Re: php sessions problem - wrong logic maybe
- From: Bartosz Wegrzyn <btgs@xxxxxxxxxxxxx>
- Date: Wed, 04 May 2005 03:30:33 GMT
I call session_start() in my auth.php.
The think is that if I use the browser first time, it works.
Also when I logoff (wchich destroys session and goes back to login screen) everything works fine.
The problem starts when I close the browser without login off. Then I have to login to every page. My logout script does this:
session_start(); session_destroy(); <META HTTP-EQUIV=\"refresh\" content=\"5; URL=\login/main.php\">
So what I though, is that if I put: session_start(); session_destroy(); in this part of the code:
// print login form and exit if failed.
if($num < 1){
echo "<center><BR><BR>You are not authenticated. Please login.<br><br>
<form method=POST action=''>
username: <input type=text name=\"username\"> <BR><BR>
password: <input type=password name=\"password\"> <BR><BR><BR>
<input value=login type=submit>
</form></center>";
exit;
}It shoud do the same what logout does. Unfortunately it does not.
I thing that there is something that I dont know about sessions. I don't like the thing that the user have to press logout. It should automatically destroy the session, if the browser was closed.
Any ideas
Bart
Alistair Baillie SS2002 wrote:
If 'menu' is suppost to be ur session variable, then you need to do $_SESSION['menu'];
You also need to call session_start();
- Ali
"Bartosz Wegrzyn" <btgs@xxxxxxxxxxxxx> wrote in message news:thGde.463$wj2.357@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I need help with sessions. I createt set of web site for nav with authorization.
first I go into main.php which looks like this:
<?php //common functions include_once '../login/common.php'; global $LOGINDIR;
//nav- navigation //auth- authorization include ("$LOGINDIR/nav.htm"); include ("$LOGINDIR/auth.php");
$menu = $_GET['menu']; switch($menu) { case 1: include "$LOGINDIR/menu1.php"; global $LOGINDIR; break;
case 2: include "$LOGINDIR/menu2.php"; global $LOGINDIR; break;
case 3: include "$LOGINDIR/menu3.php"; global $LOGINDIR; break;
case 4: include "$LOGINDIR/menu4.php"; global $LOGINDIR; break;
case 5: include "$LOGINDIR/menu5.php"; global $LOGINDIR; break;
default: include "$LOGINDIR/menudef.htm"; break; }
include ("$LOGINDIR/footer.htm"); ?>
</td> </tr> </table>
</body> </html>
My auth.php looks like this:
[root@lexon login]# cat auth.php <?php // auth.php include_once 'common.php'; include_once 'db.php'; dbConnect("corporate");
// start session session_start(); echo $_SESSION['username']; echo $_SESSION['password']; // convert username and password from _POST or _SESSION
if($_POST){ if (!$_SESSION['username'] && !$_SESSION['password']) { $_SESSION['username']=$_POST["username"]; $_SESSION['password']=$_POST["password"]; } }
echo "before the query"; echo $_SESSION['username']; echo $_SESSION['password'];
// query for a user/pass match
$result=mysql_query("select * from users
where username='" . $_SESSION['username'] . "' and password='" . $_SESSION['password'] . "'");
if ($result) {
// retrieve number of rows resulted $num=mysql_num_rows($result);
// print login form and exit if failed. if($num < 1){
echo "<center><BR><BR>You are not authenticated. Please login.<br><br> <form method=POST action=''> username: <input type=text name=\"username\"> <BR><BR> password: <input type=password name=\"password\"> <BR><BR><BR> <input value=login type=submit> </form></center>"; exit; }
$phonenumber = mysql_result($result,0,'phonenumber'); $username = mysql_result($result,0,'username'); $userlevel = mysql_result($result,0,'userlevel');
//check the logon time, logoff after 5min idle if (!$_SESSION['login_time']) {
$_SESSION['login_time']=time(); }; $lg_time = intval($_SESSION['login_time']);
// If the session start time is greater than the current time... if ($lg_time > time() || // If they have been logged in for longer than 5 minutes... (time() - $lg_time) > 60*5) {
unset ($_SESSION['login_time']); unset ($_SESSION['username']); unset ($_SESSION['password']);
include ("logoutexp.php"); exit; } $_SESSION['login_time']=time(); }; mysql_close(); ?>
After the time out php goes to logoutexp.php which looks like this: [root@lexon login]# cat logoutexp.php <? // Login & Session example by sde // logout.php
include "\login\common.php"; global $LOGINDIR;
// you must start session before destroying it session_start(); session_destroy();
echo "<center>For security reasons your session has expired.
<br><br> You will now be returned to the login page.
</center>
<META HTTP-EQUIV=\"refresh\" content=\"5; URL=\login/main.php\"> "; exit; ?>
It goes back to main.php and asks for auth.
The problem is if I try to navigate the page and I will go to for example to main.php?menu=4 I need to enter password again.
The only org aroun is to click logoutexp.php link and then everything is ok. I debug the script and I found out that the $_session['username'] and password is lost.
and ideas what is wrong?
thanks
bart
.
- Follow-Ups:
- Re: php sessions problem - wrong logic maybe
- From: Alistair Baillie SS2002
- Re: php sessions problem - wrong logic maybe
- References:
- php sessions problem - wrong logic maybe
- From: Bartosz Wegrzyn
- php sessions problem - wrong logic maybe
- Prev by Date: PRADO component framework v2.0.1 released
- Next by Date: Re: Error Pages with .htaccess
- Previous by thread: php sessions problem - wrong logic maybe
- Next by thread: Re: php sessions problem - wrong logic maybe
- Index(es):
Relevant Pages
|
Loading
