Session variable issue

I didn't read all of the code, but I think you need a session_destroy() somewhere - on a logoff page, or before the header (removeHoldsRequests.php line 10).

I don't want to destroy the entire session as my log in information is also stored and that would erase that as well, yeah?

You've got session_start() at the top of EVERY page before any whitespace or html output?

not before the hmtl, I have it in the included menu.php actually could that be causing the problem? I think the only thing being outputted before the menu is the logo image.

session_start() cannot appear after any output in the page, that includes in an include file that appears after any output. So, that's *probably* your problem. When I say html output, I include the Doctype Declaration.

ah well in that case I'll make the edits to my files and let you know if that worked

okay having edited everything so that the session_start() comes before everything else I'm still getting the same problem. For example: I have a default users account so that when you access the main page you can search the database without having the login. If I click on the request button when not logged in it should display "You must log in" however; if I have just logged out of a user account and try to request the same book in the default account it still has the cardNumber variable set, which at this point it shouldn't because everything should be destroyed upon logout.

I don't know if its a Chrome problem (though I seem to have the same trouble in firefox) or a WAMP problem or just my own incompetence :P (or some combination thereof)

I was wondering if perhaps anyone knew of a debug program that's free for php? Someway I can step through the code and see what its doing without sticking print statements everywhere?

I don't really follow you, but you don't want to use session_destroy()?

You can unset specific variables maybe:

unset($_SESSION['whichever']);

Also have a look here - perhaps at the first example: http://php.net/manual/en/function.session-destroy.php

lemme see if I can't explain better..

if I don't log in when I click request it should as me to log in. So I do that and hit request again only it prompts me to log in despite the fact that I have. Like the session variables aren't over writing or something and it doesn't make any sense to me at all.

The thing that's confusing me is that even when I log out its like its not destroying all the session variables. I could take some screencaps and show you what I'm seeing :D

OK, but I find your code a little difficult to make out as there's no login code (login form and $_POST data) and where does $username come from?

if($username == "admin"){

Can't see where that is set.

Okay so the not logged in screenacps shows what I should see when I'm not logged in. This is the script for that page:

<?php
	ini_set('session.cache_limiter','private');
	session_start(); 
?>

<html>
	<head>
	
	<link rel="stylesheet" type="text/css" href="http://localhost/Library/stylesheets/Library.css">
	
	
	
</head>
	
	<body>


		<div id="container">
			<div id="header">
				<div id="logo"><a href="http://localhost/Library/php/library.php"><img src="http://localhost/Library/images/theLibrary.png"></a></div>
				<div id = "menu">
					<?php
						include ('File:///C:/wamp/www/Library/php/menu.php');
						
					?>
				</div>
			</div>
			
			<div id="body">
			
				<div id= "content">
					<?php
					$username = $_SESSION['username'];
					$title = $_GET['q'];
					if(isset($_GET['r'])){
						if($_GET['r'] == "default"){
							print("<p>You are not logged in</p>");
						}
						if($_GET['r'] == "admin"){
							print("<p>Please open card holder account first</p>");
						}
					}
					$query = "SELECT * FROM books JOIN booksection ON books.libraryID = booksection.libraryID and books.title = '$title' JOIN sections ON booksection.sectionID = sections.sectionID";
		
					$result=@mysql_query($query) or die(mysql_error());
					$number=mysql_numrows($result);
		
					$row = mysql_fetch_array($result) or die(mysql_error());
					$title = $row['title'];
					$author = $row['author'];
					$summary = $row['summary'];
					$series = $row['series'];
					$volume = $row['volume'];	
					print("<center><img src=\"http://localhost/Library/images/bookDetails.png\"><br/><br/>");
						print("<table class=\"table\" border = \"2\"");
					print("
						<tr>
							<th>title</th>
							<td>$title</td>
						</tr>
						<tr>
							<th>author</th>
							<td><a href=\"http://localhost/Library/php/author.php?q=". $author . "\">$author</a></td>
						</tr>
						<tr>
							<th>series</th>
							<td><a href=\"http://localhost/Library/php/series.php?q=". $series . "\">$series</a></td>
						</tr>	
						<tr>
							<th>Volume Number</th>
							<td>$volume</td>
						<tr>
							<th>summary</th>
							<td>$summary</td>
						</tr>");
						print("</table></center>");
					
