_error());

$query =  "SELECT * ".
   "FROM users ".
   "WHERE course = '".$_SESSION['course']."' ".
   "LIMIT 3";

$result = mysql_query($query);
$numrows = mysql_num_rows($result);

echo $numrows;

while ($my = mysql_fetch_array($result)) {

    // if i change $id to $user_id it breaks the login script 
$id = $row['user_id'];
$name = $row['name'];

}

Answer 1

May be you'll find your answer in:

• http://stackoverflow.com/questions/1185448/php-session-data-not-being-stored

Answer 2

On reason could be if your pages are switching from http to https or different servers, this will cause a new session id to be created.

Answer 3

Your browser records the cookie for the session, and returns it for all calls to the same domain, from the same browser instance. (ie, if you have two different copies of IE or FireFox launched, they may have different sessions.

PHP does not perform any operations on sessions other than loading and storing. The only way for your session variables to change is if you change them yourself from your server pages. The other problem could be with serializing/deserializing the session when it is stored/retrieved. If you have complex classes, they might be confused in the translation.

Perhaps you could make a page to display the contents of your session variables, launch it in a new tab in your browser, and refresh it every time you perform a page update on the other tabs.

I suspect that it is a programmer error: Replace programmer and try again.

Answer 4

Try to remove the call to

session_write_close()

As I have heard this to cause some problems with sessions.

Answer 5

The first impression I got is that you are closing your session right after the client is validated, am I right?

// if user does not validate close session and take him back to login
if($useR_login_login_time == 0) {
    session_write_close();
    header("Location: first_run.php");      
    exit;
   }
// if user validates DO NO CLOSE SESSION and take him home
else { 
    //session_write_close();
    header("Location: home.php"); 
    exit;
}

Take a look into that logic part and let me know if it fixes your problem!

Hope it helps.

Answer 6

It seems that the problem was that register_globals was on.

Thanks to everyone who tried to answer my over-complex way of asking a simple question :)