Jump to content

am having a small display problem with sessions when logging out

PHPSuperNewb

By PHPSuperNewb
in PHP Coding Help

 Share

Recommended Posts

PHPSuperNewb Newbie

PHPSuperNewb

Posted
Posted

hi phpfreaks  :D

 

Recently I tryed to create a login for my website and a logout using sessions.

The problem I have is: Whenever I log in I will be going to the homepage of the website. My session will be set and everything works fine. Now when I log out my session will be unset and destroyed. The problem is, is that whenever I go back in history I can still see my homepage. When I refresh that page the browser asks the user to resend it's information (probably because it has to do with using post in my login template).

 

b.t.w. is it a bad thing to use request and a .htaccess file for my login form?

 

So whenever a user logs in -> logs out -> goes back in history -> refreshes -> resend information

the user is not asked to answer any account and password information to get itself logged in again.

 

This troubles me for quite a while now  :confused:!

 

Here are the pages I use to login, logout and show the homepage:

 

Login.php:

<?php
  class Handler_Login extends Action_Handler
  {
      function __construct($action_handle)
      {
        parent::construct($action_handle);
        $this->action = $action_handle;
      }
       function secured_handler()
       {
           if ($this->session->check_session() == false)
           {
              $password = $_POST['password'];
              $username = $_POST['username'];
              $login = $this->dbh->Login($username, $password);
              if ($login == true)
              {
                  $this->session->set('username', $username);
                  $this->view->displayHome();
                  $this->view->display(); 
              }
              else
              {
                  echo "you are not logged in";
              }
           }
           else
           {
               $this->view->displayHome();
               $this->view->display();
           }
           
       }
  }
?>

 

Logout.php:

<?php
    class Handler_Loguit extends Action_Handler
  {
      function __construct($action_handle)
      {
        parent::construct($action_handle);
        $this->action = $action_handle;
      }
       function secured_handler()
       {
           $this->session->stopSession();
           $this->view->displayLogin();
           $this->view->display();
       }
  }
?>

 

Home.php:

<?php
  class Handler_home extends Action_Handler
  {
        public function __construct($action_handle)
       {
           parent::construct($action_handle);
           $this->action = $action_handle;
       }
       function secured_handler()
       {     
          if ($this->session->check_session() == false)
          {
              $this->view->displayLogin();
              $this->view->display();
          }
          else
          {
              $this->view->displayHome();
              $this->view->display();
          }
       }
  }
?>

 

Session.php:

<?php
    class Session
    {
         function __construct()
         {
             if(!isset($_SESSION))
             {
                session_start();
             }  
         }
         function set($name, $value)
         {
             $_SESSION[$name] = $value;
         }
         
         function get($name)
         {
             return $_SESSION[$name];
         }
    
         function stopSession()
         {
             unset($_SESSION);
             session_destroy();
         }
         
         function check_session()
         {
             if(isset($_SESSION['username']) && !empty($_SESSION['username'])) 
             { 
                return true;
             }
             else
             {
                return false;
             }         
        }
    }
?>

 

view.php:

<?php
      class view
      {
        private $tpl;
        function __construct()
        {
             
        }
        
        function displayStatus()
        {
            $status = file_get_contents("templates/status.tpl");
            $this->tpl = str_replace("%content%", $status, $this->tpl);
        }
        
        function displayLogin()
        {
            $this->tpl = file_get_contents("templates/login.tpl");
        }
        
        function displayHome()
        {
            $this->tpl = file_get_contents("templates/home.tpl");
        }
        
        function display()
        {   
            echo $this->tpl;
        }
      }
?>

 

now what I'm trying to do is: whenever the user goes back in history after being logged out, the page should be redirected to the login page. I have no idea how I would accomplish this.

I know it has got something to do with my login.php but I can't really make it redirect to itself since it will then most possibly start an endless loop of redirecting.

 

I'm using templates to display my pages, if neccesary I will post them too,

Thanks for your support and I hope this issue will get solved :)

Link to comment
Share on other sites
mellis95 Member

mellis95

Posted
Posted

I am not sure if this is the problem, but I came across this:

Quote from http://fr.php.net/session_unset

 

"Do NOT unset the whole $_SESSION with unset($_SESSION) as this will disable the registering of session variables through the $_SESSION superglobal."

 

So basically don't do:

unset($_SESSION)

 

Instead do:

$_SESSION = array();

 

I always just use session_destroy() by itself in the logout script and have no issues with the back button on the browser. I have not used templates, but on each page/script of my web apps/sites, I do this before any other code:

session_start();

if(!$_SESSION['myusername']){
header("location: index.php");
}

I am no expert in PHP by any means, but this has worked for my purposes.

