Jump to content

Session variables

am_25

By am_25
in PHP Coding Help

Recommended Posts

am_25 Newbie

am_25

Posted
Posted

Hi,

I'm trying to use sessions for the login application.

 

I first set the session varibables and then depending on the session i enable the other pages(like search,db entry etc). After I logout, if i put the URL of the other pages in the same browser session which need user access, it shows up as if user is logged in. But it works well if I do it in a new browser.

How can I implement- after logout the user should not be able to access the pages in the same browser.

a small snippet of my loginscript.php

 

$sql="SELECT * FROM users WHERE username='$myusername' and password='$encrypted_mypassword'";
$result=mysql_query($sql);

$q = mysql_fetch_object($result);
    if(!$q) die("Login Failure: An error occured, please verify your username and password are correct.");

//set session variables 
$_SESSION['loggedin']=1;
$_SESSION['user'] =$_POST['username']; 
$_SESSION['pass'] = $_POST['password'];
header("Location:employee.php");

 

small snippet of other pages where I check for session

if (!isset($_SESSION['user'])) { 
// check if authentication was performed 
// else die with error 
die ("ERROR: Unauthorized access!"); 
} 
else
{
include "connect.php"; //connection string
print "<br><p align = 'center'>  Employee Details </p>";
print "<table align = 'center' border=1px>";
print "<tr align = 'center' class='headline'><td>Search Employee Details</td></tr>";
print "<tr ><td>";
.....

 

a small snippet of my logout.php

 

<? 
session_start();
//remove all the variables in the session 
unset($_SESSION); 

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time()-42000, '/');
}
// Finally, destroy the session.
session_destroy();

?>

 

Link to comment
https://forums.phpfreaks.com/topic/38583-session-variables/
Share on other sites
Greaser9780 Regular Member

Greaser9780

Posted
Posted

What if you use the php in your logout to destroy the session if they hit the submit button when you ask if they are sure they want to logout.

Then they will have to log back in to start a new session. They can still do it from the same browser but they will have to log in again.

Link to comment
https://forums.phpfreaks.com/topic/38583-session-variables/#findComment-185178
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.