sessions again

ronaldo9

i am using php 4.3.0, on win2k machine,

i am testing my php pages on apache server on my local machine,

i have created a session folder in my php folder and my sessions are being saved there,

iam developing a login system where the username and password is authenticated against a database. when the user logs in a session is created

im connecting to a database and the connection is working properly, when i test the login it is successful and it displays all the fields i requested.

BUT the session seems to be persistent or something when i refresh the page the results remain on the page, and i am NOT asked to re-send the variables. When i use the back or forward buttons on the browser the results are still there. When i try to log in using a different username and password the same results from the previous login are displayed again.

Also when i do a simple session creartion page such as;

<?php
session_start();
echo session_id();
session_destroy(); /*same outcome with or without this line
?>

This displays a session id but when i refresh the page it remains the same,,whats going on????

i know its difficult to solve a problem like this without having ti in front of you, however even if u cant solve this problem could you tell me the correct way to set up the session options in the php.ini file.

thank you.

ronaldo9

can someone just give the proper settings for sessions of the following variables in the php.ini file,

session.save_handler=?
session.use_cookies =?
session.use_only_cookies=?
session.cookie_lifetime=?

ronaldo9

am i talking to myself???/

i investigated further, and this is what is happening,

i have 4 pages, one accepts username and password, the next checks it with the database, the third outputs the results, and the fourth simple outputs the session id.

i echoed the session id on each page and this is what i got,

-the first page is the html login page
-the second page displays a new session id,call it A.
-the third page displays an old session id and the old results from that old session.
-the fourth page displays the new session id A.

i cannot find the old session to delete it and i dont know why it is displaying the old session id when it doesnt exist...

any thoughts???
come on guys...

alsaffar

Hi ronaldo9, although I hate Real Madid as Im a Barca fan but its ok 🙂

I read your post, and I noticed that you have 4 pages while you can put them all in 1 page!

Then regarding the sessions, can you show us some code so we can help.

ronaldo9

i think ronaldos hat trick proves who is the best,,

the reason i have 4 pages is just for illustration purposes to see if the sessions are actually working.

this is the code for the main page, this is the one which is displaying the new session_id. the page that this calls displays the old session id.

<?php
session_start();

$username=$_POST["user"];
$password=$_POST["pass"];
session_register('username'); 

$_SESSION['username'] = $username;
session_register('password'); 
$_SESSION['password'] = $password;

$db="(DESCRIPTION=(ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = RICHARD-2J7P3XV)(PORT = 1521)))(CONNECT_DATA=(SID=test)))";
$c1=ocilogon("ADAMS","password",$db);
$count=0;

$query="select * from david.customer_registration where USERNAME='$username' and PWORD1='$password'";
$stmt=ociparse($c1,$query);	
ociexecute($stmt);

while (ocifetch($stmt)){
$count++;

$custid=ociresult($stmt,"CUST_ID");
session_register('custid'); 
$_SESSION['custid'] = $custid;

$fname=ociresult($stmt,"F_NAME");
session_register('fname'); 
$_SESSION['fname'] = $fname;

$lname=ociresult($stmt,"L_NAME");
session_register('lname'); 
$_SESSION['lname'] = $lname;

$gender=ociresult($stmt,"GENDER");
session_register('gender'); 
$_SESSION['gender'] = $gender;

$address=ociresult($stmt,"ADDR");
session_register('address'); 
$_SESSION['address'] = $address;

$city=ociresult($stmt,"CITY");
session_register('city'); 
$_SESSION['city'] = $city;

$country=ociresult($stmt,"COUNTRY");
session_register('country'); 
$_SESSION['country'] = $country;

$mobile=ociresult($stmt,"MOBILE");
session_register('mobile'); 
$_SESSION['mobile'] = $mobile;

$mail=ociresult($stmt,"MAIL");
session_register('mail'); 
$_SESSION['mail'] = $mail;

$mother=ociresult($stmt,"MOTHERSNAME");
session_register('mother'); 
$_SESSION['mother'] = $mother;

$sms=ociresult($stmt,"SMS");
session_register('sms'); 
$_SESSION['sms'] = $sms;

$smsup=ociresult($stmt,"SMSUPDATES");
session_register('smsup'); 
$_SESSION['smsup'] = $smsup;

}


if($count<=0){?>
	<meta http-equiv="refresh" content="0; url=loginfail.htm">
	<?php
	}
	else if($count>=1){?>
		<meta http-equiv="refresh" content="0; url=person.php">
		<?php
		}

ocilogoff($c1);
?>
<html>
<body bgcolor="#003366">
</html>

this code is for the page that the avove code is displying,

<?php
session_start();
echo session_id()."<br>\n";
echo $SESSION['username']."<br>\n";
echo $SESSION['address']."<br>\n";
?>

it displays an old session id and the username and password that the old session contained.