Sessions = confusing....

epimeth

I think I did this right... just one problem which isn't really a problem but I'd rather this not happen...

if a user logs in and then follows a link off the page (really just home right now) and then comes back by typing .../admin.php in the adress bar, the session resumes. I don't know if its supposed to do this or its just a bug

if back is pressed after the link then a warning: page has expired message is displayed... thats good...

ideally, I want "No username entered" displayed for typing in admin.php manually... I think what I want is to execute session_unset() whenever I go to any page that isn't admin.php...

admin.php

<?php
session_name('localhost_editor');
session_start();
?>

<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html>
<head>
 <title>FRED administration</title>
</head>

<body link="Black" vlink="Black" alink="Black">
<center>

<br />
<br />

<h1>Go <a href="http://localhost/home/">Home</a></h1>

<br />
<br />

<?php

if (isset($_POST['uname'])) $_SESSION['uname'] = $_POST['uname'];
elseif (!isset($_SESSION['uname'])) die("No Username Entered</center></body></html>");

$uname = $_SESSION['uname'];

if (isset($_POST['pword'])) $_SESSION['pword'] = $_POST['pword'];
elseif (!isset($_SESSION['pword'])) die("No Password Entered</center></body></html>");

$pword = $_SESSION['pword'];


$dbconn = mysql_connect();
mysql_select_db('portal');
$sql = "SELECT * FROM users WHERE uname LIKE '$uname' AND pword LIKE '$pword'";

if (mysql_num_rows(mysql_query($sql)))
{
?>


LOGGED IN


<?php

}

else
{
 echo "INCORRECT USERNAME/PASSWORD";
 session_unset();
}

session_write_close();
?>

</center>
</body>
</html>

buddysal

sessions are set to last like 16 hours or something, it will save the session that matches that persons username for the default time unless you put a smaller expiration time on it... I think im right here. if not someone may want to correct me....

im having the problem when a user logs in and i go to another page by typing it in it still opens wether the user has a session through login or not...

epimeth

I'm thinking I might need a javascript function that runs onUnLoad or something...

buddysal

not sure lol im not too good with sessions...

Weedpacket

Originally posted by buddysal
sessions are set to last like 16 hours or something, it will save the session that matches that persons username for the default time unless you put a smaller expiration time on it... I think im right here. if not someone may want to correct me....

Sessions last for as long as the browser remains on. If a session lasts longer than a certain amount of time (specified in php.ini) the server will start thinking about whether to trash its data (how seriously it thinks about it is also specified in php.ini).

But the browser won't ditch its copy of the session ID until it's either shut down or is told to ditch it. Of course, the server doesn't know if the browser went off to some other site, so it can't do anything in that situation directly. An unUnload() event handler ought do the job (assuming Javascript is enabled). I'm not ofay with Javascript, but using it to set the value of the PHPSESSID cookie to "" might work.

buddysal

ooo ok lol i thought i read someplace in a php book that there was a default session set and after that time was up the session got deleted... err or maybe im thinking of cookies?