473,581 Members | 2,314 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

How to redirect after setting session?

I have a login page that is supposed to redirect the user to his private
page after login. But header("Locatio n: $url") does not work after I set
the $_SESSION variable - I get "Warning: Cannot modify header information -
headers already sent by ...

The abbreviated code on the login page looks like this:

<?php
session_start() ;
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
[etc, etc]
[login form]
<?
if (credentials are valid)
{
session_start() ;
$_SESSION['username'] = $uid;
header("Locatio n: $url");
}
?>

One option I've heard about is using ob_start() at the top of the page - but
that seems to screw up my session. I could also use Javascript like this:

<script language="javas cript">
window.location .href=("<?php echo $url; ?>");
</script>

but then folks without Javascript won't get redirected.

Are there any other alternatives?

Thanks in advance.
Jul 17 '05 #1
7 11146
deko <de**@hotmail.c om> wrote:
I have a login page that is supposed to redirect the user to his private
page after login. But header("Locatio n: $url") does not work after I set
the $_SESSION variable - I get "Warning: Cannot modify header information -
headers already sent by ...
Argghhh, yet another "Headers already sent" question.

This error has nothing to do with setting session. The error tells you
where the problem is: line 4
<?php
session_start() ;
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
[etc, etc]
[login form]
<?
if (credentials are valid)
{
session_start() ;
$_SESSION['username'] = $uid;
header("Locatio n: $url");
}
?>

One option I've heard about is using ob_start() at the top of the page - but
that seems to screw up my session. I could also use Javascript like this:


Fix your script flow is the better one:

<?php
session_start() ;

if(credentials are valid)
{
//set session and redirect
die();
}
?>
<html>
....
Jul 17 '05 #2
I agree with Daniel Tryba: "Fix your script flow is the better one:"

At the moment you are calling session_start() ; twice on the check
credentials section. Once at the start of the page and once in "if
(credentials"
This can't be done after the head of the html.
You only every need to start the session once in a page.
Follow Daniel Tryba instructions for the layout and you'll be fine.
Brent Palmer.


"deko" <de**@hotmail.c om> wrote in message
news:E4******** **********@news svr21.news.prod igy.com...
I have a login page that is supposed to redirect the user to his private
page after login. But header("Locatio n: $url") does not work after I set
the $_SESSION variable - I get "Warning: Cannot modify header
information -
headers already sent by ...

The abbreviated code on the login page looks like this:

<?php
session_start() ;
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
[etc, etc]
[login form]
<?
if (credentials are valid)
{
session_start() ;
$_SESSION['username'] = $uid;
header("Locatio n: $url");
}
?>

One option I've heard about is using ob_start() at the top of the page -
but
that seems to screw up my session. I could also use Javascript like this:

<script language="javas cript">
window.location .href=("<?php echo $url; ?>");
</script>

but then folks without Javascript won't get redirected.

Are there any other alternatives?

Thanks in advance.

Jul 17 '05 #3
> <?php
session_start() ;

if(credentials are valid)
{
//set session and redirect
die();
}
?>


Thanks for the help.

So I moved the code to the top of the page, and the redirect works now. But
there are a couple of problems:

Before, when I hit my browser's back button, I would get "Warning... page
has expired" - which was nice - so the user could not log in again. Now I
don't get that error - it just goes back to the login page. Is there a way
to have that error appear?

The other thing, which is more of a problem, is that when the the session
expires, the "private page" has this code:

echo "Your session has timed out. You must <a href= '".$url."'>l og in
again</a> to view this page.";
session_destroy ();

When the user clicks on the link to go back to the login page, and re-enters
credentials, then clicks submit, the redirect fails with "Cannot find
page..." - apparently the header is getting screwed up the second time
around. What appears in the address window of my browser is something like
this:

https://hostname.myisp. com/~acctname/<?php%20echo%20 http://www.mysite.com/login.php;%20?>

Is there a way to clear out the header first? Other suggestions?

Here is the revised code:

session_start() ;
if ($username && $password)
{
$uid = trim($username) ;
$pas = trim($password) ;
if (credentials are valid)
{
$_SESSION['user'] = $uid;
$_SESSION['timeout'] = time();
$url="https://hostname.myisp. com/~acctname/privatePage.php ";
header("Locatio n: $url");
unset($em);
unset($pw);
die();
}
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
[html code...]
<?php
//if we are here then user enter bad credentials
if ($username && $password)
{
echo "Login Failed";
}
?>
[more html code...]
Jul 17 '05 #4
> When the user clicks on the link to go back to the login page, and
re-enters
credentials, then clicks submit, the redirect fails with "Cannot find
page..." - apparently the header is getting screwed up the second time
around. What appears in the address window of my browser is something like this:

https://hostname.myisp. com/~acctname/<?php%20echo%20 http://www.mysite.com/login.php;%20?>

I've noticed this behavior occurs in Firefox every time - even the first
time. Is there some bug in Firefox that prevents PHP from setting the
header? Or is my code not setting the header correctly?
Jul 17 '05 #5
deko <de**@hotmail.c om> wrote:
Before, when I hit my browser's back button, I would get "Warning... page
has expired" - which was nice - so the user could not log in again. Now I
don't get that error - it just goes back to the login page. Is there a way
to have that error appear?
You are the first person I see that actually wants that warning, most
people want to get rid of it (by using a redirect) :)

The only way I know to actually get the warning is to not do a
redirection after a post. You could make your login script like this:

