Re: $_SESSION['loggedin'] not working properly

When a user logs in to my site http://iwantyourquestion.com I set
$_SESSION['loggedin'] to true if his username and password are OK.
When he calls a page I check if $_SESSION['loggedin'] is true. If it
not I ask him to log in.

Every page has at the start:

session_start();
ob_start();

You forgot the part that begins <?php and *DOES NOT* have a DOCTYPE
line or any white space before it.

A user just told me that he was asked to log in again after he entered
his username and password. If they were incorrect he would be sent
back to the login page, but that was not what happened. He was asked
to log in again.

This is believable if he started a new session, which could happen a
number of ways:

- The user's browser doesn't accept cookies.
- The user cleared cookies.
- The user exited and restarted the browser, and your page uses
session cookies.
- The cookie expired. I'm not sure what your expire time is, but maybe
the user stayed logged in over a long lunch or weekend?.
- One of your pages forgot the session_start() call.

The only reason I can think of is that $_SESSION['loggedin'] was not
stored correctly. But why not?

Losing the session cookie is a major possibility. So also is running
out of disk space to store session data in.

When he tried to log in a second time everything worked fine. He was
allowed in.

Has anyone else experienced this and know why it happens?

Regards,

Jan Nordgreen



.

Relevant Pages

  • Re: Event driven handler in PHP
    ... php and session cookies. ... PHP does not natively support event interrupt handling. ... When you send input from the browser, a new process or thread is started to handle the input. ...
    (comp.lang.php)
  • Re: Probelm accessing websites from favorites...java problem?
    ... Suggest disabling any firewall until cookies are working correctly. ... certain your time, date, and time *zone* settings are all correct. ... Your Web Browser Options Are Currently Set to Disable ... > JavaScript and session Cookies enabled. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Phew - email problem sorted.
    ... a lot of PassWords are easily guessed. ... not to use the same UserName & PassWord for different things. ... Logged into (& Clear the Cookies & Temporary Internet Files Cache) ... cos some Cookies stay in the Browser for as ...
    (uk.people.silversurfers)
  • Re: Tor and cookies.
    ... I allow all cookies, then close Firefox and wipe them using Eraser. ... If you do need cookies to access sites, make sure to set the browser to ... If you're only accepting "session cookies" they're deleted ... automatically no matter what your cache settings are. ...
    (alt.privacy)
  • Re: Konqueror doesnt remember me
    ... >> Konqueror doesn't seem to same the username and password. ... Only accept cookies from originating server. ... Treat all cookies as session cookies ... At at point the radio control for default policy was greyed out. ...
    (alt.os.linux.suse)