Re: [PHP] Session destruction problem
On Sat, Feb 23, 2008 at 10:49 PM, Adil Drissi <[EMAIL PROTECTED]> wrote: > Hi, > > I made an error i was using > unset($_SESSION["sessioname"]) instead of > unset($_SESSION). I'm sorry, but anyway, now i want to > give another detail. All the time i was testing with > opera. After testing in firefox and ie there is no > problem with the code i posted. It sounds to me as though your installation of Opera is not properly respecting the headers sent by the server to destroy the session cookies. Maybe checking Google for `opera cookie retention` or `opera session problems` would help. Looks to me as though you're certainly not the only one to find that Opera doesn't handle cookies and sessions as well as expected, or as well as Firefox/SeaMonkey and (*gasp!*) Micro$oft Internet Exploder. -- Daniel P. Brown Senior Unix Geek -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session destruction problem
Adil Drissi wrote: > Hi, > > I made an error i was using > unset($_SESSION["sessioname"]) instead of > unset($_SESSION). I'm sorry, but anyway, now i want to > give another detail. All the time i was testing with > opera. After testing in firefox and ie there is no > problem with the code i posted. > Yes, that was the suggestion six days ago ;-) -Shawn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session destruction problem
Hi, I made an error i was using unset($_SESSION["sessioname"]) instead of unset($_SESSION). I'm sorry, but anyway, now i want to give another detail. All the time i was testing with opera. After testing in firefox and ie there is no problem with the code i posted. Thank you very much for your help --- Adil Drissi <[EMAIL PROTECTED]> wrote: > Hi, > > Below you'll find my code. I think now that the > problem is in my algorithm, because the is created > anytime the page is refreshed. But i don't know how > to > check if the client was logged out or it is a real > new > connexion to the page. As you will see one can click > on logout, then press the back button of the > browser, > and then refresh the page, but he is still > connected. > I would like to help me fixe that. Here is the code: > > ---index.php-- > //the first page where the user enters his login and > password > > Transitional//EN" > "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> > http://www.w3.org/1999/xhtml";> > > > href="../styles/style.css" media="screen" /> > Login page > > > method="post"> > > > Login width = "50%" align = "left"> name="login" /> > "right">Password width = "50%" align = "left"> name="password" /> > > "Connect"/> > > > > > > > - manage.php > //where the form posts data and here is where the > session is created > > session_start(); > $sessionid = session_id(); > $referer = @$HTTP_REFERER; > if (isset($_REQUEST['connect'])){ > $passwd = addslashes($_POST['password']); > $login = addslashes($_POST['login']); > require_once "../../../includes/connexion.php"; > $sql = mysql_query("SELECT * FROM user WHERE login > ='".$login."' and password = '".$passwd."'") or > die("Incorrect username or password."); > $result = mysql_fetch_array($sql); > if (($result[0] != null)) { > $_SESSION['sessioname'] = $_POST['login']; > } > else Header ("Location: ./index.php"); > mysql_close(); > } > else if(!isset($_SESSION['sessioname'])) { > Header ("Location: ./index.php"); > } > ?> > Transitional//EN" > "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> > http://www.w3.org/1999/xhtml";> > > > > > > if(isset( $_SESSION['sessioname'])) { > echo $_SESSION['sessioname'] ; > echo ", ". session_id(); > echo ", Log Out > "; > } > else echo "Login > "; > ?> > > > > logout.php -- > session_start(); > unset($_SESSION["sessioname"]); > $_SESSION = array(); > session_destroy(); > header("location: index.php"); > ?> > --- Richard Lynch <[EMAIL PROTECTED]> wrote: > > > On Sat, February 16, 2008 2:31 pm, Adil Drissi > > wrote: > > > I need help with sessions. > > > I have a simple authentification relying only on > > > sessions (i don't use cookies). > > > > Do you mean that you are also using the > "no_cookie" > > setting in PHP and > > using the URL to pass around the session ID? > > > > Or jut that you don't use "extra" cookies on top > of > > the one PHP uses > > by default? > > > > > After the user submits > > > his username and password, the script checks if > > that > > > corresponds to a record in a mysql table. If > this > > is > > > the case "$_SESSION['sessioname'] = > > $_POST['login'];". > > > the $_SESSION['sessioname'] is checked in > > subsequent > > > pages to see if the user is connected or not. > > > The problem is after the user logs out, and > after > > that > > > uses the previous button of the browser he > becomes > > > connected. How can i prevent this please. > > > > If the URL has the old session ID, and you aren't > > destroying it > > completely somehow, then they'll be logged in once > > they go back to the > > URL with the session ID. > > > > > session_start(); > > unset($_SESSION["sessioname"]); > > session_destroy(); > > header("location: index.php"); > > ?> > > > > If you want to destroy the session completely, > use: > > $_SESSION = array(); > > to wipe out ALL the session data. > > > > Also, on *some* browsers, sending the cookies > > session_start (if you > > are using cookies) and the Location: header with > an > > INCOMPLETE URL > > means the browser will screw up. > > > > Use the COMPLETE URL in your header("Location") > > > > And use a capital "L" in Location, as well, to be > > totally kosher, I > > think. > > > > -- > > Some people have a "gift" link here. > > Know what I want? > > I want you to buy a CD from some indie artist. > > http://cdbaby.com/from/lynch > > Yeah, I get a buck. So? > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: > http://www.php.net/unsub.php > > > > > > > > > > Be a better friend, newshound, and > know-it-all with Yahoo! Mobile. Try it now. > http://mobile.yahoo
