Page 1 of 1

Change Password functionality & existing session cookie

Posted: Sun Sep 27, 2009 3:52 pm
by edawson003
I recently implemented a change password functionality on my site; however, once a user changes their password, the session/cookie code I have in place forces the user back to the login page (I guess to reset the session cookie). Is there anyway to just update the session cookie upon password change, such that that doesn't have to log back in again? Tell you truth, I am little at a loss when comes to the whole cookie setting concept (something for me to brush up on I guess).


Here's the code that seems to check for set cookie session:

Code: Select all

function checkLogin(){
   /* Check if user has been remembered */
   if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){
      $_SESSION['username'] = $_COOKIE['cookname'];
      $_SESSION['password'] = $_COOKIE['cookpass'];
   }
 
   /* Username and password have been set */
   if(isset($_SESSION['username']) && isset($_SESSION['password'])){
      /* Confirm that username and password are valid */
      if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){
         /* Variables are incorrect, user not logged in */
         unset($_SESSION['username']);
         unset($_SESSION['password']);
         return false;
      }
      return true;
   }
   /* User not logged in */
   else{
      return false;
   }
}
Here's the code from my login page that sets the remember me/session me cookie:

Code: Select all

/* Username and password correct, register session variables */
   $_POST['user'] = stripslashes($_POST['user']);
   $_SESSION['username'] = $_POST['user'];
   $_SESSION['password'] = $md5pass;
 
   if(isset($_POST['remember'])){
      setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/");
      setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/");
   }
 
   /* Quick self-redirect to avoid resending data on refresh */
   echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";
   return;
}

Re: Change Password functionality & existing session cookie

Posted: Sun Sep 27, 2009 4:33 pm
by requinix
In your change-password code set $_SESSION["password"] and if isset($_COOKIE["cookpass"]) set that too.

Re: Change Password functionality & existing session cookie

Posted: Sun Sep 27, 2009 4:53 pm
by edawson003
Sweet. That worked! Thanks!