Prev: Major Cookie Problem
Next: form help
From: Barry Zimmerman on 14 May 2010 12:47 I have a problem with my system, not sure how I can fix this one. A user has a log in page and takes them to different pages, now each of these pages has a check to make sure they are logged in with the following code: session_start(); if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) { header ("Location: login.html"); exit; } So if they are not logged in it redirects them to the log in page. No problems there. Now if a user is not logged in and comes back to that page, it starts the session so giving them a session id and redirects them back to thge login page. The problem I have is I do NOT want the session to start, I need them to hit the log in page with no sessions there. I have tried all sorts but just cannot get this to work. I have tried adding this to the code. session_start(); if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) { *session_destroy();* header ("Location: login.html"); exit; } But that did not work? Please I am stuck for ideas?
From: Peter Lind on 14 May 2010 13:05 On 14 May 2010 18:47, Barry Zimmerman <barryzimmo(a)googlemail.com> wrote: > I have a problem with my system, not sure how I can fix this one. A user has > a log in page and takes them to different pages, now each of these pages has > a check to make sure they are logged in with the following code: > > session_start(); > if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) { > header ("Location: login.html"); > exit; > } > > So if they are not logged in it redirects them to the log in page. No > problems there. > > Now if a user is not logged in and comes back to that page, it starts the > session so giving them a session id and redirects them back to thge login > page. The problem I have is I do NOT want the session to start, I need them > to hit the log in page with no sessions there. I have tried all sorts but > just cannot get this to work. > > I have tried adding this to the code. > > session_start(); > if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) { > *session_destroy();* > header ("Location: login.html"); > exit; > } > > But that did not work? Please I am stuck for ideas? > Read the manual on session_destroy. Specifically, if you want to complete destroy the session, unset the session cookie as well. On a separate note: why do you care if the session has started or not? If nothing is stored in the session then there's not much difference to you. Regards Peter -- <hype> WWW: http://plphp.dk / http://plind.dk LinkedIn: http://www.linkedin.com/in/plind Flickr: http://www.flickr.com/photos/fake51 BeWelcome: Fake51 Couchsurfing: Fake51 </hype>
From: Luiz Alberto on 14 May 2010 13:24 Barry, Did you try to use setcookie with expiry date in the past? You could use setcookie before header function of the following manner. session_start(); if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) { setcookie("session","session id", 1); header ("Location: login.html"); } Best regards, Luiz Alberto On Fri, 2010-05-14 at 17:47 +0100, Barry Zimmerman wrote: > I have a problem with my system, not sure how I can fix this one. A user has > a log in page and takes them to different pages, now each of these pages has > a check to make sure they are logged in with the following code: > > session_start(); > if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) { > header ("Location: login.html"); > exit; > } > > So if they are not logged in it redirects them to the log in page. No > problems there. > > Now if a user is not logged in and comes back to that page, it starts the > session so giving them a session id and redirects them back to thge login > page. The problem I have is I do NOT want the session to start, I need them > to hit the log in page with no sessions there. I have tried all sorts but > just cannot get this to work. > > I have tried adding this to the code. > > session_start(); > if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) { > *session_destroy();* > header ("Location: login.html"); > exit; > } > > But that did not work? Please I am stuck for ideas?
From: Artur Ejsmont on 14 May 2010 14:29 id also suggest to revisit the entire login script that you have attached, its a bit overly complicated. Keep amount of if statements to the minimum and you will not get lost. Try to keep it simple. Session is not a problem for you, just make a very simple set of rules when user is logging in, logging out and how to check if he is logged in. i guess its worth having a look at some open source apps or frameworks and see how they do it, good luck art On 14 May 2010 18:24, Luiz Alberto <gomes.luiz(a)gmail.com> wrote: > Barry, > > Did you try to use setcookie with expiry date in the past? You could > use > setcookie before header function of the following manner. > > session_start(); > if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) { > setcookie("session","session id", 1); > header ("Location: login.html"); > } > > Best regards, > Luiz Alberto > > > > On Fri, 2010-05-14 at 17:47 +0100, Barry Zimmerman wrote: > > > I have a problem with my system, not sure how I can fix this one. A user > has > > a log in page and takes them to different pages, now each of these pages > has > > a check to make sure they are logged in with the following code: > > > > session_start(); > > if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) { > > header ("Location: login.html"); > > exit; > > } > > > > So if they are not logged in it redirects them to the log in page. No > > problems there. > > > > Now if a user is not logged in and comes back to that page, it starts the > > session so giving them a session id and redirects them back to thge login > > page. The problem I have is I do NOT want the session to start, I need > them > > to hit the log in page with no sessions there. I have tried all sorts but > > just cannot get this to work. > > > > I have tried adding this to the code. > > > > session_start(); > > if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) { > > *session_destroy();* > > header ("Location: login.html"); > > exit; > > } > > > > But that did not work? Please I am stuck for ideas? >
From: Dustin Simpson on 14 May 2010 19:43 Barry, session_start(); will not wipe clean the user's session so there is something else going on. Does the login.html authentication script correctly set $_SESSION['username'] ? Also, it has been my experience that code like isset($_SESSION['username']) is better if you replace it with array_key_exists('username',$_SESSION) Thanks, --Dustin Barry Zimmerman wrote: > I have a problem with my system, not sure how I can fix this one. A user has > a log in page and takes them to different pages, now each of these pages has > a check to make sure they are logged in with the following code: > > session_start(); > if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) { > header ("Location: login.html"); > exit; > } > > So if they are not logged in it redirects them to the log in page. No > problems there. > > Now if a user is not logged in and comes back to that page, it starts the > session so giving them a session id and redirects them back to thge login > page. The problem I have is I do NOT want the session to start, I need them > to hit the log in page with no sessions there. I have tried all sorts but > just cannot get this to work. > > I have tried adding this to the code. > > session_start(); > if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) { > *session_destroy();* > header ("Location: login.html"); > exit; > } > > But that did not work? Please I am stuck for ideas? > >
|
Pages: 1 Prev: Major Cookie Problem Next: form help |