I have a login page that redirects to a directory based on their username.
On the login page after they are verified, it starts a session, and registers a session variable that indicates they are logged in. I'm using cookies for my sessions. Problem is that after they are verified as logged in, and it redirects to their page, and it try to the restore the session varible, I get nothing. At this point, if I go BACK to the login page, and I can login, and the session variable are passed with problem. Only happens when I first start a browser.
I've passed the SID through, and that fixed it BUT there are going to be more pages than the index that are going to be using auto_prepend to verify that the user is logged on, so i really need to use cookies, because someone else is editing the pages (a luser).
here is what I have:
www.foo.com/login.php
<unimportant database stuff removed>
if($userfound != 0) {
session_register("verified_user");
$verified_user = $SentUname;
header("Location:" . SECUREURL . $SentUname);
}
www.foo.com/secure/username/auto_prepend.inc
session_start();
$current_dir = getcwd();
chdir("..");
$parent_dir = getcwd();
$user_dir = substr(str_replace($parent_dir,'',$current_dir),1);
//suppress error, if the login page was skipped
$user = @$HTTP_SESSION_VARS["verified_user"];
// if not supposed to be here.. get us out!
if($user != $user_dir) {
header("Location:http://" . $HTTP_HOST);
}
P.S. I tried placing session_start in login.php..no help session_register implies that anyway.
Thanks for any help!
Miles
