OK thanx figured out a workaround in the meantime, I am setting and
retaining part of the session, but not all session variables, am I doing
this wrong???
$ip = $REMOTE_ADDR;
// Check for session - if session is set user has already logged in
session_start();
$login_state = &$_SESSION["login_state"];
if ($login_state["hasLoggedIn"] === 1) $hasLoggedIn = 1;
if ($login_state["ip"] != $REMOTE_ADDR) $hasLoggedIn = 0; // Prevents
session stealing
$temp .= "Your new session id is: " . $login_state["ip"] . "<br>";
$login_state["ip"] never exists, though it's supposed to when the session is
created upon successful login:
// Set up session variable with username and redirect to pic upload lib
session_start();
$login_state["hasLoggedIn"] = 1;
$login_state["ip"] = $ip;
session_register("login_state");
header("Location: http://"; . $HTTP_HOST . $PHP_SELF);
You can see I am going to be a big problem :(
Phil
"Uchendu Nwachukwu" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Make sure you aren't sending any HTML to the browser for any reason before
> the session_start(); call.
>
> Surefire way to prevent this error: place the following line as the first
> line of PHP script you execute on every page:
>
> ob_start();
>
> Check out http://www.php.net/ob_start for details on what that does.
>
> --
> Uchendu Nwachukwu
> newsreply AT unndunn DOT com - www.unndunn.com
>
> "Phil Powell" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > I am now getting the following errors on every page:
> >
> > Warning: Cannot send session cache limiter - headers already sent
(output
> > started at c:\program files\apache
> > group\apache\htdocs\webmissions\picupload\miss_pic_upload.php:25) in
> > c:\program files\apache
> > group\apache\htdocs\webmissions\picupload\miss_pic_upload.php on line 81
> >
> > This is when I use the following block of code to first SET the session
> for
> > the very first time:
> >
> > if (mysql_num_rows($results) == 0) {
> > // Could not find info in db redirect to login library with error
msg
> > $errorHTML .= "<font color=cc0000>We could not find your
information
> ";
> > $errorHTML .= " in our database. Please try again.</font><p>";
> > $hasLoggedIn = 0;
> > } else if (strcmp(session_name(), "hasLoggedIn") != 0) {
> > // Set up session variable with username and redirect to pic upload
> lib
> > session_name("hasLoggedIn");
> > $name = session_name();
> > session_start();
> > $HTTP_SESSION_VARS["username"] = $username;
> > $HTTP_SESSION_VARS["ip"] = $REMOTE_ADDR; // To prevent session
> stealing
> > }
> >
> > I am completely confused!
> >
> > Phil
> >
> > "Michael Virnstein" <[EMAIL PROTECTED]> wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > you have to put this on top of every of your pages:
> > > ---------------------------------
> > > session_name("hasLoggedIn");
> > > $stuff = session_name();
> > > session_start();
> > > ---------------------------------
> > > session_name first sets the name. then you call session_start which
will
> > > look for the
> > > sessionid in ${session_name()}. that is why you have to call
> > session_name()
> > > BEFORE calling
> > > session_start();
> > >
> > > Regards Michael
> > >
> > >
> > > "Phil Powell" <[EMAIL PROTECTED]> schrieb im Newsbeitrag
> > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > Thanx, however, I cannot retain the session_name when I go to the
next
> > > URL.
> > > > How do I retain the session_name especially when I have to use a
form
> > > > method=POST?
> > > >
> > > > I have a URL that will be the login
> > > >
> > > > Once you login you will have a session (that works now)
> > > >
> > > > That page with the session will have a form with five <input=file>
> type
> > > form
> > > > elements
> > > >
> > > > Once submitted you will be at a "thank-you" page and files uploaded,
> but
> > > > then the session is gone (session_name is back to PHPSESSID again)
> > > >
> > > > What do I do to keep it? I cannot use cookies and putting it in the
> URL?
> > > >
> > > > Phil
> > > > "Michael Virnstein" <[EMAIL PROTECTED]> wrote in message
> > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > > session_name will retur the previos name of the session, so in
your
> > case
> > > > > $stuff will contain "PHPSESSID"
> > > > > and i think you have to call session_start(); before you do
> > > > > $HTTP_SESSION_VARS["username"] = $username;
> > > > >
> > > > > so perhaps this will work:
> > > > >
> > > > > session_name("hasLoggedIn");
> > > > > $stuff = session_name();
> > > > > session_start();
> > > > > $HTTP_SESSION_VARS["username"] = $username;
> > > > >
> > > > > Regards, Michael
> > > > >
> > > > > "Phil Powell" <[EMAIL PROTECTED]> schrieb im Newsbeitrag
> > > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > > > Will the following lines set up a session by the name of
> > "hasLoggedIn"
> > > > > with
> > > > > > HTTP_SESSION_VARS["username"]?