					$query = "SELECT * FROM books WHERE title = '$title'";
					$result = mysql_query($query) or die(mysql_error());
					$number = mysql_numrows($result);
					print("<center><h2>Copy Details</h2>");
						print("<table class=\"table\" border = \"2\"");
						print("<tr>
								<th>libraryID</th>
								<th>publisher</th>
								<th>year</th>
								<th>checkoutDate</th>
								<th>dueDate</th>
								<th>Hold/Request</th>
							</tr>");
						$i=0;
					while($i < $number){
						$libraryID = mysql_result($result, $i, "libraryID");
						$publisher = mysql_result($result, $i, "publisher");
						$year = mysql_result($result, $i, "year");
						
						$checkout = "SELECT * FROM checkout WHERE libraryID = '$libraryID'";
						$checkoutResult = mysql_query($checkout);
						$checkoutNumber = mysql_numrows($checkoutResult);
						$status = "checked in";
						$j = 0;
						while($j < $checkoutNumber){
							$checkoutDate = mysql_result($checkoutResult, $j, "checkoutDate");
							$dueDate = mysql_result($checkoutResult, $j, "dueDate");
							$status = "checked out";
							$j++;
						}
						if($checkoutNumber == 0){
							$checkoutDate = '';
							$dueDate = '';
							$status = "checked in";
						}
								print("<tr>
									<td>$libraryID</td>
									<td>$publisher</td>
									<td>$year</td>
									<td>$checkoutDate</td>
									<td>$dueDate</td>
									<td><a href=\"http://localhost/Library/php/holdrequest.php?q=". $libraryID . "\">Hold/Request</a>
								</tr>");
								$i++;
					}
					print("</table></center>");
				//HOLDS REQUESTS TABLE
					$username = $_SESSION['username'];
					if($username == "admin"){
						$query = "SELECT * FROM holdsrequests WHERE libraryID = '$libraryID'";
						$result = mysql_query($query) or die(mysql_error());
						$number = mysql_numrows($result);
						if($number == 0){
							print("<p>There are no holds or requests for this book</p>");
						}
						if($number < 0){
							print("<center><h2>Holds and Requests</h2><br/><br/>");
							print("<table class=\"table\" border = \"2\"");
							print("<tr>
								<th>Library ID</th>
								<th>Card Number</th>
								<th>Status</th>
								<th>Date Set</th>
							</tr>");
							$i=0;
							while($i<$number){
						
								$cardNumber = mysql_result($result, $i, "cardNumber");
								$status = mysql_result($result, $i, "status");
								$dateSet = mysql_result($result,$i, "dateSet");
								print("<tr>
									<td>$libraryID</td>
									<td><a href=\"http://localhost/Library/php/userPanel.php?q=". $cardNumber . "\">$cardNumber</a></td>
									<td>$status</td>
									<td>$dateSet</td>
								</tr>");
								$i++;
							}
						
						print("</table></center>");
						}
					
					}
					mysql_close();
				?>
				</div>
			</div>	
			
			
			<div id="footer"></div>
			
		</div>
	</body>
</html>

this is the script for the menu, the included file in the menu div

<?php
	

	if(isset($_SESSION['username'])){
	//IF USERNAME IS ALL READY SET//
		@mysql_connect($_SESSION['hostname'],$_SESSION['username'],$_SESSION['password']) or die(@mysql_error());
		@mysql_select_db($_SESSION['db']) or die(@mysql_error());
		$username = $_SESSION['username'];
		if(isset($_SESSION['thispage'])){
			$thispage = $_SESSION['thispage'];
		}
	//IF USERNAME IS NOT DEFAULT DISPLAY MENU FOR LOGGED IN USER//
		if($username !=  "default"){
			?>
			<div id = "nav">
				<ul>
					<li 
						<?php 
							if(isset($_SESSION['thispage'])){
								if($thispage == "page one"){
									echo "id = \"currentpage\"";
								}
							}
						?>
					>
						<a href="http://localhost/Library/php/library.php">Search</a>
					</li>
					<?php
						if($username != "admin"){?>
					<li 
						<?php 
							if(isset($_SESSION['thispage'])){
								if($thispage == "page two"){
									echo "id = \"currentpage\"";
								}
							}
						?>
					>
						<a href="http://localhost/Library/php/userPanel.php">Control Panel</a>
					</li>
					<?php } 
					else if ($username == "admin"){ ?>
						<li 
						<?php 
							if(isset($_SESSION['thispage'])){
								if($thispage == "page three"){
									echo "id = \"currentpage\"";
								}
							}
						?>>
						<a href="http://localhost/Library/php/adminControl.php">Control Panel</a>
					</li>
					<?php } ?>
					<li>
						<a href="http://localhost/Library/php/logout.php">Log Out</a>
					</li>
				</ul>
			</div>
			<?php
		}
		else{
		//LOGGED IN AS DEFAULT DISPLAY LOGIN BUTTON//
			?>
			<div id ="login">
				<form name="login" method="POST" action = "http://localhost/Library/php/login.php">
						<table class="formLogin">
							<tr>
								<td><input id="username" class="text"	onfocus="document.getElementById('username').value='';" name="username" type="text" value="Username">
								</td>
								<td rowspan='2'><center><input type="submit" name ="submitbutton" class="button" value = "log in"></input></center></td>
							</tr>
							<tr>
								<td><input id="pw" class="text" onfocus="document.getElementById('pw').type='password';
document.getElementById('pw').value='';" name="password" type="text" value="Password">
								</td>
							</tr>
							
