session variable not working and register_globals question

[ricmetal]

hi guys.

i am trying to set a variable to the session global variable. I've initialized the session with session_start();  at the very beginning of my website, and then i try finding if a session variable has been set like so

if(isset($_SESSION['user'])) { print 'user is logged in'; }

but this works in reverse.  i have not set any session variables, but asking if it is set, results in an affirmative answer.

 

so i am thinking this is because of register_globals. because i went to read about register_globals, and it says that if register_globals is turned off, i cannot use any other varibale except members of the session array. i dont know what that is yet, but a question before: in the php manual it says register_globals is deprecated, and it appears i need to enable it to set other variables as session variables besides it's associative array. if this is true, how to enable register_globals and allow other variables to be used as session variables?

[PFMaBiSmAd]

Do you have php's error_reporting set to E_ALL and display_errors set to ON so that php would report and display all the errors it detects, such as a problem with the session_start?

[AyKay47]

since you are using $_SESSION['user'] and not $user to call the session value, register_globals plays no part here, unless $_SESSION['user'] has already been set and you are manipulating $user, that's a problem. check the session values that are set:

 

if(isset($_SESSION['user']))
    print_r($_SESSION);
else
    echo "session not set";

 

don't enable register_globals

[ricmetal]

okay, i think i found the problem :/

i am working on a website on the same domain where i have another website. and that other website is using and setting variables to the session global variables. and also i am using the same 'user' session variable name in both websites. dang, i did not know about this.

 

regarding the error reporting, i have set both directives to display the errors. they have not yielded errors, and maybe they should'nt, but where would i see these errors being displayed? on the website or are they logged on the server somewhere?

 

and finally, in the end what are the global associative array members the manual talks about?

 

 

 

 

[scootstah]

Where the errors display depends on how they are handled. They might be set to display on the page or just silently log them in the background.

[PFMaBiSmAd]

If register_globals are not on, they are not causing the problem and you can forget about everything you have heard about them because they are finally being removed in php5.4 (soon to be released.)

 

How exactly are you distinguishing these 'different' web sites? Sub-domains? Different domain names mapped to different folders? Different scripts that are just in different paths under one domain name?

 

If the session name and session id cookie value match for all the scripts running under one domain name, you will have ONE common session. If you are using sub-domains, you can set the session cookie domain setting so that the session id cookie will only match the sub-domain where it was created. For different domains, you should not have any problem as (all) cookies are domain specific. If you have different scripts under one domain that both use session variables but should not share the same session, using different session names (the default name for one of them and a specific different name for the other) for each script would be the simplest solution.

[ricmetal]

i have both websites under the same domain, without division regarding sub-domain; they are just in different folders (in the future one of the websites will be mapped to a different domain name). i don't see the manual session page saying anything regarding the session being domain specific, so thanks for that.

 

thanks for the help y'all.

 

cheers