473,473 Members | 1,484 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

PHP session Problem

semanticnotion
66 New Member
I have a login problem with my php session. once i sign in and then press sign out it destroy the session but when i clicked back button it goes to sign in page.... plz help

below is my code.

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. ob_start();
  3. $host="localhost"; // Host name
  4. $username="root"; // Mysql username
  5. $password="root"; // Mysql password
  6. $db_name="test"; // Database name
  7. $tbl_name="user"; // Table name
  8.  
  9. // Connect to server and select databse.
  10. mysql_connect("$host", "$username", "$password")or die("cannot connect");
  11. mysql_select_db("$db_name")or die("cannot select DB");
  12.  
  13. // Define $myusername and $mypassword
  14. $myusername=$_POST['myusername'];
  15. $mypassword=$_POST['mypassword'];
  16.  
  17. // To protect MySQL injection (more detail about MySQL injection)
  18. $myusername = stripslashes($myusername);
  19. $mypassword = stripslashes($mypassword);
  20. $myusername = mysql_real_escape_string($myusername);
  21. $mypassword = mysql_real_escape_string($mypassword);
  22.  
  23. //$sql="SELECT * FROM $tbl_name WHERE user_name='$myusername' and password='$mypassword'";
  24. //$result=mysql_query($sql);
  25.  
  26.  
  27. $query = "SELECT * FROM `user` WHERE user_name = '$myusername'
  28.          AND password = '$mypassword'";
  29.  
  30. /* query the database */
  31. $result = mysql_query($query);
  32. mysql_close();
  33. /* Allow access if a matching record was found, else deny access. */
  34. if (mysql_fetch_row($result)) {
  35.   /* access granted */
  36.   session_start();
  37.   header("Cache-control: private");
  38.   $_SESSION["access"] = "authorized";
  39.   //echo"success";
  40.   header("Location:admin.php");
  41. } else
  42.   /* access denied – redirect back to login */
  43. echo '<html>
  44.   <head>
  45.     <title></title>
  46.     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  47.         <META HTTP-EQUIV="refresh" CONTENT="5;URL=main_login.php">
  48.   </head>
  49.   <body bgcolor="black">
  50.  
  51.     <h1 style="color:red" align="center">ACCESS DENIED !!</h1>
  52.     <p style="color:red" align="center">You have provided invalid login information.
  53.     <br />Your IP address has been logged
  54.     <br /></p>
  55.   </body>
  56. </html>
  57. ';
  58.   //header("Location: ./admin_login.php");
  59. ?>
  60.  
This is admin page

Expand|Select|Wrap|Line Numbers
  1. <?
  2. session_start();
  3. header("Cache-control: private");
  4. $access = $_SESSION["access"];
  5. if ($access != "authorized"){
  6.     header("Location: main_login.php");
  7.     die;
  8. }
  9.   echo "<font color='#FFFFFF'><strong><a href='logout.php'>LOGOUT</a></strong></font>";
  10. echo"<br/>";
  11. echo"<br/>";
  12. ?>
  13.  
  14. <html>
  15.     <body>
  16.         <b>welcome to the admin page.....!</b><br/><br/><br/>
  17.  
  18.         <?php
  19.  
  20.         $host="localhost"; // Host name
  21. $username="root"; // Mysql username
  22. $password="root"; // Mysql password
  23. $db_name="test"; // Database name
  24. //$tbl_name="question"; // Table name
  25.  
  26. // Connect to server and select databse.
  27. mysql_connect("$host", "$username", "$password")or die("cannot connect");
  28. mysql_select_db("$db_name")or die("cannot select DB");
  29.  
  30.  
  31. $query="select * from subject";
  32. $result=mysql_query($query) or die ("Error in query: $query. ".mysql_error());
  33.  
  34.  
  35.        while($nt=mysql_fetch_array($result)){
  36.  
  37.           $var=$nt[subject_code];
  38.           $sub=$nt[Name];
  39.            //echo $var;
  40. echo "$nt[subject_code]"." <a href='entry.php?code=$var&Name=$sub'> $nt[Name]</a><br/>";// subject code and subject name will be printed with one line break at the end
  41.  
  42.  
  43. }
  44.  
  45.         //<a href="add.html"><input type ="button" name="add" value="Add Question"></a>
  46.        // <a href="update.html"><input type ="button" name="Update" value="Update Question"></a>
  47.         //<a href="delete.html"><input type ="button" name="delete" value="Delete Question"></a>
  48. ?>
  49.     </body>
  50. </html>
  51.  
Sep 23 '10 #1
7 2015
Markus
6,050 Recognized Expert Expert
Well, what do you expect it to do? The back button refers to a cached page, in your browser's history.
Sep 23 '10 #2
semanticnotion
66 New Member
But if copy the link from address bar then click logout and after that if i paste that link to address it goes to my login page
Sep 23 '10 #3
Markus
6,050 Recognized Expert Expert
Isn't that what you want? That is, when someone has logged out, they shouldn't be able to access areas when they're unauthorized to so? I don't understand the problem here.
Sep 23 '10 #4
semanticnotion
66 New Member
sir the problem is that ones i signed in to my admin page then if i clicked logout it goes to logout page but if clicked back button it goes back to my admin page it should go to main_login page because the session is already destroyed. and on my admin page first i start the session and then if it is'nt authorized it redirect to main_login.
Sep 23 '10 #5
Markus
6,050 Recognized Expert Expert
This is intended behaviour. As I said before, the 'back' button in a browser takes you to a page that is stored in the browser's cache, that is, it's a copied version of a page you once visited. You may think this is a security issue, but it really isn't.

