Situation:
I have a simple login script that gathers a username/password, verfies it in a database, and if its valid, directs the browser to a script that sets session variables from user information in the database. It also adds a ‘key’ variable that triggers other pages to display their content rather than a login prompt (i.e. every page behind the login barrier essentially works like below:
session_start();
if ($_SESSION[key] != *key value*) {
include 'ap_login.php';
exit();
}
). After the session variables are set, the script redirects to the main page.
Problem:
The pages that check for the existance of $_SESSION[key] cannot find it unless the page is refreshed. So if I log in and visit ‘aPanel.php?view=editGallery’, the above script checks for the ‘key’ variable, doesnt find it, and displays the login prompt. If I then refresh the page, only then does it realize the variable exists and displays the content.
More verbose information:
The page is a wrapper that pulls in pages via a GET cue. So the primary page (aPanel.php) contains login verfication, builds a container table, and then fills it with content based upon what the GET cue asks for:
session_start();
(doctype, html, head, and body tags)
(echo table and formatting HTML/CSS)
if (isset($_GET[view]) && $_SESSION[key] == *key value*) {
if($_GET[view] == 'main') {
include 'ap_main.php';
} else if etc etc etc.
} else {
include 'ap_login.php';
}
(echo closing table and formatting HTML/CSS)
So if theres no session key, a login prompt appears that, upon validation sets it. I’ve verified that the session variables are getting set in the script, but they only sometimes appear on the other pages (only after a page refresh). I’ve implemented this system on other sites I’ve worked on with no problem, some deviance in server configuration seems to be causing the script to break on this machine.
Any thoughts?
