[SOLVED] Sessions & Cookies Question

[BrandonE97]

Im very new to PHP and have a question about sessions. Does every session variable I use create a cookie on the remote users computer? And how do I manipulate the session/cookie lifespan? Thanks for any help/advice!

[genericnumber1]

A session stores one cookie, with a session id number, the server keeps all the variables and their values on the server and corresponds them to the session id number from the user's cookie.

 

Sessions typically last until the user closes their browser... there are some settings you can tweak, read more about it here.

[BrandonE97]

How would I keep people from accessing my files in a directory unless they have logged in via PHP/MySQL (which I have setup already)?

[BrandonE97]

Guess I should have put that last question in the apache forum lol.

[BrandonE97]

Okay, I have another session question. Im using

session_name("SESname");
session_start();

then on the next page I have

if (session_is_registerd("SESname")))
{
     code
}
else
{
     header code
}

and the else runs and changes the header. What is wrong with this? Im lost and a n00b lol. Thanks for any help!

[wildteen88]

session_name doesn't create a session. You should do

$_SESSION['my_sess_var'] = 'some value';

then you do the following on the next page:

<?php
session_start(); // this line must be added to the top of every page that uses sessions

if(isset($_SESSION['my_sess_var']))
{
   code if true
}
else
{
    code if false.
}
?>

[BrandonE97]

I've now got

if (isset($_SESSION['username']))
{
         code
}
...

but when someone clicks on logout and the unset($_SESSION['username'] is run and session_destroy();

you can type in the account.php page and still click on pages like if you where still logged in. Im having trouble getting sessions to work correctly.

[wildteen88]

Attach the code here so we can see how you are using sessions.

[BrandonE97]

Login page:

if ($mfa) // variable from sql array
{
	session_name("BrandonE97");
	session_start();
	$temp = session_is_registered("BrandonE97");
	$_SESSION['username'] = $username;
}

Other Pages:

session_name("BrandonE97");
session_start();
if (isset($_SESSION['username']))

[BrandonE97]

Here is what my error_log is saying. (I should've looked at this sooner lol)

PHP Warning:  session_destroy() [<a href='function.session-destroy'>function.session-destroy</a>]: Trying to destroy uninitialized session in /home2/estepcom/public_html/members/project/index.php

 

And my logout code is now:

if (isset($_COOKIE[session_name("BrandonE97")])) {
setcookie(session_name("BrandonE97"), time()-42000);
}
$_SESSION = array();
session_destroy();
echo 'You have successfully logged out!';

[wildteen88]

You don't use sessin_name to get a session variable. The session_name is used to give a session set a name, a session set is what holds all session variables, by default PHP assigns the session set a unique name when you call session_start.

 

When creating and accessing session variables you use the $_SESSION superglobal.

 

$_SESSION['mySessionVar']; not session_name('mySessionVar'].

 

I think you are misunderstanding how to use sessions.

[BrandonE97]

I'm using the $_SESSION = array(); cause I saw it somewhere for blanking the whole $_SESSION array but is there another/better way to blank out all these variables?

[wildteen88]

To completely clear a session out use session_destory(); and unset($_SESSION)

[BrandonE97]

I wanting to be able to use session_name("BrandonE97"); on the scipts so the cookie is called BrandonE97 instead of PHPSESSID but when I use session_destroy(); I get an error:

PHP Warning:  session_destroy() [<a href='function.session-destroy'>function.session-destroy</a>]: Trying to destroy uninitialized session

How do I destroy a named session? I tried session_destroy("BrandonE97"); but I got:

PHP Warning:  Wrong parameter count for session_destroy()

and in reading the php manual I see why that doesnt work lol. But I cant find how to destroy the named session.

[wildteen88]

Make sure session_name("BrandonE97"); is called before session_start();

 

Then run session_destory(); too destroy the BrandonE97 session.

[BrandonE97]

Thats what I have. session_name("BrandonE97"); before session_start(); on my pages but when a user clicks logout and session_destroy(); is ran they are still able to click back and browse their account and navigate the members area. Thats giving me and error:

PHP Warning:  session_destroy() [<a href='function.session-destroy'>function.session-destroy</a>]: Trying to destroy uninitialized session

but the session is initialized by the users login, they just cant logout right lol. Sorry for so many questions, Im a total n00b haha!

[wildteen88]

You must have uninitiated the session somewhere else in your code. Post your full code here in the code (

) tags.

[BrandonE97]

I figured it out. I only wanted the server to start the session when needed and not when someone first loads the page so I put this:

if ($_GET['act'] == 'login' || $_GET['act'] == 'logout')
{
session_name("BrandonE97");
session_start();
} 

Thanks for all the help!

[BrandonE97]

Oh and the problem was that I had the session code in the if (user logs on) and so it didnt get to run if the action was to logout.