session variable

From: Lüpher Cypher (lupher.cypher_at_verizon.net)
Date: 03/26/05 

Date: Sat, 26 Mar 2005 02:34:19 GMT

Hi,

I am having real trouble understanding what's wrong.
I have two sites that reside locally (for testing) and require login.
One works fine, but the other one seems to discard changes to a session
variable. Anyways, I've compared them and the code is much the same, but
something must be wrong.
Here's excerpts from the second one, the one that doesn't work:

class User {
...
function tryLogin($user,$pass) {
        global $user;
        ... // check db
        if (!$match) {
                return false;
        } else {
                $user->name = $row["user"];
                $_SESSION["user"] = $user;
        }
        return true;
}

Now, when the form is submitted, I'm checking:

global $user;
...
if ($submitted) {
        if ($user->tryLogin()) {
                // redirect via meta tag and output ""
        } else {
                // output error and form
        }
}

where $user is a registered session var (checked that end).
the problem is, if I check $_SESSION["user"]->name after I've changed
$user and updated the session var in tryLogin(), it is all fine. After
that, it is up to the meta tag and surrounding output, which should not
have any effect on this. So, right before the page reloads, name is set
correctly. But when the page reloads, it seems that it is the old $user
object in the session var, as $user->name is not set. Reassigning the
session var should've taken care of it, and it does in my first site,
but here apparently something is wrong. The login mechanism ist
basically the same in both sites, except that I made login as a method
in the second one - I tried taking it out and making it the same as in
the first one - doesn't help..
Any ideas why this could happen?

Lüph

Relevant Pages

  • Re: Custom URL String
    ... The reason is I want my users to login into another site I use for business, but I want to create my own homepage where they can login. ... True, no system is totally secure, but you may wish to consider using session vars instead. ... You'd need a database against which you'd query with the user & PW supplied in the form. ... put a check at the top of every secured page which tests for the existence of the session var. ...
    (php.general)
  • Re: Best way to check a session var on each page?
    ... >> I am setting a session var upon login that holds some data about the ... >> user bypasses the login page they are redirected to login first! ... >> each page load I can do a check of the session var and redirect if it's ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Best way to check a session var on each page?
    ... >I am setting a session var upon login that holds some data about the user. ... >user bypasses the login page they are redirected to login first! ... >each page load I can do a check of the session var and redirect if it's ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Best way to check a session var on each page?
    ... > I am setting a session var upon login that holds some data about the user. ... > user bypasses the login page they are redirected to login first! ... > each page load I can do a check of the session var and redirect if it's ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Web login problem
    ... Thanks Timo, the problem is that most of the time i do not want the page to ... do anything within the application, but when in the login page ... When user logs out the cookie is disposed. ... Setting this value to zero reloads page every time. ...
    (microsoft.public.dotnet.languages.vb)