ID: 20776 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Open +Status: Feedback -Bug Type: Unknown/Other Function +Bug Type: Session related Operating System: Win2K Server PHP Version: 4.2.3 New Comment:
Please provide a short but complete example script which can be used to reproduce this. Also note that PHP 4.3.0-dev (the latest stable CVS snapshot) has some fixes regarding session issues so you should try it out too, from: http://snaps.php.net/ Previous Comments: ------------------------------------------------------------------------ [2002-12-02 21:17:17] [EMAIL PROTECTED] At top of login page: session_start(); session_register("SESSION"); if (! isset($SESSION)) { echo("Dead session!!<br>"); } >From a direct <a href> style link I get "Dead session!!" at the top of the page. From a redirect via require_login() (see below) it works. Sure looks like a bug to me. ------------------------------------------------------------------------ [2002-12-02 19:23:14] [EMAIL PROTECTED] I would have thought that code with two results depending on the how the return path is acquired would definitely imply a bug, or am I missing something obvious here? I have a ton of programming experience (including proprietary systems similar to but more complex than PHP) but I'm very new at PHP itself so you may be right. ------------------------------------------------------------------------ [2002-12-02 18:44:38] [EMAIL PROTECTED] Sorry, but your problem does not imply a bug in PHP itself. For a list of more appropriate places to ask for help using PHP, please visit http://www.php.net/support.php as this bug system is not the appropriate forum for asking support questions. Thank you for your interest in PHP. ------------------------------------------------------------------------ [2002-12-02 18:38:24] [EMAIL PROTECTED] The login script I am using ( part of a tutorial by Ying Zhang, see http://zope1.devshed.com/zope.devshed.com/Server_Side/PHP/Commerce ) is only working when entered from a page requiring login. If login is voluntary by clicking on a "login" link, then login does not occur. The only difference is the execution of the following code from the MyMarket.php library: function is_logged_in() { /* this function will return true if the user has logged in. a user is logged * in if the $SESSION["user"] is set (by the login.php page) and also if the * remote IP address matches what we saved in the session ($SESSION["ip"]) * from login.php -- this is not a robust or secure check by any means, but it * will do for now */ global $SESSION, $REMOTE_ADDR; return isset($SESSION) && isset($SESSION["user"]) && isset($SESSION["ip"]) && $SESSION["ip"] == $REMOTE_ADDR; } function require_login() { /* this function checks to see if the user is logged in. if not, it will show * the login screen before allowing the user to continue */ global $CFG, $SESSION; if (! is_logged_in()) { $SESSION["wantsurl"] = qualified_me(); redirect("$CFG->wwwroot/login.php"); } } This code was developed in and is known to have worked in PHP4 beta. Note that the tutorial requires register_globals=On also, in case you decide to test it. qualified_me() returns the name of the current script without the querystring portion. As delivered it didn't work, I'm using a stripped $_SERVER['SCRIPT_NAME']. wantsurl is used later by the following code: /* if wantsurl is set, that means we came from a page that required * log in, so let's go back there. otherwise go back to the main page */ $goto = empty($SESSION["wantsurl"]) ? $CFG->wwwroot . "/index.php" : $SESSION["wantsurl"]; header("Location: $goto"); die; The error only occurs if $CFG->wwwroot/index.php is called. Hope this is enough information to nail the sucker. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=20776&edit=1
