[SOLVED] properly setting session var (PHP5)

[CaptainChainsaw]

Hi all, I have a problem using php sessions.  I have a login page (login.php) this starts a session and assigns a username value to $_SESSION['username'] if the form validates.  Once logged in the user is presented with a menu, currently I have only two links in this menu "my details" and "log off".  When clicking "my details" it says "You are not logged in!" which is a custom error message I created.  If I refresh the page twice it does log me in and I can see "my details" which is just a form with personal details on it.

 

Obviously my session username var isn't properly registered.  Here's a code snippet of login.php

 

<?php
session_start();
$_SESSION['username']='';

// include files

// setup db

// setup smarty

// setup form

  if ($form->validate()) {
			$smarty->assign('username', $_POST['username']);
			$smarty->display('loginindex.tpl');
			$_SESSION['username']=$_POST['username'];

  }else{
	$form->display();
  }

 

 

and in the "my details" page:

 

<?php
session_start();


// include files

// setup db

// setup smarty

if(!$_SESSION['username']){
			$smarty->assign('notloggedin', 'You are not logged in!');
			$smarty->display('loginerror.tpl');
}else{
			$smarty->assign('username', $_SESSION[username]);
			$smarty->display('loginindex.tpl');
  $user=new user($db);
  $userdetails=$user->retrieveDetails();


// create form and set default values

// display form
}

 

How can I properly register this session var?

 

Any ideas?

 

 

 

Thanks again,

 

CC

[geoldr]

From my website..

 

On the login page I do not have session_start()

 

But to register a session... heres an example

 

$username = $_POST['textfield'];

 

session_register("username");

 

 

To check a session

 

if (!session_is_registered(username)) {

}

[wildteen88]

From my website..

 

On the login page I do not have session_start()

 

But to register a session... heres an example

 

$username = $_POST['textfield'];

 

session_register("username");

 

 

To check a session

 

if (!session_is_registered(username)) {

}

No you should not use session_register or session_is_registered, these are depreciated. You should only use these variables if register_globals is enabled (which it shouldn't)

 

CaptainChainsaw you're setting your session variables correctly, however $_SESSION['username']=''; is not needed.

[CaptainChainsaw]

Thanks for both of your replies.

 

I'm aware that I don't need to set $_SESSION['username']=''; at the top, I was previously assigning it the $_POST['username'] value to see if that made any difference.  What I don't understand is why the session var doesn't seem to persist to the nxt page unless clicking refresh a couple of times.

 

Any ideas?

 

 

Thanks again,

 

CC

[geoldr]

Hmmm, well if the login script fails, possibly try adding

session_destroy();

Maybe that will help?

[cooldude832]

why would u ever use session_destroy()???

its an over powering function

unset sessions or use arrays and blank them

[geoldr]

What's wrong with using session_destroy(); ?

[cooldude832]

You kill ALL sessions with it for that user

 

so even if they logout they might still have site wide variables in sessions such as screen resolution language shopping carts etc.

 

Killing them isn't a good idea.

 

Even if u don't have those now come one day when u might and then going back to kill sessions would be annoying

[CaptainChainsaw]

Hi all, I've noticed some weirdness.

 

if I add in an echo line at the top like so:

 

<?php
echo "here";

 

 

I would expect "here" to be printed every time the page loads.  However I've noticed that "here" appears now and then, not EVERY time.  Does anyone know what could be wrong with this?  Server problem or php setting problem?  I've tried ammending my code in different ways but I don't think there's anything wrong with it.

 

Any suggestions or comments on this would greatly be appreciated.

 

 

Thanks again,

 

CC

[CaptainChainsaw]

Hi all,

 

Well what a waste of time this thread was ........ nothing wrong with my code, turned out to be the webhost:

 

"We are currently moving between 2 SANS which is where files for your website are stored.

 

Possibly your browser is accessing both sites at the moment.

 

Could you please retry this in 24 hours, DNS would have settled for your site then."

 

 

All sorted now.

 

Thanks everyone for your replies!

 

CC