cjp_24

Thanks guys.

I started doing this with cookies, and then using $_COOKIE['username']; but was told on here that COOKIES are not very secure as you can create a cookie yourself if you was hacking and get in that way, so SESSIONS then seemed the best way. Before I was not passing the sessionid in the URL but found by doing so has fixed the problem (with a very small amount of coding).. I know it shows in the URL but is not really a security thing as there is not database writing really involved with it, if it gets changed. If would just the assume that the user is not logged in. I did check this and they are all set to "http://www...." Thanks for you help.

Woohoooo. I havent "FIXED" it BUT I have found a way around it. I dont think it is the right way of doing it but I did notice that the Natwest website does the same thing. Like I said, From the search form (page1), I action to an intermediary .php file "presearch.php" (page2), this then headers to the the generatesearch.php with all the search parameters in the URL so i can $_GET on the generateseach.php (page3) page. To keep the session id from changing at this point, I have put another $_GET variable on to the end of the URL with all the other parameters with the sessionid that is used before the header occurs, when you log in. Then at the beginning of generatesearch.php I use this. session_id($_GET["sid"]); session_start(); so it forces this page (where it causes a problem before) to always use this session id, and hey presto all my session data is avaliable again. I do think sometimes certain things needs relooking and changing where web technology is concerned. Thanks all Cliff

ok, thanks. Im going to check this out, im sure all the pages have got session_start(); at the start before everything but I will check again lunchtime. I will get back to you Muddy

Ok, this is getting stranger by the minute. I think I may need to speak to my hosting company re this unless it is something that you've encountered before. I think it is to do with SESSION ID's After the header function to another page you get the search results (like its designed to do), like I said sometimes the session vars are gone but if you back up a little bit they are back (by pressing back button or going back to the home page). So a session variable that is there on one page, then not the next and then when you go back its there. The session variable im using is $_SESSION["username"]; (because if that is populated then you are logged in). But what I noticed last night is this, from a new browser instance (so no browser sessions in use) I can log in with a username, do a search, the results come up, I echo the session ID and $_SESSION["username"]; thats Ok. If I then log out (which does a "session_destroy();" it clears all the session vars (and it seems to do this Ok) but if I then log in as a different user, and do the search again when it gets the to search results the $_SESSION["username"] is back the 1st user. Any ideas? Is there a way somehome (maybe my hosting company) to lock down all these extra session id's and just do it do it only creates one. Why is creating and using different session id's :confused: any help would be greatly appriciated. Many Thanks Cliff

as far as I can remember (and I will check when I get home) the command is .. header("location:www.[domain].co.uk/generatesearch.php?....") ... being some $_GET strings. Cliff

I thought about doing this but the reason for a intermediary page is so when the generatesearch.php page has completed and you want to press your back button (on the browser) you do not get the form submission stuff popup. I use session_start() all the time... but its strange that is it intermittant. Thanks, any other ideas. Cliff

Hi fellow PHP coders I have been looking everwhere on the internet for an answer, for a problem that seems to be so common I have not yet found a response, or should I say "a simple response", I am hoping that if I post it here then someone who has had this problem before (and has fixed it/or a get around) might help me. before i start to explain the issue please note that everything works great apart from the SESSION VARS. Ok, here goes. I have a seach page (for example search.php), when you click Submit it will then load the next page (presearch.php) that next page then stores some sessions from the $_POST (pure PHP page) and then headers off to the output of the seach page from the database (generatesearch.php) Intermittantly, <-- when the page headers off to the next page (generatesearch.php) it looses the session variables. var_dump ($_SESSION["username"]); shows NULL. How ever if I click back to the home page (or any page before the search form pahe), or do a BACK on the browser back to the search.php the session variable is back again. ummm strange... So again, spent some time looking into this and found that after the header, the session id is different. (why have different session id's??? grr). So it would seem that this header is refreshing everything a new. But why is it intermittant??, surely if this was either going to work or not work everytime, not just sometimes. A few people have mentioned about using meta header redirection instead as this keeps sessions, but is this a right way of doing it? surely I am not the only one trying to resolve this, can anyone please give some advice. Do you think I need to speak to my hosting company? Many Thanks Cliff

Thanks PFMaBiSmAd, When I go home tonight I will post the code up for you to see... Cliff

Oh okay, I hear you. I am fairly new with PHP and the the security of it all. What would you suggest? Sessions? are sessions instantly available once set? But surely when I set the cookie and then header ("location:") to another page, that is the next HTTP request? is it not? :'( Thanks for you help Cliff

Hi all, I hope someone could please help me. I have written 50% of my site and the login/logout part works but intermittantly I am getting problems with it. Let me explain .. I have <login.php> which has a form with USERNAME and PASSWORD, when you submit POST's to <dologin.php> <dologin.php> checks the DB for the username then the password and, if all Ok (and it does come back OK) it will then set a $_COOKIE(["Username"],$row["username"],3600); then I do a HEADER ( "location: <back to my site>/index.php" ); on the <index.php> page, there is a nav button that when detects the cookie "Username" is set to then show, and also if the cookie is set then makes the Login button a logout button. ... now this works 95% of the time, 5% it doesnt. You will log in and then click SUBMIT, but when it goes back to the <index.php> page, the cookie is just not set so the login button doesnt change and you are not effectivley logged in. (other pages that track the "Username" cookie)... and sometimes it is the same when the first part works, I click the LOGOUT button which goes to <dologout.php> which just clears the cookie (by setting time()-3600), when it goes back to <index.php> via Header ("location: <back to my site>/index.php" ); again sometimes the cookie does not delete. Is there any problems generally with $_COOKIES with this sort of thing. I hope I am making sense Please help, it is annoying.. It is like sometimes the cookie is either not saving or it taking longer to save so it is not being picked up. :confused: Thanks Cliff