Session start

Prev: Major Cookie Problem
Next: form help

From: Barry Zimmerman on 14 May 2010 12:47

---

I have a problem with my system, not sure how I can fix this one. A user has
a log in page and takes them to different pages, now each of these pages has
a check to make sure they are logged in with the following code:

session_start();
if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) {
header ("Location: login.html");
exit;
}

So if they are not logged in it redirects them to the log in page. No
problems there.

Now if a user is not logged in and comes back to that page, it starts the
session so giving them a session id and redirects them back to thge login
page. The problem I have is I do NOT want the session to start, I need them
to hit the log in page with no sessions there. I have tried all sorts but
just cannot get this to work.

I have tried adding this to the code.

session_start();
if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) {
*session_destroy();*
header ("Location: login.html");
exit;
}

But that did not work? Please I am stuck for ideas?

From: Peter Lind on 14 May 2010 13:05

---

On 14 May 2010 18:47, Barry Zimmerman <barryzimmo(a)googlemail.com> wrote:
> I have a problem with my system, not sure how I can fix this one. A user has
> a log in page and takes them to different pages, now each of these pages has
> a check to make sure they are logged in with the following code:
>
> session_start();
> if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) {
> header ("Location: login.html");
> exit;
> }
>
> So if they are not logged in it redirects them to the log in page. No
> problems there.
>
> Now if a user is not logged in and comes back to that page, it starts the
> session so giving them a session id and redirects them back to thge login
> page. The problem I have is I do NOT want the session to start, I need them
> to hit the log in page with no sessions there. I have tried all sorts but
> just cannot get this to work.
>
> I have tried adding this to the code.
>
> session_start();
> if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) {
> *session_destroy();*
> header ("Location: login.html");
> exit;
> }
>
> But that did not work? Please I am stuck for ideas?
>

Read the manual on session_destroy. Specifically, if you want to
complete destroy the session, unset the session cookie as well.

On a separate note: why do you care if the session has started or not?
If nothing is stored in the session then there's not much difference
to you.

Regards
Peter

--
<hype>
WWW: http://plphp.dk / http://plind.dk
LinkedIn: http://www.linkedin.com/in/plind
Flickr: http://www.flickr.com/photos/fake51
BeWelcome: Fake51
Couchsurfing: Fake51
</hype>

From: Luiz Alberto on 14 May 2010 13:24

---

Barry,

Did you try to use setcookie with expiry date in the past? You could
use
setcookie before header function of the following manner.

session_start();
if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) {
setcookie("session","session id", 1);
header ("Location: login.html");
}

Best regards,
Luiz Alberto



On Fri, 2010-05-14 at 17:47 +0100, Barry Zimmerman wrote:

> I have a problem with my system, not sure how I can fix this one. A user has
> a log in page and takes them to different pages, now each of these pages has
> a check to make sure they are logged in with the following code:
>
> session_start();
> if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) {
> header ("Location: login.html");
> exit;
> }
>
> So if they are not logged in it redirects them to the log in page. No
> problems there.
>
> Now if a user is not logged in and comes back to that page, it starts the
> session so giving them a session id and redirects them back to thge login
> page. The problem I have is I do NOT want the session to start, I need them
> to hit the log in page with no sessions there. I have tried all sorts but
> just cannot get this to work.
>
> I have tried adding this to the code.
>
> session_start();
> if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) {
> *session_destroy();*
> header ("Location: login.html");
> exit;
> }
>
> But that did not work? Please I am stuck for ideas?

From: Artur Ejsmont on 14 May 2010 14:29

---

id also suggest to revisit the entire login script that you have attached,
its a bit overly complicated. Keep amount of if statements to the minimum
and you will not get lost. Try to keep it simple.

Session is not a problem for you, just make a very simple set of rules when
user is logging in, logging out and how to check if he is logged in.

i guess its worth having a look at some open source apps or frameworks and
see how they do it, good luck

art

On 14 May 2010 18:24, Luiz Alberto <gomes.luiz(a)gmail.com> wrote:

> Barry,
>
> Did you try to use setcookie with expiry date in the past? You could
> use
> setcookie before header function of the following manner.
>
> session_start();
> if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) {
> setcookie("session","session id", 1);
> header ("Location: login.html");
> }
>
> Best regards,
> Luiz Alberto
>
>
>
> On Fri, 2010-05-14 at 17:47 +0100, Barry Zimmerman wrote:
>
> > I have a problem with my system, not sure how I can fix this one. A user
> has
> > a log in page and takes them to different pages, now each of these pages
> has
> > a check to make sure they are logged in with the following code:
> >
> > session_start();
> > if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) {
> > header ("Location: login.html");
> > exit;
> > }
> >
> > So if they are not logged in it redirects them to the log in page. No
> > problems there.
> >
> > Now if a user is not logged in and comes back to that page, it starts the
> > session so giving them a session id and redirects them back to thge login
> > page. The problem I have is I do NOT want the session to start, I need
> them
> > to hit the log in page with no sessions there. I have tried all sorts but
> > just cannot get this to work.
> >
> > I have tried adding this to the code.
> >
> > session_start();
> > if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) {
> > *session_destroy();*
> > header ("Location: login.html");
> > exit;
> > }
> >
> > But that did not work? Please I am stuck for ideas?
>

From: Dustin Simpson on 14 May 2010 19:43

---

Barry,

session_start(); will not wipe clean the user's session so there is
something else going on.

Does the login.html authentication script correctly set
$_SESSION['username'] ?

Also, it has been my experience that code like
isset($_SESSION['username']) is better if you replace it with
array_key_exists('username',$_SESSION)

Thanks,
--Dustin
Barry Zimmerman wrote:
> I have a problem with my system, not sure how I can fix this one. A user has
> a log in page and takes them to different pages, now each of these pages has
> a check to make sure they are logged in with the following code:
>
> session_start();
> if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) {
> header ("Location: login.html");
> exit;
> }
>
> So if they are not logged in it redirects them to the log in page. No
> problems there.
>
> Now if a user is not logged in and comes back to that page, it starts the
> session so giving them a session id and redirects them back to thge login
> page. The problem I have is I do NOT want the session to start, I need them
> to hit the log in page with no sessions there. I have tried all sorts but
> just cannot get this to work.
>
> I have tried adding this to the code.
>
> session_start();
> if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) {
> *session_destroy();*
> header ("Location: login.html");
> exit;
> }
>
> But that did not work? Please I am stuck for ideas?
>
>

 | 
Pages: 1
Prev: Major Cookie Problem
Next: form help