Re: How to redirect after setting session?

From: deko (deko_at_hotmail.com)
Date: 03/12/05

  • Next message: evanescent.lurker_at_gmail.com: "Difference between == and === comparison" 
    Date: Sat, 12 Mar 2005 02:25:26 GMT

    > <?php
    > session_start();
    >
    > if(credentials are valid)
    > {
    > //set session and redirect
    > die();
    > }
    > ?>

    Thanks for the help.

    So I moved the code to the top of the page, and the redirect works now. But
    there are a couple of problems:

    Before, when I hit my browser's back button, I would get "Warning... page
    has expired" - which was nice - so the user could not log in again. Now I
    don't get that error - it just goes back to the login page. Is there a way
    to have that error appear?

    The other thing, which is more of a problem, is that when the the session
    expires, the "private page" has this code:

      echo "Your session has timed out. You must <a href= '".$url."'>log in
    again</a> to view this page.";
      session_destroy();

    When the user clicks on the link to go back to the login page, and re-enters
    credentials, then clicks submit, the redirect fails with "Cannot find
    page..." - apparently the header is getting screwed up the second time
    around. What appears in the address window of my browser is something like
    this:

    https://hostname.myisp.com/~acctname/?>

    Is there a way to clear out the header first? Other suggestions?

    Here is the revised code:

    session_start();
    if ($username && $password)
    {
     $uid = trim($username);
     $pas = trim($password);
     if (credentials are valid)
     {
      $_SESSION['user'] = $uid;
      $_SESSION['timeout'] = time();
      $url="    https://hostname.myisp.com/~acctname/privatePage.php";
      header("Location: $url");
      unset($em);
      unset($pw);
      die();
     }
    }
    ?>
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
       "http://www.w3.org/TR/html4/loose.dtd">
    <html>
    <head>
    [html code...]
    <?php
    //if we are here then user enter bad credentials
    if ($username && $password)
    {
     echo "Login Failed";
    }
    ?>
    [more html code...]

  • Next message: evanescent.lurker_at_gmail.com: "Difference between == and === comparison"

    Relevant Pages

    • Re: What is the best way to login my website from another website?
      ... IMO *they* should redirect to your site based upon the web service result ... a new login request is issued). ... They are not using those credentials at all at their site? ...
      (microsoft.public.dotnet.framework.aspnet)
    • Re: Encrypted or Not Encrypted
      ... Now, from what I understand, the login credentials would still be ... the effect of having it redirect to a secure site in the first place. ...
      (Security-Basics)
    • Re: Windows authentication after session expiry
      ... In both cases your domain users will not need to login to access the site. ... for Windows Authentication (Should use looged in user's credentials). ... trying to redirect it to Authenticate.aspx. ...
      (microsoft.public.sharepoint.windowsservices)
    • How do I send authentication data?
      ... I wish to create a login page that prompts the user for a user name ... then uses these credentials to redirect the user to a ...
      (comp.lang.php)
    • Re: Default.aspx - newbie Q`
      ... check and redirect to the ReturnURL or Selected.aspx depending on the case. ... > and replace it with something that takes then straight to the login page. ... >> Curt Christianson ... >>> authentication ...
      (microsoft.public.dotnet.framework.aspnet)