[PHP-DB] Session start
I have a problem with my system, not sure how I can fix this one. A user has
a log in page and takes them to different pages, now each of these pages has
a check to make sure they are logged in with the following code:
session_start();
if (!(isset($_SESSION['username']) $_SESSION['username'] != '')) {
header (Location: login.html);
exit;
}
So if they are not logged in it redirects them to the log in page. No
problems there.
Now if a user is not logged in and comes back to that page, it starts the
session so giving them a session id and redirects them back to thge login
page. The problem I have is I do NOT want the session to start, I need them
to hit the log in page with no sessions there. I have tried all sorts but
just cannot get this to work.
I have tried adding this to the code.
session_start();
if (!(isset($_SESSION['username']) $_SESSION['username'] != '')) {
*session_destroy();*
header (Location: login.html);
exit;
}
But that did not work? Please I am stuck for ideas?
Re: [PHP-DB] Session start
On 14 May 2010 18:47, Barry Zimmerman barryzi...@googlemail.com wrote:
I have a problem with my system, not sure how I can fix this one. A user has
a log in page and takes them to different pages, now each of these pages has
a check to make sure they are logged in with the following code:
session_start();
if (!(isset($_SESSION['username']) $_SESSION['username'] != '')) {
header (Location: login.html);
exit;
}
So if they are not logged in it redirects them to the log in page. No
problems there.
Now if a user is not logged in and comes back to that page, it starts the
session so giving them a session id and redirects them back to thge login
page. The problem I have is I do NOT want the session to start, I need them
to hit the log in page with no sessions there. I have tried all sorts but
just cannot get this to work.
I have tried adding this to the code.
session_start();
if (!(isset($_SESSION['username']) $_SESSION['username'] != '')) {
*session_destroy();*
header (Location: login.html);
exit;
}
But that did not work? Please I am stuck for ideas?
Read the manual on session_destroy. Specifically, if you want to
complete destroy the session, unset the session cookie as well.
On a separate note: why do you care if the session has started or not?
If nothing is stored in the session then there's not much difference
to you.
Regards
Peter
--
hype
WWW: http://plphp.dk / http://plind.dk
LinkedIn: http://www.linkedin.com/in/plind
Flickr: http://www.flickr.com/photos/fake51
BeWelcome: Fake51
Couchsurfing: Fake51
/hype
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Session start
Barry,
Did you try to use setcookie with expiry date in the past? You could
use
setcookie before header function of the following manner.
session_start();
if (!(isset($_SESSION['username']) $_SESSION['username'] != '')) {
setcookie(session,session id, 1);
header (Location: login.html);
}
Best regards,
Luiz Alberto
On Fri, 2010-05-14 at 17:47 +0100, Barry Zimmerman wrote:
I have a problem with my system, not sure how I can fix this one. A user has
a log in page and takes them to different pages, now each of these pages has
a check to make sure they are logged in with the following code:
session_start();
if (!(isset($_SESSION['username']) $_SESSION['username'] != '')) {
header (Location: login.html);
exit;
}
So if they are not logged in it redirects them to the log in page. No
problems there.
Now if a user is not logged in and comes back to that page, it starts the
session so giving them a session id and redirects them back to thge login
page. The problem I have is I do NOT want the session to start, I need them
to hit the log in page with no sessions there. I have tried all sorts but
just cannot get this to work.
I have tried adding this to the code.
session_start();
if (!(isset($_SESSION['username']) $_SESSION['username'] != '')) {
*session_destroy();*
header (Location: login.html);
exit;
}
But that did not work? Please I am stuck for ideas?
Re: [PHP-DB] Session start
id also suggest to revisit the entire login script that you have attached,
its a bit overly complicated. Keep amount of if statements to the minimum
and you will not get lost. Try to keep it simple.
Session is not a problem for you, just make a very simple set of rules when
user is logging in, logging out and how to check if he is logged in.
i guess its worth having a look at some open source apps or frameworks and
see how they do it, good luck
art
On 14 May 2010 18:24, Luiz Alberto gomes.l...@gmail.com wrote:
Barry,
Did you try to use setcookie with expiry date in the past? You could
use
setcookie before header function of the following manner.
session_start();
if (!(isset($_SESSION['username']) $_SESSION['username'] != '')) {
setcookie(session,session id, 1);
header (Location: login.html);
}
Best regards,
Luiz Alberto
On Fri, 2010-05-14 at 17:47 +0100, Barry Zimmerman wrote:
I have a problem with my system, not sure how I can fix this one. A user
has
a log in page and takes them to different pages, now each of these pages
has
a check to make sure they are logged in with the following code:
session_start();
if (!(isset($_SESSION['username']) $_SESSION['username'] != '')) {
header (Location: login.html);
exit;
}
So if they are not logged in it redirects them to the log in page. No
problems there.
Now if a user is not logged in and comes back to that page, it starts the
session so giving them a session id and redirects them back to thge login
page. The problem I have is I do NOT want the session to start, I need
them
to hit the log in page with no sessions there. I have tried all sorts but
just cannot get this to work.
I have tried adding this to the code.
session_start();
if (!(isset($_SESSION['username']) $_SESSION['username'] != '')) {
*session_destroy();*
header (Location: login.html);
exit;
}
But that did not work? Please I am stuck for ideas?
Re: [PHP-DB] Session start
Barry,
session_start(); will not wipe clean the user's session so there is
something else going on.
Does the login.html authentication script correctly set
$_SESSION['username'] ?
Also, it has been my experience that code like
isset($_SESSION['username']) is better if you replace it with
array_key_exists('username',$_SESSION)
Thanks,
--Dustin
Barry Zimmerman wrote:
I have a problem with my system, not sure how I can fix this one. A user has
a log in page and takes them to different pages, now each of these pages has
a check to make sure they are logged in with the following code:
session_start();
if (!(isset($_SESSION['username']) $_SESSION['username'] != '')) {
header (Location: login.html);
exit;
}
So if they are not logged in it redirects them to the log in page. No
problems there.
Now if a user is not logged in and comes back to that page, it starts the
session so giving them a session id and redirects them back to thge login
page. The problem I have is I do NOT want the session to start, I need them
to hit the log in page with no sessions there. I have tried all sorts but
just cannot get this to work.
I have tried adding this to the code.
session_start();
if (!(isset($_SESSION['username']) $_SESSION['username'] != '')) {
*session_destroy();*
header (Location: login.html);
exit;
}
But that did not work? Please I am stuck for ideas?
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