> > > > > >
> > > > > > $stuff = session_name("hasLoggedIn");
> > > > > > $HTTP_SESSION_VARS["username"] = $username;
> > > > > > session_start();
> > > > > >
> > > > > > I am trying to create a page that sets a session variable upon
> > > > successful
> > > > > > login, problem is, the session_name() never changes it always
> > remains
> > > > the
> > > > > > default PHPSESSID what am I doing wrong now?
> > > > > >
> > > > > > I fixed the problem with multiple files, that was bizarre!
> > > > > >
> > > > > > Thanx
> > > > > > Phil
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> > "Uchendu Nwachukwu" <[EMAIL PROTECTED]> wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > In your example, simply place this line in your code (on *every* page
> you
> > > want the session to be on):
> > >
> > > session_name("HasLoggedIn");
> > > session_register("username");
> > >
> > > If your PHP was compiled with '--enable-trans-sid' you shouldn't have
to
> > > worry about anything else. PHP will automatically store the session ID
> in
> > a
> > > cookie, or it will pass the session ID in your HTML links. If it
wasn't
> > > compiled with '--enable-trans-sid', you'll need to use the constant
SID.
> > >
> > > Example:
> > > ------------------------------------------------------------------
> > > <?php
> > > session_name("HasLoggedIn");
> > > session_register("username"); ?>
> > >
> > > Welcome <?=$username;?>. <!-- assumes user has already entered a
> username
> > on
> > > some other page -->
> > >
> > > <a href="nextpage.php?<?=SID;?>">Click here to continue.</a>
> > > ------------------------------------------------------------------
> > >
> > > Hope that helps! Check out
http://www.php.net/manual/en/ref.session.php
> > for
> > > more info
> > >
> > > --
> > > Uchendu Nwachukwu
> > > newsreply AT unndunn DOT com - www.unndunn.com
> > >
> > > "Phil Powell" <[EMAIL PROTECTED]> wrote in message
> > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > Thanx, however, I cannot retain the session_name when I go to the
next
> > > URL.
> > > > How do I retain the session_name especially when I have to use a
form
> > > > method=POST?
> > > >
> > > > I have a URL that will be the login
> > > >
> > > > Once you login you will have a session (that works now)
> > > >
> > > > That page with the session will have a form with five <input=file>
> type
> > > form
> > > > elements
> > > >
> > > > Once submitted you will be at a "thank-you" page and files uploaded,
> but
> > > > then the session is gone (session_name is back to PHPSESSID again)
> > > >
> > > > What do I do to keep it? I cannot use cookies and putting it in the
> URL?
> > > >
> > > > Phil
> > > > "Michael Virnstein" <[EMAIL PROTECTED]> wrote in message
> > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > > session_name will retur the previos name of the session, so in
your
> > case
> > > > > $stuff will contain "PHPSESSID"
> > > > > and i think you have to call session_start(); before you do
> > > > > $HTTP_SESSION_VARS["username"] = $username;
> > > > >
> > > > > so perhaps this will work:
> > > > >
> > > > > session_name("hasLoggedIn");
> > > > > $stuff = session_name();
> > > > > session_start();
> > > > > $HTTP_SESSION_VARS["username"] = $username;
> > > > >
> > > > > Regards, Michael
> > > > >
> > > > > "Phil Powell" <[EMAIL PROTECTED]> schrieb im Newsbeitrag
> > > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > > > Will the following lines set up a session by the name of
> > "hasLoggedIn"
> > > > > with
> > > > > > HTTP_SESSION_VARS["username"]?
> > > > > >
> > > > > > $stuff = session_name("hasLoggedIn");
> > > > > > $HTTP_SESSION_VARS["username"] = $username;
> > > > > > session_start();
> > > > > >
> > > > > > I am trying to create a page that sets a session variable upon
> > > > successful
> > > > > > login, problem is, the session_name() never changes it always
> > remains
> > > > the
> > > > > > default PHPSESSID what am I doing wrong now?
> > > > > >
> > > > > > I fixed the problem with multiple files, that was bizarre!
> > > > > >
> > > > > > Thanx
> > > > > > Phil
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
