Sessions

hello sir ... im a little bit confuse.. what's question exactly? how to maintain a session or how to destroy it?

Show us the code by which you destroy the session.

Ronald :cool:

please write your code.
But i think you forget to include session code in your page .so you can come again without log in.
for example try to write:include"check_session.php"; in your page.

Show us the code by which you destroy the session.

Ronald :cool:

Hello Ronald Thanks for ur reply,
in my first program
--------------------------------------------------------------------------------------------------------------------
index.php

--------------------------------------------------------------------------------------------------------------------
<?php

session_start();

include("dbconnect.php");

if(isset($_POST['login']))

$username = $_POST['login'];

else

$username = "";



if(!empty($username))

{

if(isset($_POST['pass']))

$pas =$_POST["pass"];



$qry = <<<STR

select username,password from users where username='$username' and password='$pas';

STR;

$r=mysql_query($qry)or die(mysql_error());

$r1=mysql_fetch_assoc($r);

$rowcount=mysql_num_rows($r);



if($rowcount==1)

{



$_SESSION['username'] = $r1["username"];



?>

<script language="javascript">

document.location = "viewRecords.php";

</script>

<?php

}

else

{

print "invalid user";

}



}

?>


--------------------------------------------------------------------------------------------------------------------
view records.php
--------------------------------------------------------------------------------------------------------------------
<?php

session_start();

if(!isset($_SESSION["username"]))

{

die ("ERROR: Unauthorized access!");

}

else

{?>

<?php

function logout()

{

session_destroy();

}

?>



<td width="150" align="center" valign="middle" background="images/sub_menu.jpg"><span class="right"><a href="index.php" onClick="logout();">Logout</a></span></td>



<?php

include("dbconnect.php");

$results = mysql_query("select * from insertrecord ");

while($row = mysql_fetch_array($results))

{

echo "<tr>";

echo "<td>" . $row['jobname'] . "</td>";

echo "<td>" . $row['country'] . "</td>";

echo "<td>" . $row['city'] . "</td>";

echo "<td>" . $row['description'] . "</td>";

echo "<td>" . $row['entrydate'] . "</td>";

echo "<td>" . $row['email'] . "</td>";

echo "</tr>";

}

echo "</table>";

?>



<?php

}

?>
NOTE:this is my situation when I click on logout button I just called session destroy function.but after clicking on log out button when i select browser's back button Im able to view all the details.
please help me ronald
regards,
ramya

hello sir ... im a little bit confuse.. what's question exactly? how to maintain a session or how to destroy it?

when i use this code Im able to enter into the website even though I logout,when I click on browsers back button
in my first program
--------------------------------------------------------------------------------------------------------------------
index.php

--------------------------------------------------------------------------------------------------------------------
<?php

session_start();

include("dbconnect.php");

if(isset($_POST['login']))

$username = $_POST['login'];

else

$username = "";



if(!empty($username))

{

if(isset($_POST['pass']))

$pas =$_POST["pass"];



$qry = <<<STR

select username,password from users where username='$username' and password='$pas';

STR;

$r=mysql_query($qry)or die(mysql_error());

$r1=mysql_fetch_assoc($r);

$rowcount=mysql_num_rows($r);



if($rowcount==1)

{



$_SESSION['username'] = $r1["username"];



?>

<script language="javascript">

document.location = "viewRecords.php";

</script>

<?php

}

else

{

print "invalid user";

}



}

?>


--------------------------------------------------------------------------------------------------------------------
view records.php
--------------------------------------------------------------------------------------------------------------------
<?php

session_start();

if(!isset($_SESSION["username"]))

{

die ("ERROR: Unauthorized access!");

}

else

{?>

<?php

function logout()

{

session_destroy();

}

?>



<td width="150" align="center" valign="middle" background="images/sub_menu.jpg"><span class="right"><a href="index.php" onClick="logout();">Logout</a></span></td>



<?php

include("dbconnect.php");

$results = mysql_query("select * from insertrecord ");

while($row = mysql_fetch_array($results))

{

echo "<tr>";

echo "<td>" . $row['jobname'] . "</td>";

echo "<td>" . $row['country'] . "</td>";

echo "<td>" . $row['city'] . "</td>";

echo "<td>" . $row['description'] . "</td>";

echo "<td>" . $row['entrydate'] . "</td>";

echo "<td>" . $row['email'] . "</td>";

echo "</tr>";

}

echo "</table>";

?>



<?php

}

?>
NOTE:this is my situation when I click on logout button I just called session destroy function.but after clicking on log out button when i select browser's back button Im able to view all the details.

regards,
ramya

You don't really expect me to look at 3 posts of unstructured code displays, do you??

Before you show any code, read the Posting Guidelines at the top of this forum!
Especially the part about enclosing shown code within php or code tags!!

Ronald :cool:

when i try to logout, the session is destroy but i still can go inside to that page without login first by using IE Back button or history cache! How can i solve that?

It sounds like your problem is related to the cookie. When a session is created, the session information is stored locally on the server, and a session ID is sent to the remote system by way of a session cookie. It is usually called "PHPSESSID" or some other obvious name. The remote system stores this as the 'key' to their session on the server.

So now you log out. You call session_destroy(), which will delete all of the session-related information saved on the local server. It does NOT, however, delete the remote cookie. When the user tries to return to your site, and it is asking for a session id, the user is going to return the same session id it had last time. When your server does not see this session (because it has been destroyed locally), it will recreate a new session with the same id. Here's the catch: ANYWHERE ELSE YOU TIED TO THE SESSION ID AND DID NOT CLEAR WILL CONTINUE TO BE TIED. So, if you saved a cart using the session id as a way to track it, the cart will 'resurrect' itself from a destroyed session because you never removed the data.

Your solutions:

1) kill the remote cookie. See setcookie() for this.
2) kill the local session. session_destroy() handles this.
3) remove session-related tracks in your database...erase the cart, remove any login indicators, etc.

thanq for u reply sir.
can u please give me an example of destroying a remote cookie .

http://www.phpbuddy.com/article.php?id=12