Session Idiot

baffled_in_UK

Hi,

I've searched these forums and looked at various tutorials but I can't seem to get the hang of the sessions. This should be so simple but I can't get it working. I have a few pages that are restricted and if you go there it redirects to a login page.

example: (restricted.php)

// if not already logged in then ask them to
if ($_SESSION[login] != "1") {
header("Location: security.php");
} else {
// display page
}

all ok so far...

when a login is authenticated I do this..(security.php)

if ($num != 0 && $activated == "Y")  { 
$_SESSION[login] = "1"; 
header("Location: restricted.php"); 
}

What happens is that I get thrown straight back to security.php

I have

session_start();

on all pages and am running on PHP Version 4.2.3

What am I doing wrong ?

Thanks to anyone who can prevent me putting my foot through my screen.

keith73

Originally posted by baffled_in_UK
Hi,

I've searched these forums and looked at various tutorials but I can't seem to get the hang of the sessions. This should be so simple but I can't get it working. I have a few pages that are restricted and if you go there it redirects to a login page.

when a login is authenticated I do this..(security.php)
if ($num != 0 && $activated == "Y")  { 
$_SESSION[login] = "1"; 
header("Location: restricted.php"); 
}
[/B]

but you aren't calling session_start() first.
insert session_start() before $_SESSION[login] = 1;

keith

baffled_in_UK

I have said in my original post that I have got session_start() on ALL my pages within the site so that I don't lose the session info.

keith73

Originally posted by baffled_in_UK
I have said in my original post that I have got session_start() on ALL my pages within the site so that I don't lose the session info.

yes you did. But since security.php just redirects after authenticating, I didn't consider it a page.

From the code you posted, I can't tell what your problem is.
Where are $num and $activated coming from. Where do they get set?
What happens if this if statement fails?

if ($num != 0 && $activated == "Y")

you need some error checking to make sure your conditional variables are actually being set.

keith

baffled_in_UK

The rest of the code is irrelevant. The statements shown are being "hit" but the session variable login is not passing it's value back. That's the problem.

keith73

Originally posted by baffled_in_UK
The rest of the code is irrelevant. The statements shown are being "hit" but the session variable login is not passing it's value back. That's the problem.

9 times out of 10, that isn't the problem. Your if statement is only going to work if $num is not 0 and $activated is Y. If those 2 conditions aren't met, then _SESSION[login] will not get set to 1.

Have you verified what the values of $num and $activated are before entering that if statement?

No piece of code is ever irrelevant. ESPECIALLY when you have a conditional statement that depends on variables that must be set BEFORE the if.

that if statement is obviously failing and without some error checking, you won't know why and I nor anyone else here can tell you why.

need input

keith