<?php

if($user && $passwd)
{
if(valid())
{
?>
<html><body>
Login success <a href='next.php' >click here to continue.</a>
</body></html>
<?php
die();
}
}
else
{
$user='';
$passwd='';
}
?>
<html>
<?php
if($user)
echo "Login failed!";
?>
<form>
</form>
</html>

But that is getting very ugly very fast, I would suggest using a
template engine (like smarty) to truly seperate output and logic (do a
bunch of checks, determine template to show and set variables
accordingly to that tempalte).
The other thing, which is more of a problem, is that when the the session
expires, the "private page" has this code:

echo "Your session has timed out. You must <a href= '".$url."'>l og in
again</a> to view this page.";
session_destroy (); https://hostname.myisp. com/~acctname/<?php%20echo%20 http://www.mysite.com/login.php;%20?>

Is there a way to clear out the header first? Other suggestions?


That is scary... how is $url defined in that page?

Jul 17 '05 #6
> You are the first person I see that actually wants that warning, most
people want to get rid of it (by using a redirect) :)


I can live with it, but I'll try your suggestion.
The other thing, which is more of a problem, is that when the the session expires, the "private page" has this code:

https://hostname.myisp. com/~acctname/<?php%20echo%20 http://www.mysite.com/login.php;%20?>
Is there a way to clear out the header first? Other suggestions?


That is scary... how is $url defined in that page?


Good question. In fact, I think that was my problem.

But the real barf bag is that the SESSION does not appear to get set in
Firefox. I surfed around a bit and saw that others have also had similar
probelms with Firefox and login scripts. If you have any suggestions on how
to get the script working with Firefox, that would be great...

Thanks again for the help.
Jul 17 '05 #7
> But the real barf bag is that the SESSION does not appear to get set in
Firefox. I surfed around a bit and saw that others have also had similar
probelms with Firefox and login scripts. If you have any suggestions on how to get the script working with Firefox, that would be great...


Some further testing with Firefox -

Here again is the Login page code:

session_start() ;
if ($username && $password)
{
$uid = trim($username) ;
$pas = trim($password) ;
if (credentials are valid)
{
$_SESSION['user'] = $uid;
$_SESSION['timeout'] = time();
$url="https://hostname.myisp. com/~acctname/privatePage.php ";
header("Locatio n: $url");
unset($em);
unset($pw);
die();
}
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
[html code...]
<?php
//if we are here then user enter bad credentials
if ($username && $password)
{
echo "Login Failed";
}
?>
[more html code...]
Here is all the code on the redirect page:

<?php
session_start() ;
echo $_SESSION['uid'];
?>

Result: Nothing is echoed on the screen. But the redirect works...

I've played around with the SSL settings in Firefox, but no luck. I'm
wondering if the problem has something about carrying sessions over an SSL
connection??
Jul 17 '05 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
1971
by: Yossi | last post by:
I want to set the asp session id path property. how can I do that? I mean, asp session id is stored in a cookie and like any other cookie it should have properties (or attributes), how can I control it? Yossi.
11
3416
by: Vic Spainhower | last post by:
Hello, I just purchased a new domain name and I've set it up as a redirect to a folder on my main site. What is happening is the index.php page checks a session variable to see if the user is logged on and if not it displays a login screen. However, after loggin in it just keeps coming back to the login screen because the session variables...
4
1634
by: thdevdex | last post by:
Needless to say I'm new to .Net. I'm trying to set Session variables from within a method within a class. (Name "Session" is not declared) is the message I get while typing in the code. I don't get this while entering code within an .aspx.vb file. Obviously I need to create and instance of some System.Web... object but I don't know what...
6
7828
by: Weave | last post by:
I would like to redirect to a logout page after a session has timed out. I have placed a response.redirect "loggedoff.asp" in the Session_OnEnd subroutine in the global.asa, but it does not move to the page after timeout occurs. Any suggestions? Thanks in advance ....
6
16422
by: somaboy mx | last post by:
Hello I need people to be able to complete long text blocks in my cms before their session times out. From the php documentation I gather that ini directive session.gc_maxlifetime would be the one to adjust here. I am on shared hosting, so I can't change the php_ini settings directly. If I use ini_set, should I do that on every page in my...
3
3686
by: ABC | last post by:
How to automatic redirect if session timeout using ASP.NET 1.1?
2
4543
sumittyagi
by: sumittyagi | last post by:
I am using websphere 5.1 and I want to set session timeout for my application. Now I know two ways of setting it (declaratively and programmatically). * declaratively in web.xml of the application in session-cofig element. * programatically by session.setMaxInactiveInterval(). Now I wanted to know two things. 1. If there exists any other...
4
7320
by: SevDer | last post by:
Hi, I've done some coding in my web application however right now for an unknown reason my asp.net 2.0 site is not setting asp.net_sessionid cookie and as a result, I am losing the session data in each page refresh or redirect. I really do not have any coding against how the session works. And I have not changed any setting in IIS. I...
4
5670
by: Hugh Oxford | last post by:
I am writing some server to server software that needs to maintain state. When I say server to server I mean that the client is not a browser, it is another PHP server (as if that wasn't obvious). The obvious way to do this is to use the session ID. The problem is, how to first of all generate a session ID and then send back a session ID...
0
7862
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
0
7789
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language...
0
6551
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
1
5670
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes...
0
5361
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
0
3803
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
0
3820
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
2300
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
1
1400
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.