Page 1 of 1

a session problem

Posted: Fri Sep 01, 2006 9:49 am
by raghavan20
I am sorry to say that I cannot present any code for the problem but I will take enough to explain things properly.
I have the following pages,
login page
duty: gets username and password; validates; if successful, sets $_SESSION['userName']=<current_user>

verify session page
duty: verifies whether $_SESSION['userName'] exists and if exists checks whether those names are actually registered with the website.

index page
duty: just holds navigation links

all others pages are not our concern.


first when the user goes to index page, the 'verify session' page is called, it cannot find the session variable 'userName' and it redirects to login page.

after login and successful validation; session variable is set( personally verified by printing out $_SESSSION which holds the userName key ); redirects to index page.

when index page is refreshed, it checks whether session is valid by calling 'session page', when it checks for session variable 'userName', it does not exist. It now has mysteriously disappeared. so this page redirects to login page to login again.


but when i login the second time, gets validated; session variable, 'userName' set; redirects to index page;
when refreshed; session is validated; variable found; stays in index page and no problems there after.

so this problem keeps happening only when i open a new IE of Firefox browser and try to access index page which basically redirects to login and i login and redirects to index page and click on any of the links, session variable disappears and asks me to login.

have any of you guys faced this problem. please advice.

Posted: Fri Sep 01, 2006 1:44 pm
by Weirdan
Image Does the following work?
index.php

Code: Select all

session_start();
require 'inc/session_check.php';

echo "Only logged in user can see this! Unauthorized people won't see it.";
inc/session_check.php

Code: Select all

if(!isset($_SESSION['username'])) {
    header('Location: /login.php');
    die();
}
login.php

Code: Select all

session_start();
if(isset($_POST['username']) && isset($_POST['password'])) {
   if($_POST['username'] == 'TheUser' && $_POST['password'] == 'ThePassword') {
       // login successful
       $_SESSION['username'] = $_POST['username'];
       header('Location: /index.php');
       die();
   } else {
       // login failed
       header('Location: /login.php');
       die();
   }
} else {
echo <<<HTML
<form action='/login.php' method='post'>
  <label>Username<input type='text' name='username' /></label>
  <label>Password<input type='password' name='password' /></label>
</form>
HTML;
}