SESSION CHECK WORKS "MOST" of the time... whats going on?

[emopoops]

i have a sign in check thats included in every page that is a members only page which is basically all of my pages. that im working on anyways..

but heres the code..... that works MOST of the time. which doesnt make sense to me and i will explain below what it did.

<?php
session_start (); 
if(!session_is_registered(mysessionvariable) || $_SESSION[mod] == "") //if your variable isn't there, then the session must not be
{$_SESSION = array();
session_unset();
session_destroy();
if (isset($_COOKIE[session_name()])) {
    setcookie(session_name(), '', time()-55, '/');
}
$fullurl = 'http://www.socialemo.com'.$_SERVER['PHP_SELF'];
?>
<meta http-equiv="refresh" content="1;url=http://www.socialemo.com/home.php?homeredirect=
<?php echo $fullurl; ?>">
<?php 
exit(); }
else //otherwise, they are logged in & do check
{$checkifrealuser = mysql_num_rows(mysql_query("SELECT id FROM users WHERE username = '$_SESSION[theusername]'"));
if($checkifrealuser == 0){session_unset ();session_destroy ();exit("logged out on this computer too");}}

 

thats the check is does. first of all when a user signs in at my site they are given a session variable(AKA $_SESSION[mod] along with the sessions called mysessionvariable. mod NEVER IS SET TO EQUAL NOTHING it equals like a number or a word or something if u log in. i added the check if $_SESSION[mod] == "" because the other one alone didnt work all the time or something... that seemed to be working until lately i get redirected with the meta thing AND THEN I GO TO THE PAGE I CANT VIEW UNLESS IM SIGNED IN AND I CAN VIEW IT, I DONT GET REDIRECTED.? WTF?!

obviously it didnt destroy my session like it should have when it redirected me.. OR THE CHECK JUST DOESNT WORK? i dont get it.

 

and the other thing is ill just randomly get the message "logged out on this computer too"

which i made the second part of the script for like someone that deleted there account as was logged in on two computers at the same time... thats why it checks if the session theusername variable is in the database...?

 

how do i get this thing to work and why is it doing this? do i have to run a check of all of the session variable? or what?

[teamatomic]

Keep it as simple as possible. At login set some session vars. One of them I use is email, I keep it accessible for every page.

 

On the index page:

if (!isset($_SESSION['email'])) {

$page_name = "login";// put your redirect header here

}

 

On the login page. Once checked and verified:

$_SESSION['email'] = $email1;

 

Its as simple as that!

 

This redirects them to the login page if they have not logged in. It has not failed yet.  You can use anything you set at login. Most common is the username, which is what I use the email for. If you keep it at the top of your pages and dont output anything first you can just use a header(location) to redirect to your login page.

 

You dont have to unset and destroy sessions all the time. If you want to clean up after yourself use the built in garbage collection:

 

ini_set('session.gc_maxlifetime', '10800');// this is three hours

ini_set('session.gc_divisor', '1'); //#2

ini_set('session.gc_probability', '1');// this and #2 give a 100% probability of clean-up

ini_set('session.cookie_lifetime', '0');

ini_set('session.save_path', /path/to/sessions/app_name);

session_name('app_name');

session_start();

 

 

HTH

Teamatomic

 

[emopoops]

so ur saying? all i have to do is use the code the isset code u provided and take out all the other stuff? and that other set of stuff u posted... use those in the signin page... but why is session start at the bottom? i thot session starts at the top always

[teamatomic]

Those are ini_sets, conditions that will apply to a session, they must be set before the session starts or they will not be applied.

 

Right. When a user logs in you set what you want to keep, username, level, email, prefs, etc. Then you only have to check say the level if you want to know if they can have access to a certain page.

 

One thing I forgot to say is if you do use garbage collection store your sessions outside of user space. If your base path is /home/joe123/public_html then sessions go into /home/joe123/sessions

 

 

HTH

Teamatomic

[emopoops]

i dont understand what u mean with the /sessions i use byethost free hosting i have no  clue what that means.

anyways. i still dont understand what im supposed to change in my code. i have that exact code included on every page of my site to keep unlogged in people out.  this is all that happens besides setting other session variables like mod and stuff:::

signin:

session_start();
                    session_register("mysessionvariable"); //set a variable for use later
                    $id = session_id(); //let's grab the session ID for those who don't have cookies
	    $_SESSION['id'] = $iddd;

[teamatomic]

The /sessions is specifying where you store the sessions. Its a path,just like you would use to read or write a file.

 

>

session_start();

                    session_register("mysessionvariable"); //set a variable for use later

                    $id = session_id(); //let's grab the session ID for those who don't have cookies

          $_SESSION['id'] = $iddd;

>

 

I dont know what you are trying to do with the above.  DO NOT use session_register any more. It is depreciated in php5 and will be gone in php6 leaving you with broken code. If you are using a book get a newer one. Use the php manual and look up all the functions you plan to use and if they are depreciated dont use them.

 

On your login page you have a form. That will pass a username and password so you can check against registered users. Once verified you have data you can work with

So you do something like this

$_SESSION['username']=$_POST['username'];

$_SESSION['email'] = $email;

$_SESSION['access_level'] = $access_level'

You can also apply any other data from the check return you might want to use at a later time

 

Now on any page you can use

if (isset($_SESSION['username']))

{//you are good to go anywhere}

else

{//leave or register or you are denied}

 

With any session you must always start the session on every page you want to use session variables with session_start(). If you use garbage collection like I showed you would start the session with the session_name('yourSession') like this

session_start('yourSession')

 

I dont know how to make it any clearer, sorry.

 

 

HTH

Teamatomic

[emopoops]

i know ALL ABOUT THE SESSION VARIABLEs. i know the form stuff .  i have mutiple session variables.

session_regisiter is depreciated? i didnt know tha tthanks for letting me know. i got it from some tutorial.

well. i think php has a built in garbage collection and i dont UNDERSTAND the directory and why its needed and if its needed in every directory blah blah blah. i have multiply directories on my site.

but. i have a question.

if i dont use session_register()

that what do i use to set a session?

 

ur saying when a user sucessfully signs in then i do something like this:

session_start();
session_name(mysessionname);
$_SESSION[mod] == "yesyoursignedin";

 

and then on every page (in the include file thats included on every page) i have to check if the user is signed in by...

if(session_start(mysessionname)){show page}
else{redirect to login}

 

or what?