						</table>
					</form>
			</div>
			<?php
		}
	}

	else{
	//USERNAME HAS NOT BEEN SET - LOG IN AS DEFAULT
		
		$_SESSION['username']="default";
		$_SESSION['password']="password";
		$_SESSION['hostname']="localhost";
		$_SESSION['db']="cataloguethree";
		@mysql_connect($_SESSION['hostname'],$_SESSION['username'],$_SESSION['password']) or die(@mysql_error());
		@mysql_select_db($_SESSION['db']) or die(@mysql_error());
	}
	?>

When I log in it runs this script:

<?php
	ini_set('session.cache_limiter','private');
	session_start();
	$_SESSION['username']=$_POST['username'];
	$_SESSION['password']=$_POST['password'];
	$_SESSION['hostname']="localhost";
	$_SESSION['db']="cataloguethree";
	@mysql_connect($_SESSION['hostname'],$_SESSION['username'],$_SESSION['password']) or die(@mysql_error);
	@mysql_select_db($_SESSION['db']) or die(@mysql_error);
	header('Location:http://localhost/Library/php/library.php');
?>

So then I have to search for the book again and the details script gets run a second time and then I hit request/hold and that script gets run again. Now it should have the new username and but for some reason has the previous one.

Perhaps it would be wiser not to link the site login details to the DB connection.
Usually the login simply gains you access to the site. The DB connection details are usually stored in another file with static details.

Anyway. I'm going to bed, it's time I was asleep. Will come back tomorrow sometime. In the meantime, anybody else?

I think the least confusing way to explain what's happening, now that I've reorganized things is with the menu. The menu changes based on the username, at least its supposed to but most of the time in order to get it to change I have to refresh the page. I think this is probably the heart of the issue.

So this is my home page:

<?php
	ini_set('session.cache_limiter','private');
	session_start(); 
	if(!isset($_SESSION['username'])){
		$_SESSION['username']="default";
		$_SESSION['password']="password";
		$_SESSION['hostname']="localhost";
		$_SESSION['db']="cataloguethree";
		@mysql_connect($_SESSION['hostname'],$_SESSION['username'],$_SESSION['password']) or die(@mysql_error());
		@mysql_select_db($_SESSION['db']) or die(@mysql_error());
	}
?>

<html>
<head>
	
	<link rel="stylesheet" type="text/css" href="http://localhost/Library/stylesheets/Library.css">
	
	
	
</head>
<body>

	<div id="container">
		<div id="header">
			<div id="logo"><a href="http://localhost/Library/php/library.php"><img src="http://localhost/Library/images/theLibrary.png"></a></div>
			<div id = "menu">
				<?php
						
						if($_SESSION['username'] == "default"){
							include ('File:///C:/wamp/www/Library/html/login.html');
						}
						else{
							$thisPage = 'page one';
							$_SESSION['thispage'] = $thisPage;
							include ('File:///C:/wamp/www/Library/php/menu.php');
						}
					?>
			</div>
		</div>
		<div id="body">
			<div id="content">
				<div id= "search">
					<img src="http://localhost/Library/images/startHere.png" WIDTH="284" HEIGHT="203">
					<form name="search" class="searchForm" method="post" action="http://localhost/Library/php/search.php">
						<input type = "text" class="text" name = "searchbar" size = "50">
						<input type="submit" name ="submitbutton" class="button" value = "Search"></input>
					</form>
				</div>
			</div>
		</div>
		
		<div id="footer"></div>
	</div>

</body>
</html>

if a session hasn't been started start one and log in as default. Then when it gets down to the menu div there's an if else statement, if the username is default include the login.html which loads the login in form in the corner. Else wise display include the navigation menu.

