hi all.
can someone explain this strange behaviour:
i have a login system based on sessions, but sometimes(few and random) everytime i login, i get send back to login again, the page simply expires.
there's nothing wrong with logins and passwords, the problem is the session functions, maybe i'm forgetting something.
thanks.
session problem
Moderator: General Moderators
- Maugrim_The_Reaper
- DevNet Master
- Posts: 2704
- Joined: Tue Nov 02, 2004 5:43 am
- Location: Ireland
-
mcog_esteban
- Forum Contributor
- Posts: 127
- Joined: Tue Dec 30, 2003 3:28 pm
i have only these:
session_save_path(...);
session_start();
the logout has the code i saw on http://www.php.net documentation about session_destroy()
session_save_path(...);
session_start();
the logout has the code i saw on http://www.php.net documentation about session_destroy()
-
mcog_esteban
- Forum Contributor
- Posts: 127
- Joined: Tue Dec 30, 2003 3:28 pm
this is the code i use to logout
Code: Select all
<?php
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time()-42000, '/');
}
// Finally, destroy the session.
session_destroy();
<?php
?>- Maugrim_The_Reaper
- DevNet Master
- Posts: 2704
- Joined: Tue Nov 02, 2004 5:43 am
- Location: Ireland
Logout looks fine - but your problem seems to be logging in...
Check you have something in your code that checks whether the user of a session is logged in or out.
For example after checking password, set $_SESSION[online] = "true", then check that value on each page to ensure the user who sent the page request is logged in...
only use $_SESSION = array()/session_destroy() on logout - neither should be present in the initial login code - unless the user got the password wrong and you want to delete any session data.
Check you have something in your code that checks whether the user of a session is logged in or out.
For example after checking password, set $_SESSION[online] = "true", then check that value on each page to ensure the user who sent the page request is logged in...
only use $_SESSION = array()/session_destroy() on logout - neither should be present in the initial login code - unless the user got the password wrong and you want to delete any session data.
-
mcog_esteban
- Forum Contributor
- Posts: 127
- Joined: Tue Dec 30, 2003 3:28 pm