Page 1 of 1
$_SESSIONs are closing without killing them !!
Posted: Sun Nov 13, 2011 12:29 pm
by amirbwb
Hello I am facing now another problem which is defining sessions !!!
While the user is logged in, some times when he is entes a secure page, the user will be referred automatically to the login page (sessions are unset or killed)
So what is the problem?? Here is my code plan for:.
LOGIN:
Code: Select all
if(userane == $_POST['username'] and password == $_POST['username'])
$_SESSION['user_id'] == $row_login_info['user_id'];
else
$error='ERROR';
PROTECTION PAGE:
Code: Select all
session_start();
if(!isset($_SESSION['user_id']) || empty($_SESSION['user_id'])){
header('Location:login.php');
}
why do you think that the user when he logged in, suddenly in a random duration after login, he will be automatically "LOGGED OUT" ???
Re: $_SESSIONs are closing without killing them !!
Posted: Sun Nov 13, 2011 12:42 pm
by danwguy
Off the top of my head I can see one problem... you aren't declaring the variables in your first bit of code...
Code: Select all
if(userane == $_POST['username'] and password == $_POST['username'])
$_SESSION['user_id'] == $row_login_info['user_id'];
else
$error='ERROR';
should be...
Code: Select all
if($userane == $_POST['username'] && $password == $_POST['password'])
$_SESSION['user_id'] = $row_login_info['user_id'];
else
$error='ERROR';
unless you are using define to hold those 2 vars. And there's no need to double = when assigning a var, only when checking 2 vars, plus you are checking 2 different vars against one $_POST var, you were checking $userane == $_POST['username'] AND $password == $_POST['username']
Re: $_SESSIONs are closing without killing them !!
Posted: Sun Nov 13, 2011 12:50 pm
by amirbwb
am sry I was making a fast plan !! this is not the real php code
here is the real code
Code: Select all
if(isset($_POST['username'])){
$username=mysql_real_escape_string($_POST['username']);
$password=mysql_real_escape_string($_POST['password']);
mysql_select_db($database_connection,$connection) or die(mysql_error());
$login_q="select * from employee where username='$username' and password='$password'";
$login=mysql_query($login_q,$connection);
$row_login=mysql_fetch_assoc($login);
$num_login=mysql_num_rows($login);
if($num_login == 0){
$error='<p class="error" style="margin:0px;">Wrong username or password</p>';
}elseif($num_login == '1'){
$_SESSION['card']='';
unset($_SESSION['card']);
$_SESSION['medischool'] = $row_login['e_id'];
$_SESSION['school'] = $row_login['school'];
header('Location:index.php');
}
protection page:
Code: Select all
<?php
if(!isset($_SESSION)){
session_start();
}
if(!isset($_SESSION['medischool']) || empty($_SESSION['medischool']) || !isset($_SESSION['school']) || empty($_SESSION['school'])){
header('Location:login.php');
}else{
$session_medischool=$_SESSION['medischool'];
$session_school=$_SESSION['school'];
if(is_numeric($session_school)){
$sschool_query="scl_id='$session_school' and";
}
if($session_school == 'admin'){
$adminonly='adminonly';
}
}
?>
Re: $_SESSIONs are closing without killing them !!
Posted: Sun Nov 13, 2011 1:09 pm
by danwguy
on protection page don;t check for $_SESSION vars before claiming a session_start();
You always need to do session_start();
So it should be like this...
and I'm not 100% sure but are you sure you want to be checking all those or checks I would think it would be more like...
if(!isset($_SESSION['medischool']) || empty($_SESSION['medischool']) && (!isset($_SESSION['school']) || empty($_SESSION['school')))
I could be totally wrong there, just seems like you are doing a lot of or statements and I would think your program will allow either session['medischool'] OR session['school'] If I'm wrong disregard that, but still get rid of the check for session before starting session
Code: Select all
<?php
session_start();
if(!isset($_SESSION['medischool']) || empty($_SESSION['medischool']) || !isset($_SESSION['school']) || empty($_SESSION['school'])){
header('Location:login.php');
}else{
$session_medischool=$_SESSION['medischool'];
$session_school=$_SESSION['school'];
if(is_numeric($session_school)){
$sschool_query="scl_id='$session_school' and";
}
if($session_school == 'admin'){
$adminonly='adminonly';
}
}
?>
Re: $_SESSIONs are closing without killing them !!
Posted: Sun Nov 13, 2011 1:16 pm
by amirbwb
mmm maybe u r right about statement for session_start() anw i will tell u what will happen with me ...
but is there any problem if I wrote 2 times or more "session_start()" in the same page?
Re: $_SESSIONs are closing without killing them !!
Posted: Sun Nov 13, 2011 1:22 pm
by danwguy
yes, you should never do session_start more than once per page, I always just put session_start(); as the very first line of php code, then you don't have to worry about it again on that page.
Re: $_SESSIONs are closing without killing them !!
Posted: Sun Nov 13, 2011 3:15 pm
by amirbwb
man I have done what you told me to do, but when I logged in and surfed some pages inside the software ... ten minutes later without any activity on the soft (I was on facebook) ... then I went back to the soft refreshed the pages and boom ... I was redirected to the login page, All sessions were automatically killed !! I also defined 2 sessions that I have not created a logout for them (I mean by logout: 2 sessions that I have not written unset(session) or $session='' in all the soft) were also killed ...
I checked all the sessions with print_r($_SESSION) ...
do you think that the problem is from the browser or maybe session don't live to long time without reviving them by session_start() ??
I am using firefox mozilla v8.0