By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
437,967 Members | 1,687 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 437,967 IT Pros & Developers. It's quick & easy.

Sessions

P: 10
How to maintain a session from page to page? I'm getting a problem here when i try to logout, the session is destroy but i still can go inside to that page without login first by using IE Back button or history cache! How can i solve that? Anybody help me please...
Feb 23 '07 #1
Share this Question
Share on Google+
9 Replies


exoskeleton
100+
P: 104
hello sir ... im a little bit confuse.. what's question exactly? how to maintain a session or how to destroy it?
Feb 23 '07 #2

ronverdonk
Expert 2.5K+
P: 4,258
Show us the code by which you destroy the session.

Ronald :cool:
Feb 23 '07 #3

P: 22
please write your code.
But i think you forget to include session code in your page .so you can come again without log in.
for example try to write:include"check_session.php"; in your page.
Feb 23 '07 #4

P: 10
Show us the code by which you destroy the session.

Ronald :cool:
Hello Ronald Thanks for ur reply,
in my first program
--------------------------------------------------------------------------------------------------------------------
index.php

--------------------------------------------------------------------------------------------------------------------
<?php

session_start();

include("dbconnect.php");

if(isset($_POST['login']))

$username = $_POST['login'];

else

$username = "";



if(!empty($username))

{

if(isset($_POST['pass']))

$pas =$_POST["pass"];



$qry = <<<STR

select username,password from users where username='$username' and password='$pas';

STR;

$r=mysql_query($qry)or die(mysql_error());

$r1=mysql_fetch_assoc($r);

$rowcount=mysql_num_rows($r);



if($rowcount==1)

{



$_SESSION['username'] = $r1["username"];



?>

<script language="javascript">

document.location = "viewRecords.php";

</script>

<?php

}

else

{

print "invalid user";

}



}

?>


--------------------------------------------------------------------------------------------------------------------
view records.php
--------------------------------------------------------------------------------------------------------------------
<?php

session_start();

if(!isset($_SESSION["username"]))

{

die ("ERROR: Unauthorized access!");

}

else

{?>

<?php

function logout()

{

session_destroy();

}

?>



<td width="150" align="center" valign="middle" background="images/sub_menu.jpg"><span class="right"><a href="index.php" onClick="logout();">Logout</a></span></td>



<?php

include("dbconnect.php");

$results = mysql_query("select * from insertrecord ");

while($row = mysql_fetch_array($results))

{

echo "<tr>";

echo "<td>" . $row['jobname'] . "</td>";

echo "<td>" . $row['country'] . "</td>";

echo "<td>" . $row['city'] . "</td>";

echo "<td>" . $row['description'] . "</td>";

echo "<td>" . $row['entrydate'] . "</td>";

echo "<td>" . $row['email'] . "</td>";

echo "</tr>";

}

echo "</table>";

?>



<?php

}

?>
NOTE:this is my situation when I click on logout button I just called session destroy function.but after clicking on log out button when i select browser's back button Im able to view all the details.
please help me ronald
regards,
ramya
Feb 28 '07 #5

P: 10
hello sir ... im a little bit confuse.. what's question exactly? how to maintain a session or how to destroy it?
when i use this code Im able to enter into the website even though I logout,when I click on browsers back button
in my first program
--------------------------------------------------------------------------------------------------------------------
index.php

--------------------------------------------------------------------------------------------------------------------
<?php

session_start();

include("dbconnect.php");

if(isset($_POST['login']))

$username = $_POST['login'];

else

$username = "";



if(!empty($username))

{

if(isset($_POST['pass']))

$pas =$_POST["pass"];



$qry = <<<STR

select username,password from users where username='$username' and password='$pas';

STR;

$r=mysql_query($qry)or die(mysql_error());

$r1=mysql_fetch_assoc($r);

$rowcount=mysql_num_rows($r);



if($rowcount==1)

{



$_SESSION['username'] = $r1["username"];



?>

<script language="javascript">

document.location = "viewRecords.php";

</script>

<?php

}

else

{

print "invalid user";

}



}

?>


--------------------------------------------------------------------------------------------------------------------
view records.php
--------------------------------------------------------------------------------------------------------------------
<?php

session_start();

if(!isset($_SESSION["username"]))

{

die ("ERROR: Unauthorized access!");

}

else

{?>

<?php

function logout()

{

session_destroy();

}

?>



<td width="150" align="center" valign="middle" background="images/sub_menu.jpg"><span class="right"><a href="index.php" onClick="logout();">Logout</a></span></td>



<?php

include("dbconnect.php");

$results = mysql_query("select * from insertrecord ");

while($row = mysql_fetch_array($results))

{

echo "<tr>";

echo "<td>" . $row['jobname'] . "</td>";

echo "<td>" . $row['country'] . "</td>";

echo "<td>" . $row['city'] . "</td>";

echo "<td>" . $row['description'] . "</td>";

echo "<td>" . $row['entrydate'] . "</td>";

echo "<td>" . $row['email'] . "</td>";

echo "</tr>";

}

echo "</table>";

?>



<?php

}

?>
NOTE:this is my situation when I click on logout button I just called session destroy function.but after clicking on log out button when i select browser's back button Im able to view all the details.

regards,
ramya
Feb 28 '07 #6

ronverdonk
Expert 2.5K+
P: 4,258
You don't really expect me to look at 3 posts of unstructured code displays, do you??

Before you show any code, read the Posting Guidelines at the top of this forum!
Especially the part about enclosing shown code within php or code tags!!


Ronald :cool:
Feb 28 '07 #7

P: 2
when i try to logout, the session is destroy but i still can go inside to that page without login first by using IE Back button or history cache! How can i solve that?
It sounds like your problem is related to the cookie. When a session is created, the session information is stored locally on the server, and a session ID is sent to the remote system by way of a session cookie. It is usually called "PHPSESSID" or some other obvious name. The remote system stores this as the 'key' to their session on the server.

So now you log out. You call session_destroy(), which will delete all of the session-related information saved on the local server. It does NOT, however, delete the remote cookie. When the user tries to return to your site, and it is asking for a session id, the user is going to return the same session id it had last time. When your server does not see this session (because it has been destroyed locally), it will recreate a new session with the same id. Here's the catch: ANYWHERE ELSE YOU TIED TO THE SESSION ID AND DID NOT CLEAR WILL CONTINUE TO BE TIED. So, if you saved a cart using the session id as a way to track it, the cart will 'resurrect' itself from a destroyed session because you never removed the data.

Your solutions:

1) kill the remote cookie. See setcookie() for this.
2) kill the local session. session_destroy() handles this.
3) remove session-related tracks in your database...erase the cart, remove any login indicators, etc.
Feb 28 '07 #8

P: 10
thanq for u reply sir.
can u please give me an example of destroying a remote cookie .
Mar 26 '07 #9

ak1dnar
Expert 100+
P: 1,584

Post your reply

Sign in to post your reply or Sign up for a free account.