Page 1 of 1
simple session login issue
Posted: Fri Oct 16, 2009 6:50 am
by gimpact
Hello,
I have this issue which looks simple to me but just cant get it right. I have this code in the login page. This code gets executed after all checks, when the user should be logged in.
Code: Select all
session_start();
$_SESSION['email'] = $email;
$_SESSION['name'] = $getAccount3['name'];
$_SESSION['public_name'] = $getAccount3['public_name'];
header("Location:http://www.domain.com?tag=index");
mysql_close($con);
die();
Now I have this code in my members page,
Code: Select all
session_start();
$tag= $_REQUEST['tag'];
if(ISSET($_SESSION['email'])){
if($tag == 'index'){
include ("index-home.php");
}else{
print "index error";
}
die();
}else{
print "Not logged in";
die();
}
I have no idea, why do i keep seeing Not logged in. any help will be appreciated.
Thank you,
Re: simple session login issue
Posted: Fri Oct 16, 2009 7:18 am
by superdezign
I don't believe that
die() and
session_write_close() are the same.
Re: simple session login issue
Posted: Fri Oct 16, 2009 8:57 am
by Eric!
lol. After you've logged in you have to have a way to log out too and kill the session with session_destroy().
Re: simple session login issue
Posted: Fri Oct 16, 2009 9:23 am
by gimpact
Eric! wrote:lol. After you've logged in you have to have a way to log out too and kill the session with session_destroy().
Yea, well, all that after I get to see my members page. With this I see nothing. as soon as I login, i am thrown out, as if I haven't logged in at all!

Re: simple session login issue
Posted: Fri Oct 16, 2009 10:41 am
by desperado
you are forcing a new session to start. try:
Code: Select all
[b][color=#800000]if (!isset($_SESSION)) {[/color]
[color=#800000]session_start();[/color]
[color=#800000]}[/color][/b]
$tag= $_REQUEST['tag'];
if(ISSET($_SESSION['email'])){
if($tag == 'index'){
include ("index-home.php");
}else{
print "index error";
}
die();
}else{
print "Not logged in";
die();
}
Re: simple session login issue
Posted: Fri Oct 16, 2009 11:05 am
by superdezign
desperado wrote:you are forcing a new session to start.
That's not the way sessions work.
session_start() only creates a new session if there is currently no session. Otherwise, it resumes the current session.
@gimpact: Did you try using
session_write_close() yet? This saves the session data so that it will be available at the next page request. The data isn't saved until the script finishes or you tell the script to save. There are problems with saving sessions after using
header() redirection, as this oftentimes stops your script from executing. Thus, the script doesn't finish and the data in your $_SESSION array is not saved.
Also, a less common problem is that the cookie was not created in time for your redirection. Sessions are based off of client-side cookies that save the client's session ID. If the session ID is not saved in the cookie, then your website will not recognize it until it is saved. A solution to this is giving your users a "Login successful" page to give the cookie time to be created. You can also send the session ID through the URL as the "SID" constant.
Re: simple session login issue
Posted: Fri Oct 16, 2009 11:52 am
by gimpact
Hi all, thanks for replying. This does not work
Code: Select all
session_start();
$_SESSION['email'] = $email;
$_SESSION['name'] = $getAccount3['name'];
$_SESSION['public_name'] = $getAccount3['public_name'];
session_write_close();
mysql_close($con);
header("Location:http://domain.com?tag=index");
die();
I am confused as why this is happening. my hosting with bluehost uses php5
Re: simple session login issue
Posted: Fri Oct 16, 2009 12:40 pm
by Eric!
Are you expecting that code to tell you: "Not logged in"? Because that code will always log you in by setting $_SESSION['email'], even if $email is empty you will be automatically logged into the page you are redirecting to because isset($_SESSION['email']) will return true, which is the only condition you're checking.
Re: simple session login issue
Posted: Fri Oct 16, 2009 9:02 pm
by superdezign
.. Is
isset() not case-sensitive? Most imperative programming languages are...
Re: simple session login issue
Posted: Sat Oct 17, 2009 10:40 am
by Eric!
I was wondering about the ISSET in all caps too, but I think it works. But notice if all he does is this:
Code: Select all
session_start();
$_SESSION['email'] = $email;
header("Location:http://domain.com?tag=index");
His other peice of code would always show him as logged-in as long as $email is set to something, even a null. I think most browser forms return a NULL for blank fields.
Re: simple session login issue
Posted: Sat Oct 17, 2009 11:51 am
by Mirge
superdezign wrote:.. Is
isset() not case-sensitive? Most imperative programming languages are...
No, according to "Programming PHP", PHP functions are not case sensitive. Might be one of the few things that are.. are variables/constants?
Code: Select all
<?php
$foo = 1;
if(isSET($foo)) { print "\$foo is set.\n"; }
if(iSSEt($foo)) { print "\$foo is set.\n"; }
if(ISSET($foo)) { print "\$foo is set.\n"; }
?>
$ php -q test.php
$foo is set.
$foo is set.
$foo is set.
$
Re: simple session login issue
Posted: Sat Oct 17, 2009 8:06 pm
by gimpact
Thank you for replying. Well, I had hell of a time figuring that out. I began checking from the login page, where I "echo" the session value and surprisingly it was working, so I did a echo in the member's index page and again, it was working. Then I did some searches and found that, what I actually need to do is, the check if the email is NULL or not.
Code: Select all
session_start();
if (isset($_SESSION['email']) || (!$_SESSION['email'] == '')){
// session exist
Some times, I am really nuts!
Many of you said that, merely checking
Code: Select all
session_start();
if (isset($_session['email'])){
}else{
}
is not enough, but it dint come to my mind immediately, that I should check with null

Re: simple session login issue
Posted: Sat Oct 17, 2009 8:30 pm
by Weiry
Rather than performing an isset() and whether the email value is NULL, you could just do an empty() check
Code: Select all
<?php
session_start();
if (!empty($_SESSION['email'])){
print "session started";
session_destroy();
}else{
print "session not started";
$_SESSION['email'] = "test@gmail.com";
}
?>