Problem With Sessions

[Stefany93]

Hello,

 

I have a document logged_in.php that checks whether the user has logged in, in order to display a protected page.

Here is the code:

 

<?php
//Requests the user to be logged in before seeing this page
if(isset($_SESSION['user_id'])){
return true;

}else{
die('Sorry must be a registered user to view this page! Please <a href="index.php">Log in</a> or <a href="register.php">Register!</a>');

}

 

I include this file on the top of the document I want to protect. However I have come across a very funny problem. No idea why, but every time I want to prevent certain links to appear if the user has not logged in, the logged_in.php file is accessed even tho I haven't included it! Here, for example in the code below, I want to prevent the user from seeing these links unless they are logged in:

 

if(isset($_SESSION['user_id'])){

?>
<a href="edit_topic.php?category=<?php echo $category;?>&post_id=<?php echo $topic_id;?>" class="up_links">Edit topic</a>
<a href="delete_topic.php?category=<?php echo $category;?>&post_id=<?php echo $topic_id;?>" class="up_links">Delete topic</a>
<?php }

 

And if the user hasn't logged in, the logged_in.php document kills off the rest of the page, and again I will state it isn't include so I have no idea why is it doing that.

 

Please give me some directions on what to do.

 

Thank you very much!

 

Best Regards

Stefany

Edited December 4, 2012 by Stefany93

[MDCode]

Add session_start(); to the very top after <?php

[Stefany93]

Thank you, but It is included, and still doesn't work.

[mrMarcus]

I"m trying to follow what you're talking about, but I just can't.

 

if(isset($_SESSION['user_id'])){
   // user is logged in/$_SESSION['user_id'] is set
}

 

Once you have created the session variable for 'user_id', simply using that condition above will always return true. Regardless of whether you include your logged_in.php file.

[Stefany93]

^^ I tried rewriting the code but it is still accessed somehow!

 

 <?php 
//Requests the user to be logged in before seeing this page
if(!isset($_SESSION['user_id'])){
die('Sorry must be a registered user to view this page! Please <a href="index.php">Log in</a> or <a href="register.php">Register!</a>');
} 

[mrMarcus]

If you are not including a file, it doesn't just execute anyway. Perhaps you're not understanding how sessions work.

 

Can you post a more complete code, ie. an example page with your included file(s), session_start(), conditions to control user content, etc. Minus any non-relevant code (E.g. CSS, Javascript, etc).

[Stefany93]

If you are not including a file, it doesn't just execute anyway. Perhaps you're not understanding how sessions work.

 

Can you post a more complete code, ie. an example page with your included file(s), session_start(), conditions to control user content, etc. Minus any non-relevant code (E.g. CSS, Javascript, etc).

 

 

Yeah, it turned out I had included the logged_in.php file in another file I had included in this page and thus makes the logged_in.php included as well.

How silly of me! I just thought that since sessions are global variables they somehow get affected by the behavior of different documents even when they are not included into the file.

 

Than you so much for helping me!

Edited December 5, 2012 by Stefany93