Session start

--0016e65c7ce82c711a048690a304
Content-Type: text/plain; charset=ISO-8859-1

I have a problem with my system, not sure how I can fix this one. A user has
a log in page and takes them to different pages, now each of these pages has
a check to make sure they are logged in with the following code:

session_start();
if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) {
header ("Location: login.html");
exit;
}

So if they are not logged in it redirects them to the log in page. No
problems there.

Now if a user is not logged in and comes back to that page, it starts the
session so giving them a session id and redirects them back to thge login
page. The problem I have is I do NOT want the session to start, I need them
to hit the log in page with no sessions there. I have tried all sorts but
just cannot get this to work.

I have tried adding this to the code.

session_start();
if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) {
*session_destroy();*
header ("Location: login.html");
exit;
}

But that did not work? Please I am stuck for ideas?

--0016e65c7ce82c711a048690a304--

Re: Session start

On 14 May 2010 18:47, Barry Zimmerman wrote:
> I have a problem with my system, not sure how I can fix this one. A user has
> a log in page and takes them to different pages, now each of these pages has
> a check to make sure they are logged in with the following code:
>
> session_start();
> if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) {
> header ("Location: login.html");
> exit;
> }
>
> So if they are not logged in it redirects them to the log in page. No
> problems there.
>
> Now if a user is not logged in and comes back to that page, it starts the
> session so giving them a session id and redirects them back to thge login
> page. The problem I have is I do NOT want the session to start, I need them
> to hit the log in page with no sessions there. I have tried all sorts but
> just cannot get this to work.
>
> I have tried adding this to the code.
>
> session_start();
> if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) {
> *session_destroy();*
> header ("Location: login.html");
> exit;
> }
>
> But that did not work? Please I am stuck for ideas?
>

Read the manual on session_destroy. Specifically, if you want to
complete destroy the session, unset the session cookie as well.

On a separate note: why do you care if the session has started or not?
If nothing is stored in the session then there's not much difference
to you.

Regards
Peter

--

WWW: http://plphp.dk / http://plind.dk
LinkedIn: http://www.linkedin.com/in/plind
Flickr: http://www.flickr.com/photos/fake51
BeWelcome: Fake51
Couchsurfing: Fake51


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Session start

--=-IE9UmFK47Nc7YGebiU4+
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit

Barry,

Did you try to use setcookie with expiry date in the past? You could
use
setcookie before header function of the following manner.

session_start();
if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) {
setcookie("session","session id", 1);
header ("Location: login.html");
}

Best regards,
Luiz Alberto



On Fri, 2010-05-14 at 17:47 +0100, Barry Zimmerman wrote:

> I have a problem with my system, not sure how I can fix this one. A user has
> a log in page and takes them to different pages, now each of these pages has
> a check to make sure they are logged in with the following code:
>
> session_start();
> if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) {
> header ("Location: login.html");
> exit;
> }
>
> So if they are not logged in it redirects them to the log in page. No
> problems there.
>
> Now if a user is not logged in and comes back to that page, it starts the
> session so giving them a session id and redirects them back to thge login
> page. The problem I have is I do NOT want the session to start, I need them
> to hit the log in page with no sessions there. I have tried all sorts but
> just cannot get this to work.
>
> I have tried adding this to the code.
>
> session_start();
> if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) {
> *session_destroy();*
> header ("Location: login.html");
> exit;
> }
>
> But that did not work? Please I am stuck for ideas?

--=-IE9UmFK47Nc7YGebiU4+--

Re: Session start

--0016367fa4b8e032210486920e4e
Content-Type: text/plain; charset=ISO-8859-1

id also suggest to revisit the entire login script that you have attached,
its a bit overly complicated. Keep amount of if statements to the minimum
and you will not get lost. Try to keep it simple.

Session is not a problem for you, just make a very simple set of rules when
user is logging in, logging out and how to check if he is logged in.

i guess its worth having a look at some open source apps or frameworks and
see how they do it, good luck

art

On 14 May 2010 18:24, Luiz Alberto wrote:

> Barry,
>
> Did you try to use setcookie with expiry date in the past? You could
> use
> setcookie before header function of the following manner.
>
> session_start();
> if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) {
> setcookie("session","session id", 1);
> header ("Location: login.html");
> }
>
> Best regards,
> Luiz Alberto
>
>
>
> On Fri, 2010-05-14 at 17:47 +0100, Barry Zimmerman wrote:
>
> > I have a problem with my system, not sure how I can fix this one. A user
> has
> > a log in page and takes them to different pages, now each of these pages
> has
> > a check to make sure they are logged in with the following code:
> >
> > session_start();
> > if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) {
> > header ("Location: login.html");
> > exit;
> > }
> >
> > So if they are not logged in it redirects them to the log in page. No
> > problems there.
> >
> > Now if a user is not logged in and comes back to that page, it starts the
> > session so giving them a session id and redirects them back to thge login
> > page. The problem I have is I do NOT want the session to start, I need
> them
> > to hit the log in page with no sessions there. I have tried all sorts but
> > just cannot get this to work.
> >
> > I have tried adding this to the code.
> >
> > session_start();
> > if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) {
> > *session_destroy();*
> > header ("Location: login.html");
> > exit;
> > }
> >
> > But that did not work? Please I am stuck for ideas?
>

--0016367fa4b8e032210486920e4e--

Re: Session start

Barry,

session_start(); will not wipe clean the user's session so there is
something else going on.

Does the login.html authentication script correctly set
$_SESSION['username'] ?

Also, it has been my experience that code like
isset($_SESSION['username']) is better if you replace it with
array_key_exists('username',$_SESSION)

Thanks,
--Dustin
Barry Zimmerman wrote:
> I have a problem with my system, not sure how I can fix this one. A user has
> a log in page and takes them to different pages, now each of these pages has
> a check to make sure they are logged in with the following code:
>
> session_start();
> if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) {
> header ("Location: login.html");
> exit;
> }
>
> So if they are not logged in it redirects them to the log in page. No
> problems there.
>
> Now if a user is not logged in and comes back to that page, it starts the
> session so giving them a session id and redirects them back to thge login
> page. The problem I have is I do NOT want the session to start, I need them
> to hit the log in page with no sessions there. I have tried all sorts but
> just cannot get this to work.
>
> I have tried adding this to the code.
>
> session_start();
> if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) {
> *session_destroy();*
> header ("Location: login.html");
> exit;
> }
>
> But that did not work? Please I am stuck for ideas?
>
>


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php