Session is resetting

[KingOfHeart]

Once you set a session it suppose to stay set, right?

 

<?
   if(!isset($_SESSION))
       session_start();

   $login = htmlentities($_GET['login']);

   if($login == "admin")
       $_Session['admin'] = true;

   $admin = $_Session['admin'];

   echo $_Session['admin'];

       if($admin != true)
           return;
   echo" Welcome Admin!";
?>

 

So for testing purpose I set the admin session to 1 once I use login == "admin".

It sets fine, the I reload the page and I'm not in admin mode,

 

 

Is there more to it or what?

[Love2c0de]

Always been told to put session_start() right at THE VERY TOP of your script. Not sure if that applies in every instance but put it there for now.

<?php
session_start();

$login = htmlentities($_GET['login']);

if($login == "admin")
{
  $_SESSION['admin'] = true;
$admin = $_SESSION['admin'];
echo $admin;
echo "welcome admin!";
}
else{
return;
}
?>

 

Also, you need to always use curly braces '{' when writing more than one statement within an if statement.

 

hope this puts you on the right track.

 

Regards,

 

L2C.

[Pikachu2000]

$_SESSION != $_Session. You should also avoid using short open tags and stick with the full <?php tag syntax.

[KingOfHeart]

Love2c0de that script wouldn't make sence since I need $admin to always equal that session...ok, will change the case for session.

 

edit: the caps made the difference..I was a little rusty

Edited January 5, 2013 by KingOfHeart

[PFMaBiSmAd]

I hope the code you have posted is just a test. Getting someone's 'admin' status from them via a $_GET parameter will allow anyone to become an admin to your site.

 

The only place you should determine anyone's login type and privileges is by having that information stored on the server and you get it based on who the user is.

 

Also, session_start should be unconditional. There's no good reason to start a session only when the session has not already been started.

Edited January 5, 2013 by PFMaBiSmAd