$_SESSIONs are closing without killing them !!

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
amirbwb
Forum Commoner
Posts: 89
Joined: Sat Oct 30, 2010 6:10 pm

$_SESSIONs are closing without killing them !!

Post by amirbwb »

Hello I am facing now another problem which is defining sessions !!!

While the user is logged in, some times when he is entes a secure page, the user will be referred automatically to the login page (sessions are unset or killed)
So what is the problem?? Here is my code plan for:.

LOGIN:

Code: Select all

if(userane == $_POST['username'] and password == $_POST['username'])
$_SESSION['user_id'] == $row_login_info['user_id'];

else

$error='ERROR';
PROTECTION PAGE:

Code: Select all

session_start();
if(!isset($_SESSION['user_id']) || empty($_SESSION['user_id'])){
header('Location:login.php');
}

why do you think that the user when he logged in, suddenly in a random duration after login, he will be automatically "LOGGED OUT" ???
Last edited by amirbwb on Mon Nov 14, 2011 2:24 am, edited 1 time in total.
danwguy
Forum Contributor
Posts: 256
Joined: Wed Nov 17, 2010 1:09 pm
Location: San Diego, CA

Re: $_SESSIONs are closing without killing them !!

Post by danwguy »

Off the top of my head I can see one problem... you aren't declaring the variables in your first bit of code...

Code: Select all

if(userane == $_POST['username'] and password == $_POST['username'])
$_SESSION['user_id'] == $row_login_info['user_id'];

else

$error='ERROR';
should be...

Code: Select all

if($userane == $_POST['username'] && $password == $_POST['password'])
$_SESSION['user_id'] = $row_login_info['user_id'];

else

$error='ERROR';
unless you are using define to hold those 2 vars. And there's no need to double = when assigning a var, only when checking 2 vars, plus you are checking 2 different vars against one $_POST var, you were checking $userane == $_POST['username'] AND $password == $_POST['username']
User avatar
amirbwb
Forum Commoner
Posts: 89
Joined: Sat Oct 30, 2010 6:10 pm

Re: $_SESSIONs are closing without killing them !!

Post by amirbwb »

am sry I was making a fast plan !! this is not the real php code :P

here is the real code

Code: Select all

Login page

Code: Select all

if(isset($_POST['username'])){
	$username=mysql_real_escape_string($_POST['username']);
	$password=mysql_real_escape_string($_POST['password']);
	
	mysql_select_db($database_connection,$connection) or die(mysql_error());
	$login_q="select * from employee where username='$username' and password='$password'";
	$login=mysql_query($login_q,$connection);
	$row_login=mysql_fetch_assoc($login);
	$num_login=mysql_num_rows($login);
	
	if($num_login == 0){
		$error='<p class="error" style="margin:0px;">Wrong username or password</p>';
	}elseif($num_login == '1'){
		
		
			$_SESSION['card']='';
			unset($_SESSION['card']);
			
		
		
		$_SESSION['medischool'] = $row_login['e_id'];
		$_SESSION['school'] = $row_login['school'];
		
		header('Location:index.php');
	}

protection page:

Code: Select all

<?php
if(!isset($_SESSION)){
	session_start();	
}

if(!isset($_SESSION['medischool']) || empty($_SESSION['medischool']) || !isset($_SESSION['school']) || empty($_SESSION['school'])){
	header('Location:login.php');	
}else{
	$session_medischool=$_SESSION['medischool'];
	$session_school=$_SESSION['school'];
	
	if(is_numeric($session_school)){
		$sschool_query="scl_id='$session_school' and";
	}
	
	if($session_school == 'admin'){
		$adminonly='adminonly';	
	}
	
}
?>
danwguy
Forum Contributor
Posts: 256
Joined: Wed Nov 17, 2010 1:09 pm
Location: San Diego, CA

Re: $_SESSIONs are closing without killing them !!

Post by danwguy »

on protection page don;t check for $_SESSION vars before claiming a session_start();
You always need to do session_start();
So it should be like this...
and I'm not 100% sure but are you sure you want to be checking all those or checks I would think it would be more like...
if(!isset($_SESSION['medischool']) || empty($_SESSION['medischool']) && (!isset($_SESSION['school']) || empty($_SESSION['school')))
I could be totally wrong there, just seems like you are doing a lot of or statements and I would think your program will allow either session['medischool'] OR session['school'] If I'm wrong disregard that, but still get rid of the check for session before starting session

Code: Select all

<?php
session_start();        

if(!isset($_SESSION['medischool']) || empty($_SESSION['medischool']) || !isset($_SESSION['school']) || empty($_SESSION['school'])){
        header('Location:login.php');   
}else{
        $session_medischool=$_SESSION['medischool'];
        $session_school=$_SESSION['school'];
        
        if(is_numeric($session_school)){
                $sschool_query="scl_id='$session_school' and";
        }
        
        if($session_school == 'admin'){
                $adminonly='adminonly'; 
        }
        
}
?>
User avatar
amirbwb
Forum Commoner
Posts: 89
Joined: Sat Oct 30, 2010 6:10 pm

Re: $_SESSIONs are closing without killing them !!

Post by amirbwb »

mmm maybe u r right about statement for session_start() anw i will tell u what will happen with me ...
but is there any problem if I wrote 2 times or more "session_start()" in the same page?
danwguy
Forum Contributor
Posts: 256
Joined: Wed Nov 17, 2010 1:09 pm
Location: San Diego, CA

Re: $_SESSIONs are closing without killing them !!

Post by danwguy »

yes, you should never do session_start more than once per page, I always just put session_start(); as the very first line of php code, then you don't have to worry about it again on that page.
User avatar
amirbwb
Forum Commoner
Posts: 89
Joined: Sat Oct 30, 2010 6:10 pm

Re: $_SESSIONs are closing without killing them !!

Post by amirbwb »

man I have done what you told me to do, but when I logged in and surfed some pages inside the software ... ten minutes later without any activity on the soft (I was on facebook) ... then I went back to the soft refreshed the pages and boom ... I was redirected to the login page, All sessions were automatically killed !! I also defined 2 sessions that I have not created a logout for them (I mean by logout: 2 sessions that I have not written unset(session) or $session='' in all the soft) were also killed ...
I checked all the sessions with print_r($_SESSION) ...

do you think that the problem is from the browser or maybe session don't live to long time without reviving them by session_start() ??
I am using firefox mozilla v8.0
Post Reply