Re: [PHP] Session destruction problem
At 10:47 AM + 2/21/08, Nathan Rixham wrote: apologies, I completely forgot that your using session_destroy ammend to.. Nathan: I don't think it's that simple. For example, go here: http://www.webbytedd.com//destroy-sessions/index.php Login using anything. Log out. Click the browser back button. I think this is what the OP was talking about. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session destruction problem
Adil Drissi wrote: thank you tedd, I understood what you explained to me last time. I was wondering if there is another method to prevent that. Thanks --- tedd <[EMAIL PROTECTED]> wrote: At 2:45 PM -0800 2/19/08, Adil Drissi wrote: Hi, Below you'll find my code. I think now that the problem is in my algorithm, because the is created anytime the page is refreshed. But i don't know how to check if the client was logged out or it is a real new connexion to the page. As you will see one can click on logout, then press the back button of the browser, and then refresh the page, but he is still connected. I would like to help me fixe that. Here is the code: You received an answer, but fail to understand. Unless you use javascript to manipulate the browser's history you are going to continue to have "problems" with the user browser's back button. But, explain why the user using the back button is a problem. If he logs in, he's in. If he logs out, he's out. If he hits the back button after logging out and cancels his log out -- so what? What problems does that present? Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs apologies, I completely forgot that your using session_destroy ammend to.. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session destruction problem
Adil Drissi wrote: thank you tedd, I understood what you explained to me last time. I was wondering if there is another method to prevent that. Thanks --- tedd <[EMAIL PROTECTED]> wrote: At 2:45 PM -0800 2/19/08, Adil Drissi wrote: Hi, Below you'll find my code. I think now that the problem is in my algorithm, because the is created anytime the page is refreshed. But i don't know how to check if the client was logged out or it is a real new connexion to the page. As you will see one can click on logout, then press the back button of the browser, and then refresh the page, but he is still connected. I would like to help me fixe that. Here is the code: You received an answer, but fail to understand. Unless you use javascript to manipulate the browser's history you are going to continue to have "problems" with the user browser's back button. But, explain why the user using the back button is a problem. If he logs in, he's in. If he logs out, he's out. If he hits the back button after logging out and cancels his log out -- so what? What problems does that present? Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs Looks like your on an old 4.x version of php; try the following. Regards Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session destruction problem
thank you tedd, I understood what you explained to me last time. I was wondering if there is another method to prevent that. Thanks --- tedd <[EMAIL PROTECTED]> wrote: > At 2:45 PM -0800 2/19/08, Adil Drissi wrote: > >Hi, > > > >Below you'll find my code. I think now that the > >problem is in my algorithm, because the is created > >anytime the page is refreshed. But i don't know how > to > >check if the client was logged out or it is a real > new > >connexion to the page. As you will see one can > click > >on logout, then press the back button of the > browser, > >and then refresh the page, but he is still > connected. > >I would like to help me fixe that. Here is the > code: > > You received an answer, but fail to understand. > > Unless you use javascript to manipulate the > browser's history you are > going to continue to have "problems" with the user > browser's back > button. > > But, explain why the user using the back button is a > problem. If he > logs in, he's in. If he logs out, he's out. If he > hits the back > button after logging out and cancels his log out -- > so what? What > problems does that present? > > Cheers, > > tedd > > > -- > --- > http://sperling.com http://ancientstones.com > http://earthstones.com > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session destruction problem
At 2:45 PM -0800 2/19/08, Adil Drissi wrote: Hi, Below you'll find my code. I think now that the problem is in my algorithm, because the is created anytime the page is refreshed. But i don't know how to check if the client was logged out or it is a real new connexion to the page. As you will see one can click on logout, then press the back button of the browser, and then refresh the page, but he is still connected. I would like to help me fixe that. Here is the code: You received an answer, but fail to understand. Unless you use javascript to manipulate the browser's history you are going to continue to have "problems" with the user browser's back button. But, explain why the user using the back button is a problem. If he logs in, he's in. If he logs out, he's out. If he hits the back button after logging out and cancels his log out -- so what? What problems does that present? Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session destruction problem