If I were to click the back button after logging out of a website, say, my on-line bank account, I'd get maybe the home-page for my account. However, as soon as I try to do anything on this page, the page will need to refresh/load a new page, and on that page there will be security checks to make sure the session is still alive - of course, if you've logged out, the session will have been destroyed and you can then take the appropriate action.

The key here is to make sure that any pages that require a user to be logged in, should *always* make this check.

Mark.
Sep 23 '10 #6
ciranjeebxtreme
4 New Member
HI semanticnotion,
In The Above Example You Are Saving Just One Session SuperGlobal In The WebServer ie
$_SERVER['access'] assinged as 'authorized'

So In This Case Its Important For You To Make Sure That You Are Deleting Your $_SERVER['access'] Superglobal in the "logout.php" Script..
*If Youre Saving any session cookie during the login make sure that you clear out that session cookie from the server in your logout script.
*Now Lets Keep Things Simple And Write The Best simple logout script
Rewrite Your logout.php Script.
<?php
session_start();
if(isset($_SESSION['access'])) {
$SESSION=array();
if(isset($_COOKIE[session_name()])) {
//If Session Cookie Exists Then Remove It By Setting it //to any time in the past
setcookie(session_name(),'',time()-3600);
}
//Stop The Session With User
session_destroy();
}
//Now Head Back To Login Page
$redirect='http://'.$_SERVER['HTTP_HOST'].
dirname($_SERVER['PHP_SELF'])./admin_login.php';
header('Location:'.$redirect);
exit();

?>


I Hope That Helps !!!
If You Have Any More Problems Do Ask Me-
ciranjeebxtreme@gmail.com
Sep 24 '10 #7
semanticnotion
66 New Member
thanks ciranjeebxtreme for your response i have solved it....
Sep 28 '10 #8

Sign in to post your reply or Sign up for a free account.

Similar topics
1
Session Problem on AOL Browser
by: Jonathan Chong | last post by:
I have problem with AOL browser (IE and Netscape are OK) accessing my Web site after putting up a load balancer that will go to W1 or W2. The problem does not happen when there is only Web server...
Latest Bytes
5
session problem
by: Roman | last post by:
Hi, I've installed .net on my server and since then I'm loosing my sessions from my (old) asp. e.g.: Session("test") works on the same page, but if the page is changed the whole session is...
Latest Bytes
0
Session problem
by: Marek | last post by:
Hi, I have the following session problem: I've created simple login/logout form to prevent unknown users from accessing my private web site part and It is not working on the www server. It seems...
Latest Bytes
0
Session Problem
by: Sabari | last post by:
Hi, In our application we face a session problem.Its kinda strange as well.We have our session timeout in web.config file to 240 minutes.It works fine in our intranet.When we moved the project to...
Latest Bytes
1
A Session problem
by: caldera | last post by:
Hello, We have a session problem. A dataset is put into a session and call this session value later. When we run this web page in http://localhost it works. But server has a specific name like...
Latest Bytes
4
asp.net session problem
by: alan | last post by:
Hi, i have some problem in asp.net session problem in page_load -> i have Label1.text = Session("a") in DataGrid1_sortCommand -> i have Session("a") = e.sortExpression
Latest Bytes
3
session Problem
by: sri | last post by:
Hi, I have Login page (login.aspx") and after entering into inbox by giving valid userid and password the session item is userid and password. In inbox page ("inbox.aspx") i have logoff button and...
Latest Bytes
2
session problem with login script
by: Tom | last post by:
I hope someone can help me figure out what's going on here. I've re-read the section on sessions at php.net and Googled this high and low but I haven't found anything that quite explains my...
Latest Bytes
3
Php Session Problem
by: deepsfriend4u | last post by:
Hello, i have one application in that i use session . problem is, same code and session data use work successful in Firefox but not work in Internet Explore. Thanks & Regards ...
Latest Bytes
2
php session problem
by: Kong Chun Ho | last post by:
Hi all, I have a php session problem when i echo a session_id, it return nothing! <?php if(!session_start()) { exit(); }else{ ob_start(); session_start(); echo session_id(); echo SID;...
Latest Bytes
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Latest Bytes
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Latest Bytes
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Latest Bytes
1
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Latest Bytes
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
Latest Bytes
1
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Latest Bytes
0
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Latest Bytes
0
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
Latest Bytes
0
muto222
php
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
Latest Bytes

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us