sessions driving me crazy

ruido

Hi all,

Maybe someone out there can enlighten me, because i'm obviously too stupid to realise
what I messed up here...

I need to setup a site with user authentification through sessions.

Since I don't want to use cookies I used the script for storing session stuff in a mysql database from ying zhangs article.

The setup:

A frameset with 3 frames (top, navigation and main).

I have a simple user login page (pure html form, username + pass) which calls the login.php script.

This checks if the form has been filled out at all, checks user and pass against the database and if everything is correct, calls
the admin.php page the registered user is allowed to see.

Basically it works, i.e. the session key and variables are written to the database ok.

My Problem is that I can't pass the session to the admin.php page and to my navigation frame.

include("../modules/session_mysql.inc.php");
session_start();
/DB connector/
include("../modules/connect.inc.php");

{
...
some formchecking code here
...
}

else
{
if($user&&$pass)
{
{... some userchecking code ... }

	/*Sessionvars*/
	$check1=$auth_user->USER;
	$time=strftime("%H:%M:%S %d.%m.%Y");
	$ip=$REMOTE_ADDR;

	/*Pass OK?*/
	if($auth_user->PASS==$pass)
	{
		/*some more Logfiles*/
		include ("../modules/logging.inc.php");			



		/*cryt sessionvars*/
		$mysession=crypt($check1.$time.$ip);
		session_register($mysession);

		/*Und ab geht die Luzie*/
		/*admin or not?*/
		if ($check1=="00000001")
		{
			echo " <script language='javascript'>
			parent.frames[1].location.href='../templates/adm_navi.html?".session_id()."';
			parent.frames[2].location.href='admin.php?".session_id()."';
			</script>";

		}
		else 
		{
			echo " <script language='javascript'>
			document.location='user.php?".session_id()."';
     		</script>";
		}
	}

	/*User and/or Pass wrong:*/
	else
	{
		echo "<script language='javascript'>
     	document.location='wrong.php';
     	</script>";
	}
}

}

What did I do wrong?

Yes, I read the fm (quite a few times), I checked through the articles and postings on this here fine site, but I couldn't find any solution to this.
To be honest, I really don't quite understand how to handle all this session stuff - I am a rookie after all 🙂

pleeeeze help anyone....?

thx in advancce
marc

Anon

I'm not all that familiar with PHP built-in session support, but I'll throw in my two cents here anyway...

It looks like you're tyring to pass along the session_id by including it in each called url. (I see a session_id() function in the url.)

The urls should be of the structure "/page.html?varname=$value"

It looks like yours are of the structure "/page.html?$value"

For example, instead of

parent.frames[1].location.href='../templates/adm_navi.html?".session_id()."';

I think maybe it should be

parent.frames[1].location.href='../templates/adm_navi.html?id=".session_id()."';

Then, on the new page, you have to set up the session using session_name and session_start, etc.

Lacey

ruido

hmmm...
thanks anyway but that didn't help either except for writing a new session into my db for each new page because of the session_start()...?

Oh and I encountered another thing. When trying to logout (...session_destroy()...) I can still go to the admin pages with the back button on my browser...

I just don't get it.

Any other ideas?

ruido

This is the 4th #@*§&$ day I try to get this working and I'm getting nowhere.

I've tried everything (at least I think so 😉) I found in the manual and in various forums - no chance.

I know I'm not the brightest when it gets down to programming, but this is ridiculous.

IMHO: the manual is poor on session issues, books and most example code posted on the net are too.

pls excuse my outrage, but too much coffee, cigarettes and brainwrecking didn't do me any good this time.

..."this summer is a moody bitch" said the man as he went into the liquid sunshine...

Anon

I don't like the built-in session support anyway. I prefer to set up a database and write my own session functions. I guess I'm just anal that way, but at least then I can know exactly what's going on.