Page 1 of 1

A problem with sessions!

Posted: Thu Aug 14, 2003 4:45 am
by HSN
Hello,

I'm new in this forum. I hope that you help me with my problem which is about sessions. I have a login system and I set a session for it. But, when I close the internet explorer, it removes the sessions and requires login again while when I'm exploring in the web site, the session does not remove.

Please help me...!
:wink:

This is the way I set the session:

Code: Select all

if ( $un && $ps )
{
	require_once ('config.php');
	$query = " SELECT user_id , first_name FROM users WHERE username = '$un' AND password = PASSWORD ('$ps') ";
	$result = @mysql_query ($query);
	$row = mysql_fetch_array($result);
	
	if ($row)
	{
		$_SESSION['user_id'] = $row[0];
		$_SESSION['first_name'] = $row[1];
		$message = "You are now logged in {$_SESSION['first_name']}";
	}
	else
	{
		$message = 'Invalid username or password!';
	}
}

Posted: Thu Aug 14, 2003 4:50 am
by Seth_[php.pl]
Where is session_start() ?

Posted: Thu Aug 14, 2003 10:31 am
by HSN
I have started it at the begining of the script :)

Posted: Thu Aug 14, 2003 11:33 am
by tsg
You say when you close explorer, it requires you to log in. I may not be understanding the question, but when you close the window, it does end the session.

Are you trying to end the session like a log out?

Posted: Thu Aug 14, 2003 1:37 pm
by Stoneguard
From what I understand, you are saying the sessions are not being cleaned up on your system. From what I read in the php manual, php does not auTomatically clean up the session files on windows based machines, in any case:
Note: If you are using the default file-based session handler, your filesystem must keep track of access times (atime). Windows FAT does not so you will have to come up with another way to handle garbage collecting your session if you are stuck with a FAT filesystem or any other fs where atime tracking is not available.

Posted: Thu Aug 14, 2003 2:07 pm
by HSN
Yes I'm trying to make a logout script. I want the session to not be removed. I want it always work until I turn on the log out script and destroy the session.

Like in this forum, I can choose whether it remember my login info or not. Means, if I choose that it remember the info, I'll not need to log in everytime I want to post a reply untill I remove the cookies or log out.

:!:

Posted: Fri Aug 15, 2003 9:42 am
by Stoneguard
You cannot maintain a Session across browser open and closings. The userid and password information for this forum is saved in a cookie on your local PC (or a cookie that identifies you is saved) and when you reconnect to the server, the server looks for that cookie and automatically 'logs you on'.

So, what you want is some script that will set a cookie to expire in the far future when the user logs in, and then every time the user comes to your site, you want to check for the cookie, if it exists, log them in. Otherwise, require them to log in. (btw this type of login should in most cases be optional, as it compromises system security, especially if the user is using a shared computer).

Posted: Fri Aug 15, 2003 10:15 am
by Seth_[php.pl]
Recently I've writen this few lines of code ;)

Code: Select all

<?php
//... 

ignore_user_abort( true ); 
set_time_limit( 0 ); 

while ( !connection_aborted() ) 
{ 
  print "\n"; 
  flush(); 
   
  sleep( 1 ); 
} 

// place code here
exit();
?>
If you place this at the end of your script it will keep connection with client until he stop browsing your site. It may help to destroy session when user close browser.

Posted: Fri Aug 15, 2003 2:20 pm
by HSN
Stoneguard,

Thank you. I got the idea and I'll try to make this script.

Seth_[php.pl],

I don't want to destroy the sessions! Sounds that you didn't undrestand my question :)