Session variables are not persisting between page loads

Can someone tell me why the session vars are not passing between pages? They were working up to 2 days ago. Now its not? There is a third party system that logs users in based on the third party system. I direct users to the login page with the return url. The third party system logs a user in and passes their id and a token generated on their end and returns them to my site with the id and the token in the url.

If sessions are not set i try and grab the id and the token from the url and set the sessions. (working) I then generate my own token to validate against the token passed from the third party system (working) when i go to click to another page the sessions i set are not empty (????)

Here is my code:

    <?php
    session_start();

    // FUNCTION TO PASS THE URL THE USER IS ON SO THEY COME 
    // BACk TO THIS PAGE AFTER THE LOG IN. IF APPLICABLE
    function curPageURL() {
    $pageURL = 'http';
    if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
    $pageURL .= "://";
    if ($_SERVER["SERVER_PORT"] != "80") {
    $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
    } else {
    $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
    }
    return $pageURL;
    }

    // DESTROY SESSION INFO IF TIMED OUT
    if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800)) {
    session_destroy();   // destroy session data in storage
    session_unset();     // unset $_SESSION variable for the runtime
    }

    // SET THE SESSIONS WITH INFO PASSED FROM
    // LOGIN PAGE SENT AS A GET
    if(isset($_SESSION['ID']) && isset($_SESSION['token'])) {}else{
    $_SESSION['ID'] = $_GET['ID'];
    $_SESSION['token'] = $_GET['token'];
    }

    // GENERATE MY TOKEN TO MATCH THE LOGIN SYSTEM TOKEN
    $userIP = $_SERVER['REMOTE_ADDR'];
    $secretkey = 'A Unique Key For The Logged In User Matching the Login System Passed From mydomain.com/login.php';
    $algorithm = 'md5';
    $mm = date('m');
    $dd = date('d');
    $mmdd = $mm.$dd;
    $mytoken = strtoupper(hash($algorithm, $secretkey.$_SESSION['ID'].$userIP.$mmdd));


    $_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp
    // THIS IS WHERE THINGS ARE GOING WRONG
// SESSION token IS NO LONG SET AFTER I Go To another page
// and my token isnt the same any more either because session ID
// is no longer set???
    if($_SESSION['token']==$mytoken){}else{
    header("location: https://mydomain.com/login.php?returnURL=".curPageURL());
    }
    ?>

JavaScript
​x
 
    <?php    session_start();​    // FUNCTION TO PASS THE URL THE USER IS ON SO THEY COME     // BACk TO THIS PAGE AFTER THE LOG IN. IF APPLICABLE    function curPageURL() {    $pageURL = 'http';    if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}    $pageURL .= "://";    if ($_SERVER["SERVER_PORT"] != "80") {    $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];    } else {    $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];    }    return $pageURL;    }​    // DESTROY SESSION INFO IF TIMED OUT    if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800)) {    session_destroy();   // destroy session data in storage    session_unset();     // unset $_SESSION variable for the runtime    }​    // SET THE SESSIONS WITH INFO PASSED FROM    // LOGIN PAGE SENT AS A GET    if(isset($_SESSION['ID']) && isset($_SESSION['token'])) {}else{    $_SESSION['ID'] = $_GET['ID'];    $_SESSION['token'] = $_GET['token'];    }​    // GENERATE MY TOKEN TO MATCH THE LOGIN SYSTEM TOKEN    $userIP = $_SERVER['REMOTE_ADDR'];    $secretkey = 'A Unique Key For The Logged In User Matching the Login System Passed From mydomain.com/login.php';    $algorithm = 'md5';    $mm = date('m');    $dd = date('d');    $mmdd = $mm.$dd;    $mytoken = strtoupper(hash($algorithm, $secretkey.$_SESSION['ID'].$userIP.$mmdd));​​    $_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp    // THIS IS WHERE THINGS ARE GOING WRONG// SESSION token IS NO LONG SET AFTER I Go To another page// and my token isnt the same any more either because session ID// is no longer set???    if($_SESSION['token']==$mytoken){}else{    header("location: https://mydomain.com/login.php?returnURL=".curPageURL());    }    ?>​

ok this is messed up. It has to be a problem on the hosting providers PHP setup i think because i created two pages. one called info with this code:

<?
session_start();

$_SESSION['ID'] = "112233";
$_SESSION['token'] = "mytoken";

print $_SESSION['ID'];
print $_SESSION['token'];
?>
<a href="info2.php">info 2</a>

JavaScript
 
<?session_start();​$_SESSION['ID'] = "112233";$_SESSION['token'] = "mytoken";​print $_SESSION['ID'];print $_SESSION['token'];?><a href="info2.php">info 2</a>​

and one called info2 with this code:

<?
session_start();

print $_SESSION['ID'];
print $_SESSION['token'];
?>
<a href="info.php">info</a>

JavaScript
 
<?session_start();​print $_SESSION['ID'];print $_SESSION['token'];?><a href="info.php">info</a>​

info created and printed the session ok. when i click the link to go to info2 the sessions dont print. Is this a hosting config problem?

Answer

The answer to this is it was a hosting configuration error. Hosting company changed something and it has worked ever since.

Advertisement

Answer