akrytus

I added the cookie command before the session_start, but this did not help.  I am still loosing the session data.  Any other suggestions?

I have, there only 2 pages in question.  nocrs.net/index.php - sets the session nocrs.net/Dealer/dealer.php - php protected page Both have session_start at the very top before anything else. If you perform a refresh on the delear.php it will lose the session data. Here is the data from that page: [code] <? session_start(); if(!isset($_SESSION['login'])) {  // Not Logged In  ?> <meta http-equiv="Refresh" content="0; url=http://nocrs.net/invalid.htm"> <? } else{  // Continue with the page ?>[/code] Any other suggestions?  [quote]I tried using your site but none of the pages loaded.[/quote] Not sure why?  Havent seen any problems!

But if you start on nocrs.net to begin with then shouldnt the session work for the redirection?  Becuase it doesnt!

Makes sense, so I have to contact my hosting service and have them change the domain to .nocrs.net instead of www.nocrs.net? Does that mean that the password is being sent without encryption?

Really?  Thought that was the difference between single and double.  Shows how much I use it!

I too have been learning PHP for about 1 year.  Although I have background in various programming languages, the online help is so helpful.   I have found the hardest part of programming is figuring what it is you want.  This is up to you!   Then when you have figured that out, then finding out what the php functions are available to you to accomplish the task.  For that you can come here.  Most of these guys if not all have run into that or know about it and can point you in the right direction of what functions to use.   Now you know what you want and what to use.  Now it is time to figure out how those functions work.  It is up to you to look them up in the manual.  They tell you the syntax and what the function does.  Even better they give plenty of examples of using the function in real code that is usually well documented.   Once you learn what the function does, apply it.  When it doesnt work, come back here and ask why!   One step at a time, and you will catch on quickly.  Quit using the code people give you and paste into your code.  Figure out what it does and why!  This is how I learned and I think I caught on rather quickly.  It's a lot of work, but worth it!

[quote]do you redirect the user to a different domain?[/quote] Nope. [quote]do you have session_start on the page where the sessions are set too?[/quote] Yep! [quote]can you also check register_globals in php.ini?[/quote] register_globals Off Off [quote]does it not work on a specific browser only? [/quote][quote]have you tried it on firefox?[/quote] Havnt tried it on another broswer.  Would you like to try? www.nocrs.net login:test pw: test

Ok, I have only created 1 secure page, and yes I have session_start first thing on top.  If I click off that page, then come back, I loose the session data, even on a simple refresh I loose it!   Here is my php.ini file, please review for any problems: Session Support  enabled   Registered save handlers  files user sqlite   Registered serializer handlers  php php_binary   session.auto_start Off Off session.bug_compat_42 On On session.bug_compat_warn On On session.cache_expire 180 180 session.cache_limiter nocache nocache session.cookie_domain no value no value session.cookie_lifetime 0 0 session.cookie_path / / session.cookie_secure Off Off session.entropy_file no value no value session.entropy_length 0 0 session.gc_divisor 100 100 session.gc_maxlifetime 1440 1440 session.gc_probability 1 1 session.hash_bits_per_character 4 4 session.hash_function 0 0 session.name PHPSESSID PHPSESSID session.referer_check no value no value session.save_handler files files session.save_path no value no value session.serialize_handler php php session.use_cookies On On session.use_only_cookies Off Off session.use_trans_sid 0 0

I didnt even know you could use triple equals ===, why can you, and why would you?

What kind of settings am I looking for in the ini? It works to open of the first redirected page, but after that is when I loose the data!  My server is being hosted by someone esle using cpanel, do I even have the ability to change the ini, becuase I couldnt find it anywhere?

I have a user log in and the page redirected to a secure web page.  If the user clicks off that page or it is refreshed the session variables are lost, and requires the user to log back in.  This is extremely innconvient.  Why am I loosing the session data and how do I prevent it from happening?

Ok, I have it all working, I log in and visit the secure page fine, but if I click on a link away, then try to revisit the secure page, I loose all the session data.  How do I prevent that? The idea is to login, view both secure and non-secure pages until user logs off. 

Oops, html tags were on top! Thanks again.

Ok, sorry to keep bothering you, I really appreciate your help, but.................. When I destroy the session on the protected page I get: Warning: session_destroy() [function.session-destroy]: Trying to destroy uninitialized session So I took your advice and put a start_session at the top of that page and i get: Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started

I apparently am a little confused. You said [quote]if (isset($_SESSION['username'])[/quote] Now if this is on top of my protected web pages, wouldnt this always be true, because how else would have you gotten there without having started a session?  Should this be: [code] // Login $_SESSION['whatever'] = "whatever" [/code] [code] // Protected webpage if($_SESSION['username']="whatever"){   // entire page} else {   // Invalid User} [/code]

Thanks I will give it a try!

You did this code in dreamweaver?  I had the same problem and the code looks identical to the code that dreamweaver produces.  I played around with it for several hours before I got around it.  Wish I was sweet enough to tell you what I did to fix it.  Chances are though, if I were to do it again, I would run into the same problem!  Let me know how it works out so I know in the future.  Good luck!

Ok, that helps me understand the sessions better, thankyou for your response. I still have 2 questions: 1. What exactly protects the web pages from being visited without logging in?  2. Once you find out that the member is validated you said start the session, but then how do you forward to the member page?  Put up a link for them to click on once validated?  Can you automate it?

Ok, I searched for this and found nothing to help me, so I appologize if this was posted before and I missed it.  I have a company web page, www.nocrs.net, that I am working on and need a member login.  I have created it and it works but I think I found an alternative to what I should have done. My way: [code] function index(){   // Load standard index page} function member(){   // Load member page} function invalid(){   // Load invalid user page} function checklogin(){   // Check dbase for user validation} function cookie(){   // Create cookie if user login validated} // Begin of PHP page     if ($_SERVER['REQUEST_METHOD'] != 'POST'){index();} else{   if(isset($_COOKIE["login"])){cookie();}   else{checklogin();}} [/code] Basically each funtion holds a webpage.  If the validation is met then load the member webpage, if not load the invalid webpage, if no submit, then load the index webpage.  So basically I have 3 pages using the same index.php file. Could someone explain to me the way I should do this!  I know a little bit, like use session variables and cookies, and how they work, dont know how to get them to work.  When I try to use session variables, it always says session already open or sent cant remember.  I guess I dont know how to load a new page once the validation has been done and what keeps people from browsing to restricted pages and restricting access to them with out proper validation.  Assume I am stupid and tell me everything you know,  PLEASE!!!!