jworisek Posted October 4, 2007 Share Posted October 4, 2007 I've been messing around with this on and off for a while now and I just cant figure it out... I have three pages. login.php authentication.php index.php you type your user/pass on login and it takes you to the auth page. On auth I verify the user/pass and if they are correct I start the session, register session variable names, and set the variables. Then I use header() to send the user to index.php. Index then checks to make sure the user is authorized. When I do this, I get a new session id from the auth page, and then the index page tries to use the session id from the last successful login from that user. The variance in session ids causes my script to kick the user back to the login page. The second time the user tries to login the auth page has another new session id but this time the index page also uses the same id and it works fine. To logout I have a link that takes the user to a page that uses session_destroy(); here is the basic code: auth <?php //verify login credentials if (mysqli_num_rows($result)==1){//verified session_start(); //CHECKPOINT#1 session_register('curr_sess_id'); $_SESSION[curr_sess_id]=session_id(); //CHECKPOINT#2 header('http://mydomain.com/protected/index.php') exit; } else{ //return back to login with error } ?> index <?php session_start(); //CHECKPOINT#3 if ($_SESSION[curr_sess_id]==session_id()){//this is not the check that I do, I am just trying to simplify it // good} } else{ // kick user back to login } ?> On the first attempt you would get CHECKPOINT#1 session id=g20i9aj6j78f61ceq4ecj8vj65 curr_sess_id= CHECKPOINT#2 session id=g20i9aj6j78f61ceq4ecj8vj65 curr_sess_id=g20i9aj6j78f61ceq4ecj8vj65 CHECKPOINT#3 session id=kcne7s5fbfcpeukuq2mrselgg4 curr_sess_id=kcne7s5fbfcpeukuq2mrselgg4 On the second attempt I get: CHECKPOINT#1 session id=c30fi9pfctt2i18mn68822skm3 curr_sess_id= CHECKPOINT#2 session id=c30fi9pfctt2i18mn68822skm3 curr_sess_id=c30fi9pfctt2i18mn68822skm3 CHECKPOINT#3 session id=c30fi9pfctt2i18mn68822skm3 curr_sess_id=c30fi9pfctt2i18mn68822skm3 Anyone have an idea? It happens on multiple browsers and PCs. could it be something with settings in php.ini? Quote Link to comment Share on other sites More sharing options...
trq Posted October 4, 2007 Share Posted October 4, 2007 All you need do (on index.php) to validate your user is logged in is check they have a current session. if (isset($_SESSION['curr_sess_id'])) { I'm not sure why you would need to be checking the id. ps: session_register() has long been depricated and should no longer be used. Quote Link to comment Share on other sites More sharing options...
jworisek Posted October 4, 2007 Author Share Posted October 4, 2007 I dont think you read my post... the first attempt at login the authentication sets one session id and then the index page tries to use the session id from the last successful connection (not the one the auth page just used) by that user. as I said: if ($_SESSION[curr_sess_id]==session_id()){//this is not the check that I do, I am just trying to simplify it the session isnt being transferred properly between pages and I was just trying to show that. Besides which, checking the session variable wouldn't be acceptable if it was trying to use an old session id. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.