When I log in and navigate from page to page I have to refresh each time I load a new page to get the navigation menu to replace the login form. And I think this is what's causing the rest of the problems.

Read: http://www.php.net/manual/en/book.session.php#85021.

that certainly sounds like it might be the problem. It might be the lateness of the hour but I have been able to figure out how to fix it. adding a session_start() as suggested in on post just gives me a session already started warning/error, the other suggestion seemed to be changing the include but I', not sure what to change it to. My files are in http://localhost/Library/html and http://localhost/Library/php it would seem putting in the entire url is causing the problem, according to that post. But the suggestion on fixing it by including the file name only wouldn't work for me I don't think.

No, that's not the point - you need to have a redirect after the login.

I do. The log in form is populated if the user is not logged in and then that form calls login.php which redirects back to library.php with this:

header('Location:http://localhost/Library/php/library.php');

Almost every time such an odd problem occured in one of my projects, it was like only one letter or one line that was written wrong or contained a spelling mistake that was causing the problem. You really need to check EVERYTHING very closely.

session_start(); should be the first line on every page, and when you log out you should use session_destroy();, at least to try if it works.

So I've removed the include file all together and added it into each script instead. I'm still getting the problem of having to refresh most pages to get the menu to update.

lemme see if I can't explain better..

if I don't log in when I click request it should as me to log in. So I do that and hit request again only it prompts me to log in despite the fact that I have. Like the session variables aren't over writing or something and it doesn't make any sense to me at all.

The thing that's confusing me is that even when I log out its like its not destroying all the session variables. I could take some screencaps and show you what I'm seeing :D

Is English your Xth language? ;)
Anyway,
put session_start() on top of every page before anything else. Then test for a variable you set if you are logged in

if($_SESSION['isLoggedIn']){
    //logged in, send to member area
}
else{
    //is not logged, send him to login page or whaterve
}

Yeah english is my first language, I just fail at using it most of the time. :P

I have session_start() at the top of every page. What seems to be happening is that the variables aren't overwriting or destroying or something. For example: I have this link on one of my pages:

$remove = '<a href="http://localhost/Library/php/removeHoldsRequests.php?q='. $libraryID . '">Remove</a>';

Now say two users have the same book held, they're waiting in line, basically to have a loan of this book. User one decides to remove the book.

<?php
ini_set('session.cache_limiter','private');
session_start();
@mysql_connect($_SESSION['hostname'],$_SESSION['username'],$_SESSION['password']) or die(mysql_error());
@mysql_select_db($_SESSION['db']);
$cardNumber = $_SESSION['cardNumber'];
$libraryID = $_GET['q'];
$query = "DELETE FROM holdsrequests WHERE libraryID = '$libraryID' and cardNumber = '$cardNumber'";
$result = mysql_query($query) or die(mysql_error());
header('Location:http://localhost/Library/php/userPanel.php?q='.$cardNumber. '&r=removed');


?>

$_SESSION is set in the user panel.

if($username == "admin"){
						if(isset($_GET['q'])){
							$cardNumber = $_GET['q'];
							if(isset($_GET['r'])){
								if($_GET['r'] == "removed"){
									print("<p>Hold/Request has been removed</p>");
								}
								if($_GET['r'] == "request"){
									print("<p>Request has been added</p>");
								}
								if($_GET['r'] == "hold"){
									print("<p>Hold has been added</p>");
								}
								if($_GET['r'] == "removeFine"){
									print("<p>Fine has been removed</p>");
								}
								if($_GET['r'] == "checkedout"){
									print("<p>Books is all ready checked out</p>");
								}
								if($_GET['r'] == "waiting"){
									$queue = $_SESSION['queue'];
									print("<p>$queue member(s) waiting for this book</p>");
								}
								if($_GET['r'] == "added"){
									print("<p>Books has been checked out</p>");
								}
							}
						}
						else{
							$cardNumber=$_POST['cardNumber'];
						}
					}
					else{
						$cardNumber = $_SESSION['username'];
						
					}
					$_SESSION['cardNumber'] = $cardNumber;

Now if user one removes the book it fine, redirects to the proper page. But if I log in as user two it redirects to user one and user two can not remove the book from their page.

After some trial and error I think the problem lies mainly in the redirection. For example if I take out the header() line in one of my php scripts and have it print its session variables it will print previous ones rather then the new ones until I refresh the page. Or it won't even find them until I refresh a couple of times. I got an index undefined error until I refreshed it about three times.