Page 1 of 1

sessions....urgent

Posted: Thu Dec 02, 2004 1:07 pm
by mcog_esteban
hi all.
can someone help me with this:
i'm having a strange problem using sessions,i have a login system based on sessions, and sometimes i can't login, the problem is that i can indeed login but the page creates another session id,sending me back to the login page, i get the tmp dir full of sess_*************** files with 0kb.First i thought that was something wrong with my code, and i did the simplest system i know:

login.html

Code: Select all

<html>
<body>
<form method="post" action="login.php">
<input type="text" name="user"><br>
<input type="text" name="pass">
<input type="submit" name="submit" value="send">
</form>
</body>
</html>
?>
login.php

Code: Select all

<?php
session_start();

if($_POST['submit'])
{
  if($_POST['user']=="master")
  {
    if($_POST['pass'] == "blaster")
    {
       session_register('user');
       $_SESSION['user']=$_POST['user'];
       header("Location: secret.php");
       exit;
    }
  }
  else
  {
    echo "Login or Password wrong<br>";
    <a href="login.html">Click here to login again.</a>
   }
}
?>
secret.php

Code: Select all

<?php
session_start();

if(!empty($_SESSION['user']))
{
   echo "Welcome to the secret page";
}
else
{
  <a href="login.html">You have to login to access this page
}
?>
and it didn't work....a few hours later it worked.
i really don't know what to do anymore.

if it helps, i'm running this on Windows XP + SP2
using xamps from http://www.apachefriends.org

if anybody knows or have clue, please let me know.
thanks

Posted: Fri Dec 03, 2004 4:18 am
by Maugrim_The_Reaper
Drop it:

session_register('user');

Not required - just session_start(), then start adding date directly to the $_SESSION array. To logout/remove session set $_SESSION = array(), and call session_destroy().

To time session validity compare current timestamp to another stored on the $_SESSION array which was set to time() + number of seconds valid. If current timestamp is greater than session valid time - invalidate the session as above.

Posted: Fri Dec 03, 2004 5:45 am
by mcog_esteban
thanks Maugrim.
could be the fact that session_register be deprecated the reason of my problems?

Posted: Fri Dec 03, 2004 6:28 am
by sakaveli
or you could try having a global session variable that is set or unset according to users logging in or out... that alot faster and efficient

Posted: Fri Dec 03, 2004 7:54 am
by Archy
You have used the code:

Code: Select all

header("Location: secret.php");
       exit;
1) You have not yet initialised the header for the rest of the script. To do this, change the top few lines to this:

Code: Select all

<?PHP
session_start();
ob_start();
...
2) exit; should become exit(); although you may be able to use both.

Those are the errors i saw whilst quickly broswing through.

Posted: Fri Dec 03, 2004 8:09 am
by mcog_esteban
hey Archy thanks for spoting some errors.
i'm not used to use ob_start(), i was checking the manual...where should i put the ob_end_flush function in the login.php script?

Posted: Fri Dec 03, 2004 8:14 am
by Archy
It is not essential to close ob_start(), I believe if you just leave it, that the page will automatically close the command, much like it does for database connection.

I dont close it anyways...

EDIT: looking through the PHP manual, it says:

" The contents of this internal buffer may be copied into a string variable using ob_get_contents(). To output what is stored in the internal buffer, use ob_end_flush(). Alternatively, ob_end_clean() will silently discard the buffer contents. "

This to me says, if you want to echo out the contents of ob_start(); then use ob_end_flush(). Basically, it will tell you what is in that buffer.

Posted: Fri Dec 03, 2004 8:23 am
by mcog_esteban
another thing, when you say: "1) You have not yet initialised the header for the rest of the script.", what do you mean by that, i see this kind of code in a lot of tutorials, i thought that this was the simplest code i could use.

Posted: Fri Dec 03, 2004 8:35 am
by Archy
You have to open the header, so that the script can parse correctly. Otherwise, you will see the page loading, and then it redirecting. Basically, the ob_start() header lets the page look for peices of code that it can use before the page is displayed.

As far I as I know, this is what it does, some functions, like ob_start() and session_start() need to be initialised before the code can be parsed.

Posted: Fri Dec 03, 2004 8:42 am
by mcog_esteban
ok.i think i got it.
thanks for explaining some issues.