Link to comment
Share on other sites
PHPSuperNewb Newbie

PHPSuperNewb

Posted
  • Author
Posted

I am not sure if this is the problem, but I came across this:

Quote from http://fr.php.net/session_unset

 

"Do NOT unset the whole $_SESSION with unset($_SESSION) as this will disable the registering of session variables through the $_SESSION superglobal."

 

So basically don't do:

unset($_SESSION)

 

Instead do:

$_SESSION = array();

hmm I have never tryed this, looks interesting :D!

However, setting the session to be a new array, doesn't that mean the session is still set? I guess it doesn't matter since I'm checking for the $_SESSION['username'] to be set.

Which gets overwritten if I'm correct?

 

session_start();if(!$_SESSION['myusername']){	header("location: index.php");}

 

Haven't thought of this before too! That looks like it's going to actually help me out 0.0! gonna test this ASAP :)!

Would be really awesome not having to check my session everytime :D!

Thanks for your wonderfull reply, it's highly appreciated :)

 

allthough using a header to redirect to index.php, might not be such a smart idea in my situation.

I'm using a autoloader in my index.php to create a little framework :S

 

index.php:

<?php
  function __autoload($class_name)
  {
     @include_once 'classes/class.' .$class_name . '.php';
  }
  try 
  {
    
    if(isset($_REQUEST['action']) && !empty($_REQUEST['action']))
    {
        $action = $_REQUEST['action'];      
    }
    else
    {
        $action = 'home';
    }
    $disp = new Dispatcher($action);
    $disp->handle_the_action();
  }
  catch(Exception $e)
  {
    $error_handler = new Handler_error($e);
    $error_handler->handled_action();
  }
?>

 

I am not sure how I would display my home or login page since the view class is outside my session class :(

 

I am no expert in PHP by any means, but this has worked for my purposes.

EDIT: no worry, I'm probably a bigger noob then you are xD

Link to comment
Share on other sites
mellis95 Member

mellis95

Posted
Posted

I am getting a little over my own head here, but I think that unsetting the $_SESSION prior to calling session_destroy() may be hurting you. I would try commenting out the "unset($_SESSION)" line in the function stopSession() and see what happens.

 

So basically, stopSession() would look like this:

function stopSession()
         {
            // unset($_SESSION);
             session_destroy();
         }

 

Link to comment
Share on other sites
PHPSuperNewb Newbie

PHPSuperNewb

Posted
  • Author
Posted

Nope, that didn't help eather, I don't think it's the session that has to be stopped that is the issue here. Because the session does get stopped. It has something to do with my login page resending the user information :S

 

I have no idea how to show my login page through templates in my session because it doesn't extend the action handler, also I can't redirect my page to my index since that will cause some problems with the framework >.<!

 

That's why I'll post my framework here so maybe someone can help me find a workaround for this problem :(

 

Index.php:

<?php  
    function __autoload($class_name)  
    {     
        @include_once 'classes/class.' .$class_name . '.php';  
    } 
     try   
    {       
        if(isset($_REQUEST['action']) && !empty($_REQUEST['action']))    
        {       
            $action = $_REQUEST['action'];          
        }   
        else    
        {        
            $action = 'home';    
        }    
        $disp = new Dispatcher($action);    
        $disp->handle_the_action();  
    }  
    catch(Exception $e)  
    {    
        $error_handler = new Handler_error($e);    
        $error_handler->handled_action();  
    }
?>

 

class.Dispatcher.php:

<?php
    class Dispatcher
    {
        private $handle;
        function __construct($action_handle)
        {
            $this->handle = $action_handle;   
        }
        function handle_the_action()
        {
            $name = "Handler_{$this->handle}";
            if (class_exists("$name"))
            {
                $handler_obj = new $name($this->handle);
                $handler_obj->secured_handler();
            }
            else
            {
                throw new Exception("Can't handle this");
            }
        }
    }
?>

 

class.Action_Handler.php:

<?php
    abstract class Action_Handler
    {
        protected $session;
        protected $view;
        protected $dbh;
        
        function construct()
        {
            $this->session=new Session();
            $this->view=new view_manager();
            $this->dbh=new DatabaseHelper();
        }
    
        abstract function secured_handler();
    }  
?>

 

the rest of the scripts are already posted but with wrong names, they are actually called:

class.Handler_Login.php

class.Handler_Logout.php

class.Handler_Home.php

class.Session.php

class.view_manager.php

 

now whenever I use a post or request I can simply set the action in my forms to: Login and class.Handler_Login.php will be run.

This also means I can use the script that has been called to call the session and view_manager functions.

I think what you have posted earlyer can be my solution:

 

session_start();if(!$_SESSION['myusername']){	header("location: index.php");}

 

the problem is I can't use the header to redirect my page since it starts my framework and I can't access my view through my session to show the login page since it doesnt extend the action handler.

 

I hope that this enlightens my situation a bit, since I'm quite stuck in it, and I'm getting quite frustrated :(

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.