session problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mcog_esteban
Forum Contributor
Posts: 127
Joined: Tue Dec 30, 2003 3:28 pm

session problem

Post by mcog_esteban »

hi all.
can someone explain this strange behaviour:
i have a login system based on sessions, but sometimes(few and random) everytime i login, i get send back to login again, the page simply expires.
there's nothing wrong with logins and passwords, the problem is the session functions, maybe i'm forgetting something.

thanks.
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

Example of the code involved?
mcog_esteban
Forum Contributor
Posts: 127
Joined: Tue Dec 30, 2003 3:28 pm

Post by mcog_esteban »

i have only these:

session_save_path(...);
session_start();

the logout has the code i saw on http://www.php.net documentation about session_destroy()
mcog_esteban
Forum Contributor
Posts: 127
Joined: Tue Dec 30, 2003 3:28 pm

Post by mcog_esteban »

this is the code i use to logout

Code: Select all

<?php
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();

// Unset all of the session variables.
$_SESSION = array();

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (isset($_COOKIE[session_name()])) {
   setcookie(session_name(), '', time()-42000, '/');
}

// Finally, destroy the session.
session_destroy();
<?php
?>
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

Logout looks fine - but your problem seems to be logging in...

Check you have something in your code that checks whether the user of a session is logged in or out.

For example after checking password, set $_SESSION[online] = "true", then check that value on each page to ensure the user who sent the page request is logged in...

only use $_SESSION = array()/session_destroy() on logout - neither should be present in the initial login code - unless the user got the password wrong and you want to delete any session data.
mcog_esteban
Forum Contributor
Posts: 127
Joined: Tue Dec 30, 2003 3:28 pm

Post by mcog_esteban »

well i have a small script that checks is the user is a certain session value is set

ex: if (empty($_SESSION['username'])) header("Location: login.php");

at the beginning of each script.

<?php
include "checkLogin.php";

session_save_path(...);
session_start();
.....
?>
Post Reply