Hi, Below you'll find my code. I think now that the problem is in my algorithm, because the is created anytime the page is refreshed. But i don't know how to check if the client was logged out or it is a real new connexion to the page. As you will see one can click on logout, then press the back button of the browser, and then refresh the page, but he is still connected. I would like to help me fixe that. Here is the code: ---index.php-- //the first page where the user enters his login and password http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> http://www.w3.org/1999/xhtml";> Login page Login Password - manage.php //where the form posts data and here is where the session is created http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> http://www.w3.org/1999/xhtml";> Log Out "; } else echo "Login "; ?> logout.php -- --- Richard Lynch <[EMAIL PROTECTED]> wrote: > On Sat, February 16, 2008 2:31 pm, Adil Drissi > wrote: > > I need help with sessions. > > I have a simple authentification relying only on > > sessions (i don't use cookies). > > Do you mean that you are also using the "no_cookie" > setting in PHP and > using the URL to pass around the session ID? > > Or jut that you don't use "extra" cookies on top of > the one PHP uses > by default? > > > After the user submits > > his username and password, the script checks if > that > > corresponds to a record in a mysql table. If this > is > > the case "$_SESSION['sessioname'] = > $_POST['login'];". > > the $_SESSION['sessioname'] is checked in > subsequent > > pages to see if the user is connected or not. > > The problem is after the user logs out, and after > that > > uses the previous button of the browser he becomes > > connected. How can i prevent this please. > > If the URL has the old session ID, and you aren't > destroying it > completely somehow, then they'll be logged in once > they go back to the > URL with the session ID. > > session_start(); > unset($_SESSION["sessioname"]); > session_destroy(); > header("location: index.php"); > ?> > > If you want to destroy the session completely, use: > $_SESSION = array(); > to wipe out ALL the session data. > > Also, on *some* browsers, sending the cookies > session_start (if you > are using cookies) and the Location: header with an > INCOMPLETE URL > means the browser will screw up. > > Use the COMPLETE URL in your header("Location") > > And use a capital "L" in Location, as well, to be > totally kosher, I > think. > > -- > Some people have a "gift" link here. > Know what I want? > I want you to buy a CD from some indie artist. > http://cdbaby.com/from/lynch > Yeah, I get a buck. So? > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session destruction problem
On Sat, February 16, 2008 2:31 pm, Adil Drissi wrote: > I need help with sessions. > I have a simple authentification relying only on > sessions (i don't use cookies). Do you mean that you are also using the "no_cookie" setting in PHP and using the URL to pass around the session ID? Or jut that you don't use "extra" cookies on top of the one PHP uses by default? > After the user submits > his username and password, the script checks if that > corresponds to a record in a mysql table. If this is > the case "$_SESSION['sessioname'] = $_POST['login'];". > the $_SESSION['sessioname'] is checked in subsequent > pages to see if the user is connected or not. > The problem is after the user logs out, and after that > uses the previous button of the browser he becomes > connected. How can i prevent this please. If the URL has the old session ID, and you aren't destroying it completely somehow, then they'll be logged in once they go back to the URL with the session ID. If you want to destroy the session completely, use: $_SESSION = array(); to wipe out ALL the session data. Also, on *some* browsers, sending the cookies session_start (if you are using cookies) and the Location: header with an INCOMPLETE URL means the browser will screw up. Use the COMPLETE URL in your header("Location") And use a capital "L" in Location, as well, to be totally kosher, I think. -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session destruction problem
Hi, Thanks for the link, it is very interesting, but as the author says, the solutions are not perfect. I'm wondering how yahoo mail for example are doing, or maybe they are using something else (not php)? Thank you --- tedd <[EMAIL PROTECTED]> wrote: > At 12:31 PM -0800 2/16/08, Adil Drissi wrote: > >Hi everybody, > > > >I need help with sessions. > >I have a simple authentification relying only on > >sessions (i don't use cookies). After the user > submits > >his username and password, the script checks if > that > >corresponds to a record in a mysql table. If this > is > >the case "$_SESSION['sessioname'] = > $_POST['login'];". > >the $_SESSION['sessioname'] is checked in > subsequent > >pages to see if the user is connected or not. > >The problem is after the user logs out, and after > that > >uses the previous button of the browser he becomes > >connected. How can i prevent this please. > > > >Here is my logout.php: > > > > >session_start(); > >unset($_SESSION["sessioname"]); > >session_destroy(); > >header("location: index.php"); > >?> > > That will destroy the session, but not the browser > history. > > You'll need javascript to alter window history. > > Google "window.history.forward" > > Here's one link that may help: > > http://www.4guysfromrolla.com/webtech/111500-1.2.shtml > > Cheers, > > tedd > > -- > --- > http://sperling.com http://ancientstones.com > http://earthstones.com > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session destruction problem
