session var

[jagguy]

Now this needs its own thread because it is confusing.

 

q)I have 2 webapges with password access on a website. I just want to login into once and be able to view both password protected pages .

I dont want to login into every page I load. How do i set this up with session vars or something?

[hanlonj]

Take a look at this link man.

 

http://www.phpfreaks.com/tutorials.php

 

hj

[Wuhtzu]

A simple login script works like this:

 

#1: Have the user enter a username and password

 

#2: Get the username and password using php

 

#3: Validate the username and password (against a database or something like that)

 

#4: If the username and password is valid set a start set a session variable $_SESSION['is_logged_in'] = true;

 

#5: On every page which require the user to be logged you check if($_SESSION['is_logged_in']) {}

 

Note: session_start() should be used on the top of every page which will be accessing the session.

 

[jagguy]

my site needs security and i read that

Note:If you are not experienced with session programming it is not recommended that you use sessions on a website that requires high-security, as there are security holes that take some advanced techniques to plug.

 

 

huh?

[jagguy]

I have 2 pages and i log into 1 but how can i tell the other page i am already logged in? How do i pass the session var and keep it secure from hacking into?

 

I  log into this

 

session_start();

 

$_SESSION['is_logged_in'] = true;

$file="linuxhelp.txt";

 

  echo  "<br> <a href='div4.html?file=".$file."'>file download</a>";

  echo  "<br> <a href='main2.php?is_logged_in=true'>main2</a>";

...

 

 

then i load this page and i cant get it to work if already logged in

 

session_start()

 

if($_SESSION['is_logged_in']) {

 

  $file="linuxhelp.txt";

  echo  "<br> <a href='div4.html?file=".$file."'>file download</a>";

  echo  "<br> <a href='main.php'>main</a>";

}

else {

  echo "not logged in.";

  }

 

[jagguy]

I can't edit mesages previous posts here!

 

q)I have a problem still.

I can work out how to do session vars but I want it to work when the user closes the browser with the website.

If I have another browser open on some other page the session still wont close untill all browsers are closed. I want the session to end when an instance of the browser pointing to the  website is closed.

 

Can I use a session_unset or something?

 

 

 

 

once logged in  i star the session.

--

  session_start();

  $_SESSION['uid']=$log;

  header( "Location: http://localhost/school/test/main.php" );

  exit;

 

 

a page that you can''t access without a login from the other page.

---

session_start();

 

  echo $_SESSION['uid'] ;

if (!isset($_SESSION['uid']))

  {

    echo "not logged in";

  }

  else

  {

 

[MadTechie]

I don't understand the problem here.. (maybe because its 2:30am)

Sessions will stay alive until they timeout (set in the php.ini file), as for unsetting the session.. well thats not going to work if the users just closes the window..

 

login.php

<?php
   session_start();
   unset($_SESSION['uid']);
//check username/password if correct then do below
   $_SESSION['uid']=true;
   header( "Location: http://localhost/school/test/private.php" );
   exit;
?>

 

 

private.php

<?php
   session_start();
   if($_SESSION['uid'] === true)
   {
      echo "Woohoo";
      exit;
   }else{
      echo "Sorry no access";
      die;
   }
?>

[jagguy]

Ok say i have 2 browsers open of FF and no tabs. One broswer is on google and the other has got the website logged in. I close the browser and keep the google page open. BY rights I shouldnt be logged in still but because the google page is still up I am. I can still go back and not need to login provided I keep FF open to something.

[MadTechie]

Thats because the session hasn't timedout!

 

i think your trying to do this the hard way..

 

what exactly is the 'problem' ?