Page 1 of 1
Login twice
Posted: Fri Oct 07, 2005 12:41 pm
by imstupid
hey everybody-
A while ago, i read a post from someone who developed a login script, and for some reason, users had to login twice just to make it work. The after searching for the post, I found it had no solution, so I thought i'd see if anyone else was experiencing this problem becasue it just happened to me.
Basically, I login successfully, start a session, then redirect to page 2.
On page 2, I have the typical, "if session doesn't exist, redirect to login screen" script on there. Even though I just logged in successfully, it still redirects me to the login screen. then, without refreshing the page, i'll just login again using the same username and password, and everything works fine.
Any ideas? Thanks for the help/opinions on why this happens.
Posted: Fri Oct 07, 2005 12:44 pm
by John Cartwright
I think it would be best if you posted some code
Posted: Fri Oct 07, 2005 12:46 pm
by Buddha443556
Also which browser?
Posted: Fri Oct 07, 2005 1:11 pm
by feyd
Moved to PHP - Code.
Posted: Fri Oct 07, 2005 1:20 pm
by imstupid
thanks for the response.
1. I've tried it on multiple browsers (firefox, ie, safari...), and they all give the same problem
i've also tried setting up the "if session doesn't exist" message to either write out "error" or a second option of the redirecting to the login screen. the printing of the word "error" allows the user to login twice and ends in a successfull entry, however the redirect method, just keeps going back to the login screen no matter how many times you login.
login script:
Code: Select all
<?PHP
connect db stuff...
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM usertable WHERE username='".$username."' and password='".$password."'";
$result = mysql_query($sql) or die ("Couldn't get reults.");
$count = mysql_num_rows($result);
if ($count == 1 ) {
session_start();
$_SESSION['username'] = "success";
header( "Location: http://www.example.com/page2.php" );
}
else if ($count == 0) {
header( "Location: http://www.example.com/login.html" );
}
?>
And here's my page2.php:
Code: Select all
<?php
session_start();
header("Cache-control: private");
if ( !isset( $_SESSION['username'] ) ) {
echo "error" ;
//header( "Location: http://www.example.com/login.html" );
exit;
}
rest of web page here..
?>
Posted: Fri Oct 07, 2005 1:22 pm
by feyd
a lot of browsers will ignore everything given to them when there's a redirection in the headers, including cookies.
Posted: Fri Oct 07, 2005 1:50 pm
by Buddha443556
Posted: Fri Oct 07, 2005 4:04 pm
by imstupid
ok, I read up on the session_write_close() function, and it seems to make sense, however I've got the same problem. I set the session_write_close() on the login script like so:
Code: Select all
<?PHP
connect and sql stuff...
if ($count == 1 ) {
session_start();
$_SESSION['username'] = "success";
session_write_close();
header( "Location: http://www.example.com/page2.php" );
}
else if ($count == 0) {
header( "Location: http://www.example.com/login.html" );
}
?>
There's no reason to put the session_write_close(); on my page2.php right?
Thanks again.
Posted: Fri Oct 07, 2005 4:26 pm
by kazaj
i sugest you to start session at the start of the script
Posted: Fri Oct 07, 2005 5:40 pm
by feyd
it'd be better to create the session on the previous page...
Posted: Fri Oct 07, 2005 8:48 pm
by mickd
a side note: you might want to google sql injection.