newbie session question

Ok I have a login page that forwards to a php page (loginCheck.php)
which connects to the db verifies the user blah blah. If the user is
not verified the function verifyUser($un, $pw) returns -1, otherwise
0. Also if the user/pass is in the db (user is verified), then session
variables are set e.g. $_SESSION['username'], etc. I save the returned
value from verifyUser and have a check that redirects to the main page
or back to the login page, (success, failure respectively).

this is how I am doing this.

$verified = verifyUser($_POST['user'], $_POST['pass']);

if($verified == 0) {
header("Location: ../index.php");
} else {
header("Location: login.php");
}

pretty simple.......except if the user/pass is good and you are
redirected to the index page all the session variables are gone, as if
the session was destroyed. This sucks because I have a header at the
top of the page which tells you whether you are logged in or not, etc.
But instead I get an error "Undefined variable: _SESSION....". Any
help with this would be greatly appreciated.

Re: newbie session question

On Aug 19, 8:14 pm, Morla...@gmail.com wrote:
> Ok I have a login page that forwards to a php page (loginCheck.php)
> which connects to the db verifies the user blah blah. If the user is
> not verified the function verifyUser($un, $pw) returns -1, otherwise
> 0. Also if the user/pass is in the db (user is verified), then session
> variables are set e.g. $_SESSION['username'], etc. I save the returned
> value from verifyUser and have a check that redirects to the main page
> or back to the login page, (success, failure respectively).
>
> this is how I am doing this.
>
> $verified = verifyUser($_POST['user'], $_POST['pass']);
>
> if($verified == 0) {
> header("Location: ../index.php");} else {
>
> header("Location: login.php");
>
> }
>
> pretty simple.......except if the user/pass is good and you are
> redirected to the index page all the session variables are gone, as if
> the session was destroyed. This sucks because I have a header at the
> top of the page which tells you whether you are logged in or not, etc.
> But instead I get an error "Undefined variable: _SESSION....". Any
> help with this would be greatly appreciated.

Tough to say since you haven't shown us the code for verifyUser() or
the code on your index page.

Re: newbie session question

> Tough to say since you haven't shown us the code for verifyUser() or
> the code on your index page.

I honestly don't think I need to paste all that code here or anywhere
else to really explain what I am trying to do.

login page posts to loginCheck.php

loginCheck connects to the database etc, performs query, gets result
set stored in $row, verifies that the user/pass is good. All that
works just fine. If the user/pass is good then I call the following
function:

function setSession($user, $id) {
session_start();
$_SESSION['username'] = $user;
$_SESSION['uid'] = $id;
$_SESSION['logged'] = true;
}
Once this is done the db connection is closed and 0 or -1 is
returned.

then the code I posted above is executed.

Re: newbie session question

This is the important code from the index page which is causing the
error:

if($_SESSION['logged']) { ?>
You are logged in as $_SESSION['username']; ?>. 
Logout a>

You are not logged in.   href="forms/login.php">Login here

Re: newbie session question

schreef in bericht
news:1187570826.109835.85610@w3g2000hsg.googlegroups.com...
> This is the important code from the index page which is causing the
> error:
>
> > if($_SESSION['logged']) { ?>
> You are logged in as > $_SESSION['username']; ?>. 
> Logout > a>
>
> You are not logged in.   > href="forms/login.php">Login here
>
>

Morlaath,

Each page that you want to (re-)use session variables in need to start with:

session_start();
if($_SESSION['logged']) { ?>

etc...

As a side note, also keep in mind that nothing should be outputted to the
users browser before you call session_start(). Not even whitespace
characters. This is often overlooked by people that have difficulty getting
sessions to work.

The reason is, that sessions (usually) use cookies. Cookies get send to the
browser using HTTP headers. Once PHP has started outputting content, headers
can't be sent anymore.

HTH

Re: newbie session question

Morlaath@gmail.com wrote:
> This is the important code from the index page which is causing the
> error:
>
> > if($_SESSION['logged']) { ?>
> You are logged in as > $_SESSION['username']; ?>. 
> Logout > a>
>
> You are not logged in.   > href="forms/login.php">Login here
>
>

Do you call session_start() at the start of your index.php page? And
are you sure you're calling session_start() only once, and before *any*
output (even white space) on all other pages where you're using sessions?

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Re: newbie session question

amygdala wrote:

> As a side note, also keep in mind that nothing should be outputted to the
> users browser before you call session_start(). Not even whitespace
> characters. This is often overlooked by people that have difficulty getting
> sessions to work.

Actually, you *can* output stuff before calling session_start() *except
when*:

1. You are using cookie-based sessions; *and*
2. The user's session cookie hasn't been set yet.

e.g.

# This is http://example.org/page1.php
session_start();
$_SESSION['foo'] = 'bar';
header("Location: http://example.org/page2.php");
?>

# This is http://example.org/page2.php
echo "I am going to the ";
session_start(); # Note: after output!
$_SESSION['quux'] = 'quuux';
echo $_SESSION['foo'];
echo ".\n";
?>

--
Toby A Inkster BSc (Hons) ARCS
[Geek of HTML/SQL/Perl/PHP/Python/Apache/Linux]
[OS: Linux 2.6.12-12mdksmp, up 60 days, 12:44.]

TrivialEncoder/0.2
http://tobyinkster.co.uk/blog/2007/08/19/trivial-encoder/