At 12:31 PM -0800 2/16/08, Adil Drissi wrote: Hi everybody, I need help with sessions. I have a simple authentification relying only on sessions (i don't use cookies). After the user submits his username and password, the script checks if that corresponds to a record in a mysql table. If this is the case "$_SESSION['sessioname'] = $_POST['login'];". the $_SESSION['sessioname'] is checked in subsequent pages to see if the user is connected or not. The problem is after the user logs out, and after that uses the previous button of the browser he becomes connected. How can i prevent this please. Here is my logout.php: That will destroy the session, but not the browser history. You'll need javascript to alter window history. Google "window.history.forward" Here's one link that may help: http://www.4guysfromrolla.com/webtech/111500-1.2.shtml Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session destruction problem
Hi, I suppose this can be used to solve the problem i posted. Can you please tell me how, or send a link to ressource explaining that? Thanks --- Daniel Brown <[EMAIL PROTECTED]> wrote: > On Feb 16, 2008 3:31 PM, Adil Drissi > <[EMAIL PROTECTED]> wrote: > > Hi everybody, > > > > I need help with sessions. > > I have a simple authentification relying only on > > sessions (i don't use cookies). > > Just to let you know, if you're using sessions, > you're using > cookies. You're not setting the data in the > client-side cookie, but a > cookie is still installed on the system containing > the PHPSESSID. > > -- > > > Daniel P. Brown > Senior Unix Geek > > Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session destruction problem
On Feb 16, 2008 3:31 PM, Adil Drissi <[EMAIL PROTECTED]> wrote: > Hi everybody, > > I need help with sessions. > I have a simple authentification relying only on > sessions (i don't use cookies). Just to let you know, if you're using sessions, you're using cookies. You're not setting the data in the client-side cookie, but a cookie is still installed on the system containing the PHPSESSID. -- Daniel P. Brown Senior Unix Geek -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session destruction problem
> > > Is your session being set in any other place but > your login page? > No, just in the page just to which the form of login and password points. Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session destruction problem
Adil Drissi wrote: > Hi everybody, > > I need help with sessions. > I have a simple authentification relying only on > sessions (i don't use cookies). After the user submits > his username and password, the script checks if that > corresponds to a record in a mysql table. If this is > the case "$_SESSION['sessioname'] = $_POST['login'];". > the $_SESSION['sessioname'] is checked in subsequent > pages to see if the user is connected or not. > The problem is after the user logs out, and after that > uses the previous button of the browser he becomes > connected. How can i prevent this please. > > Here is my logout.php: > > session_start(); > unset($_SESSION["sessioname"]); > session_destroy(); > header("location: index.php"); > ?> > > Thank you for advance > > > > > Looking for last minute shopping deals? > Find them fast with Yahoo! Search. > http://tools.search.yahoo.com/newsearch/category.php?category=shopping > > Is your session being set in any other place but your login page? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session destruction problem
Hi everybody, I need help with sessions. I have a simple authentification relying only on sessions (i don't use cookies). After the user submits his username and password, the script checks if that corresponds to a record in a mysql table. If this is the case "$_SESSION['sessioname'] = $_POST['login'];". the $_SESSION['sessioname'] is checked in subsequent pages to see if the user is connected or not. The problem is after the user logs out, and after that uses the previous button of the browser he becomes connected. How can i prevent this please. Here is my logout.php: Thank you for advance Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session destruction
From: Kristofer Thorssell <[EMAIL PROTECTED]> Date: Thu, Sep 06, 2001 at 04:56:17PM +0200 Message-ID: <[EMAIL PROTECTED]> Subject: [PHP] Session destruction > session_start(); > if(session_destroy()) echo "You are now logged out"; > ?> > > is there something wrong with this? > because i've seen many comments where people say that you can't have start > and destroy in the same script. > > /Kristofer I don't know who the h*ll told you that, but session_start() _has_to_be_ in the same script as session_destroy(). Otherwise that d#mn thing doesn't know what to destroy. -- * R&zE: -- -- Renze Munnik -- DataLink BV -- -- E: [EMAIL PROTECTED] -- W: +31 23 5326162 -- F: +31 23 5322144 -- M: +31 6 21811143 -- -- Stationsplein 82 -- 2011 LM HAARLEM -- Netherlands -- -- http://www.datalink.nl -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Session destruction
is there something wrong with this? because i've seen many comments where people say that you can't have start and destroy in the same script. /Kristofer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]