So, I created a login system using PHP and MySQL. It always works fine on my computer but a friend of mine has issues with it sometimes. He has a Mac, mine is Windows. Maybe that has something to do with it? Maybe something about the browser, though I'm pretty sure he uses Firefox, like me.

Any Ideas?

It's probably an html or javascript (client-side) rendering issue. Can you post a the code or sample code that you are using? That would be the best way to help you debug.

It most likely is client side. It could be server side if you are handing out weird headers. And if your buddy is on a mac, he might be using a different browser like Safari, because Firefox isn't the best on a mac.

I'm thinking it might be a cookie issue.

Could very well be a cookie issue. However, as much as Safari is better, FireFox is good on a Mac and I don't see why it would have cookie issues. If you can post the 'issues' your friend has, the code that's creating these 'issues' and then we'll have a better understanding.

Okay, so here is the code in the login function, after form validation and password checking. (This system generates a userid for each login so that we don't have to store their password in cookies.) This part works fine for him.

if ($rememberme) {
setcookie("email", $subemail, time()+60*60*24*100);
setcookie("userid", $newuserid, time()+60*60*24*100);
}
ini_set('session.cookie_lifetime', '0');
$_SESSION['email'] = $subemail;
$_SESSION['userid'] = $userid;
$_SESSION['loggedin'] = true;

This is the problem section. When he tries to access a page that checks the user's privileges he gets redirected to the login page.


session_start();
checkLogin();

if($_SESSION['loggedin'] == false || getUserPrivileges($_SESSION['email']) < 3) {
header('Location: http://pronunciebienelingles.com/ingrese');
}

function checkLogin() {
if(isset($_COOKIE['email']) && isset($_COOKIE['userid'])) {
$_SESSION['email'] = $_COOKIE['email'];
$_SESSION['userid'] = $_COOKIE['userid'];
}

if(isset($_SESSION['email']) && isset($_SESSION['userid'])){
if(confirmUserID($_SESSION['email'], $_SESSION['userid'])){
$_SESSION['loggedin'] = true;
} else {
unset($_SESSION['email']);
unset($_SESSION['userid']);
if($_SESSION['loggedin']) {
$_SESSION['loggedin'] = false;
}
}
}
}

Thanks

Ok, when the user has logged in, and they're redirected to another page, have you added the 'SID' constant in your links? Basically with sessions, if PHP notices that your viewer has cookies enabled, it uses them instead of a unique ID (or SID) in the URL (as a GET var). This can be overridden in the php.ini file BTW.

Have a read: http://uk2.php.net/manual/en/function.session-start.php

So, if I understand correctly, my friend probably does not have cookies enabled and thus I need to propagate the session ID using the URL in such cases? How do I check if they have cookies enabled? Or should I just add the SID to all links anyway?

-edit

Oh, here we go...

Alternatively, you can use the constant SID which is defined if the session started. If the client did not send an appropriate session cookie, it has the form session_name=session_id. Otherwise, it expands to an empty string. Thus, you can embed it unconditionally into URLs.

Aight I'll update and see how that works.

If you're going to use sessions, it's a good idea to add the SID in your links. The best way to test is get your friend to go to a page with the following: http://www.thedevweb.com/thedevweb-26-20050118PHPandCookiesaGoodMix.html

Is requiring the user to enable cookies too much to ask?

Not at all. A lot of the big sites (Amazon, Hotmail, eBay) require it.