|
I have a website, to which members must "log on" to gain access.
The sequence of pages is as follows:
1. index.php
Contains form for username/password
2. login.php
starts session
<?
session_start();
session_register("user_id");
session_register("logged_in");
?>
validates authentication
A - if "ok"
i. sets $user_id and $logged_id
ii. goes to membersArea_frameset.php
B - if fails - goes to an error page
This setup normally works fine, for 99% of visitors.
However, every day i get a few emails from people who receive an error
message saying that the session has expired, rather than a successful login.
Each page (including the above frameset page) has an include of
'session_check.php'.
The contents of the file is:
<?
if ($logged_in != session_id())
{
echo "<script>self.location='error.php?error=2'</script>";
exit();
}
?>
For nearly all visitors, the above setup works fine.
Any ideas why some people are told straight after successfully logging in
that their session has expired? This is really worrying. I can't figure it
out.
Have I not set up the sessions correctly?
PHP - Version: 4.3.1
| 
