I'm using the following code for a login page in PHP. Everything
works OK until someone else logs in from the same browser. As best I
can tell $mail, $password, and $user_id are not getting updated in the
session.
I tried doing
session_start();
session_destroy();
$_SESSION['email'] = $email;
$_SESSION['password'] = $password;
$_SESSION['user_id'] = $user_id;
which seems to prevent email, password, and user_id from being set.
I'm using 4.1.2, no changes to php.ini (register_globals = On)
Any suggestions, help, or comments greatly appriciated.
Thanks!
Thomas
================================================== ========
<?php
$email = addslashes($_POST['f-email']);
$password = addslashes($_POST['f-password']);
// connect to database
# query the database here - if $password and $mail match,
# return $user_id
if (!$user_id) {
// login failure
header('Location: login_error.php');
} else {
// login is good. start a session for this user
session_start();
$_SESSION['email'] = $email;
$_SESSION['password'] = $password;
$_SESSION['user_id'] = $user_id;
// and send them on their way
header('Location: home.php');
}
?>