By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
437,713 Members | 2,012 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 437,713 IT Pros & Developers. It's quick & easy.

re-setting session variables in PHP

P: n/a
I'm using the following code for a login page in PHP. Everything
works OK until someone else logs in from the same browser. As best I
can tell $mail, $password, and $user_id are not getting updated in the
session.

I tried doing

session_start();
session_destroy();

$_SESSION['email'] = $email;
$_SESSION['password'] = $password;
$_SESSION['user_id'] = $user_id;

which seems to prevent email, password, and user_id from being set.

I'm using 4.1.2, no changes to php.ini (register_globals = On)

Any suggestions, help, or comments greatly appriciated.

Thanks!

Thomas
================================================== ========

<?php

$email = addslashes($_POST['f-email']);
$password = addslashes($_POST['f-password']);

// connect to database

# query the database here - if $password and $mail match,
# return $user_id

if (!$user_id) {

// login failure

header('Location: login_error.php');

} else {

// login is good. start a session for this user

session_start();

$_SESSION['email'] = $email;
$_SESSION['password'] = $password;
$_SESSION['user_id'] = $user_id;

// and send them on their way

header('Location: home.php');

}

?>

Jul 17 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
su*********@hotmail.com wrote:
I'm using the following code for a login page in PHP. Everything
works OK until someone else logs in from the same browser. As best I
can tell $mail, $password, and $user_id are not getting updated in the
session.

I tried doing

session_start();
session_destroy();

$_SESSION['email'] = $email;
$_SESSION['password'] = $password;
$_SESSION['user_id'] = $user_id;

which seems to prevent email, password, and user_id from being set.

I'm using 4.1.2, no changes to php.ini (register_globals = On)

Any suggestions, help, or comments greatly appriciated.

Thanks!

Thomas
================================================== ========

<?php

$email = addslashes($_POST['f-email']);
$password = addslashes($_POST['f-password']);

// connect to database

# query the database here - if $password and $mail match,
# return $user_id

if (!$user_id) {

// login failure

header('Location: login_error.php');

} else {

// login is good. start a session for this user

session_start();

$_SESSION['email'] = $email;
$_SESSION['password'] = $password;
$_SESSION['user_id'] = $user_id;

// and send them on their way

header('Location: home.php');

}

?>


Thomas,

It seems to me like you are hitting the same bug I encountered a while
back on PHP 4.1.2. This is a documented bug and I would advise you to
upgrade your PHP4 version to the latest one. Here is a link to the bug
report:

http://bugs.php.net/bug.php?id=16102

Amir.

--
Rules are written for those who lack the ability to truly reason, But for
those who can, the rules become nothing more than guidelines, And live
their lives governed not by rules but by reason.
- James McGuigan
Jul 17 '05 #2

P: n/a

<su*********@hotmail.com> escreveu na mensagem
news:40**************@news.sonic.net...
I'm using the following code for a login page in PHP. Everything
works OK until someone else logs in from the same browser. As best I
can tell $mail, $password, and $user_id are not getting updated in the
session.

I tried doing

session_start();
session_destroy();
But you didnt do the two of them together right? You should *only* do the
"session_destroy();" when you want the user to log out and not before trying
to change "$_SESSION" fields.

$_SESSION['email'] = $email;
$_SESSION['password'] = $password;
$_SESSION['user_id'] = $user_id;


Jul 17 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.