PHP Sessions problem
Hi,
I have been trying to use sessions for a basic login system, I declared the username and password session variables at the top of the main profile/login page so I could use the details to get the information for the user that is logged in but now even I logout which uses session_destroy() it doesn't seem to destroy the session because it won't show the login screen. Any ideas?
I'm guessing if I include the following at the top of every page I can then use the username in MySQL queries to return the information for a user?
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
Is it that easy or am I missing something?
pr0gr4mm3r posted this at 23:51 — 26th March 2008.
He has: 1,502 posts
Joined: Sep 2006
When clearing a session, I always run unset($_SESSION) in addition to session_destroy().
How are you testing to see if the user is signed in?
drew22299 posted this at 16:17 — 27th March 2008.
They have: 105 posts
Joined: Mar 2006
Only certain pages can be viewed when you are logged in.
Does the code below need to be included to ensure the same user is logged in on every page?
How do you carry the details from page to page so you can use them in SQL queries?
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
greg posted this at 19:26 — 29th March 2008.
He has: 1,581 posts
Joined: Nov 2005
What that is doing is giving the value of the variable $username to the $_SESSION['username'].
So I presume the variable $username does contain data?
And you only need to run that code once, so you wouldn't really need to have it on every page. Once a session is set with a value, it will remain unless you destroy it, unset it, the user closes their browser or you change the value.
What you MIGHT have on every page is
$username = $_SESSION['username'];
$password = $_SESSION['password'];
So that you can use the variables $username and $password to query the DB, as the variables wont carry their values from page to page (whereas the sessions do)
A good idea that often reveals the problem is to echo the session to see what is happening.
echo $_SESSION['username'];
echo $_SESSION['password'];
You might find something out such as the sessions are actually empty and that might point to the code that checks if user is logged in is incorrect in some way. Then it perhaps wouldn't show the login.
That's just an example, but echo the sessions and/or variables to find out what data they carry, also double check you code that doesn't work, such as the session destroy code. Are they destroying correctly named sessions?
drew22299 posted this at 10:53 — 31st March 2008.
They have: 105 posts
Joined: Mar 2006
Your explanation is better than any tutorial on the net, thanks. I also found it useful to just print the values from page to page to check if they are actually being sent, although sometimes it didn't work for some reason when I used $_GET[textboxname] on the next page after submitting values in a form to another page, why is this?
I also have another question related to sessions and transferring data from page to page but I made a separate thread.
greg posted this at 12:51 — 31st March 2008.
He has: 1,581 posts
Joined: Nov 2005
What exactly do you use the $_GET with? Its value is usually assigned to a variable
I.E.
$textboxname = $_GET['textboxname'];
Also, note the ' in my code, you might have them two in yours and just didn't type it in your post here (they are required though and will be the reason it doesn't work if they are missing).
Another common reason why the $_GET might not work is if you have a typo on the form input or the process page - make sure the form input name is EXACTLY the same as the name you use the $_GET with on the page the form is sent to.
So both are - textboxname
But all the $_GET data is (if correctly done) in the URL (browser address bar), so look at that to check what the form is sending.
And if there is an actual PHP coding error check the error logs. The errors don't always point to the error exactly, but it will give you some idea. And they don't always return an error if it is code that isn't actually deemed as error, such as a type in the names as mentioned above.
Just like wordprocessor spell checkers wont tell you if a word is out of context, they often just check it is an actual word.
The error logs are usually created in the directory where the file resides that contains the error.
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.