Viewed   485 times

I have this written at the very first line on every page of my website.


and restd.php contains the following lines :


The problem i'm facing is that when ever i click or do something on my website. it logs me out and takes me to index.php.

im sure its something to do with the session. ive tried every single thing to avoid this problem but i ahve used restd.php because i dont want anyone to copy the url of someone and paste and get into the website.

anyone who is logged in only can view other's pages. if they arent logged in then they'll be redirected to index.php

EDIT : and guys a confusing thing is that all this is working fine on my testing server which is easyPHP- but this problem is coming up when i upload all the files to my server.



Your session directory (probably /tmp/) is not writable.

Check with session_save_path() if it is writable.

if (!is_writable(session_save_path())) {
    echo 'Session path "'.session_save_path().'" is not writable for PHP!'; 
Friday, August 5, 2022

The problem is that the client is not remembering/transmitting the PHP session id.

When an HTTP client makes a request to a php script (via an HTTP server), it must include the session id in the request if it wishes to continue a previously started session. This can be done either in the HTTP headers as a cookie or as a URL parameter (named PHPSESSID by default). If you do not want to use PHP's default session variable name, or if you want to use a POST variable instead of a URL parameter, then you can use any request variable or URL parameter you wish (whether it be GET, POST, or COOKIE), but then you will need to manually interpret this variable on the server-side.

Here are three solutions, in order of most recommended to least recommended.

  1. Turn on cookie support in cUrl or
  2. Pass the session id as a URL parameter or
  3. Pass the session id as a request variable (post/cookie) or a URL parameter that does not use the name expected by PHP, and then manually start the session on the server-side using that session id.

Solution #1: Turn on cookie support in cUrl

PHP uses the session id in the cookie to reload your session data each time you make a request from that client.

In this case, the client is cUrl. You need to setup your cUrl request to allow/use cookies. This is done by setting the CURLOPT_COOKIEJAR and CURLOPT_COOKIEFILE options.

$_POST["username"]= "user";
$_POST["password"]= "password";

$ch = curl_init();

$url = 'signin.php';

//Name of a file to store cookie data in.
//If the file does not exist, it will be created.  
//cUrl (or your web server) needs to have write permissions to the folder.
$cookieFile = "/some/writable/folder/filename";

curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch,CURLOPT_POST, count($_POST));
curl_setopt($ch,CURLOPT_POSTFIELDS, $_POST);

//Tell cUrl about the cookie file
curl_setopt($ch,CURLOPT_COOKIEJAR, $cookieFile);  //tell cUrl where to write cookie data
curl_setopt($ch,CURLOPT_COOKIEFILE, $cookieFile); //tell cUrl where to read cookie data from

$result = json_decode(curl_exec($ch),true);

Any subsequent cUrl calls that use $cookieFile for CURLOPT_COOKIEJAR and CURLOPT_COOKIEFILE will have the same session data as prior calls.

Solution #2: Pass the session id in the URL query string using the expected parameter name (PHPSESSID by default, but this can be changed)

You can append the session id to all urls like this: somepage.php?PHPSESSID=sessionidgoeshere

"PHPSESSID" is the variable name that is used by default in PHP. If the server is setup to use a non-default name, then you would need to use that variable name instead.

With solution #2, you will still need to store the session id on the client-side somehow.

Solution #3: Pass the session id as a request variable or a URL parameter and then manually start the session on the server-side using that session id.

This solution is not recommended for normal situations. Unlike the previous solutions, this one requires changes to the server-side script as well as the client-side (cUrl). This solution is only useful if you specifically want to send the session id as something other than a URL parameter or cookie, or if you want to use a variable name other than the name that the server is expecting. Place the following code in your server-side PHP that is handling the request, prior to starting the session: session_id($_POST[<param_name>]); or session_id($_GET[<param_name>]); or session_id($_COOKIE[<param_name>]);

I suggest using Solution #1 unless you have a compelling reason not to.

Also, PHP doesn't care whether the request is a GET or a POST or any other HTTP request method. Regardless of the HTTP request method, if the session id is passed as a URL parameter or in a cookie, then the related session will persist on the server-side.

Monday, September 12, 2022

Read This Answers of this question on
why session destroy not working
put this code in first and End of Your php File

Your Code Here...

Your calling session_destroy() twice.
Or Removed All Sessions on server...

Tuesday, October 4, 2022

You're getting sessions and cookies mixed up. You don't need to put things into the $_COOKIE array. Just use session_start() and then put things into $_SESSION. PHP will automatically then manage the session/cookie for you.

$_COOKIE variables are stored on the users browser, so they aren't secure and can be manipulated by the user => security risk.

$_SESSION variables are stored only on the server. The only thing stored in the cookie is a session_id, so $_SESSION variable can't be manipulated.

Does that make sense?

Saturday, December 3, 2022

Instead of setting the time in ini to a fixed length, remind that session timeout is reset on reload. So create some ajax code that does a request every 5 minutes or so to a file (image or smth). This way the timer is reset every 5 minutes and users can spend a day filling out your forms.

Saturday, November 5, 2022
Only authorized users can answer the search term. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :