Lately I've encountered problems using the admin area of my website. It seemed there were session problems. To see what's going on with $_SESSION
, I've created the following script:
<?
session_start();
mysql_connect("localhost", "USERNAME", "PASSWORD");
mysql_select_db("DATABASE_NAME");
if (isset($_SESSION)) {
echo '<pre>session var:<br/>';
var_dump($_SESSION);
$perm = mysql_fetch_assoc(mysql_query("SELECT * FROM `perm_groups` WHERE `id` = '".$_SESSION['perm']."'"));
echo '<br/><br/>permission var:<br/>';
var_dump($perm);
echo '</pre>';
} else {
echo 'no session set';
}
?>
$_SESSION['perm'] should contain a numeric string refering to the ID of the permission-group i have ("1" -> "admin") After login I call the script manually and get this result:
session var:
array(4) {
["user"]=>
&string(17) "sebastian.philipp"
["auth"]=>
&bool(true)
["perm"]=>
&string(1) "1"
["llog"]=>
&string(19) "2013-08-21 09:48:38"
}
permission var:
array(7) {
["id"]=>
string(1) "1"
["name"]=>
string(4) "admin"
["create_pages"]=>
string(1) "1"
["delete_pages"]=>
string(1) "1"
["edit_pages"]=>
string(1) "1"
["manage_users"]=>
string(1) "1"
["manage_img"]=>
string(1) "1"
}
When refreshing the page by pressing F5, it returns this result:
session var:
array(4) {
["user"]=>
&string(17) "sebastian.philipp"
["auth"]=>
&bool(true)
["perm"]=>
&array(7) {
["id"]=>
string(1) "1"
["name"]=>
string(4) "admin"
["create_pages"]=>
string(1) "1"
["delete_pages"]=>
string(1) "1"
["edit_pages"]=>
string(1) "1"
["manage_users"]=>
string(1) "1"
["manage_img"]=>
string(1) "1"
}
["llog"]=>
&string(19) "2013-08-21 09:48:38"
}
permission var:
bool(false)
And when refreshing again, it's like this:
session var:
array(4) {
["user"]=>
&string(17) "sebastian.philipp"
["auth"]=>
&bool(true)
["perm"]=>
&bool(false)
["llog"]=>
&string(19) "2013-08-21 09:48:38"
}
permission var:
bool(false)
So it semms like $perm
gets written to $_SESSION['perm']
, which shouldn't happen.
What am I doing wrong?