can't clear SESSION

jarow

Have a login that once that username and password are authenticated, user is redirected to the appropriate page depending on their area of expertise.

Here's the problem. If I try to login several different people on my computer over a period of a few minutes each is authenticated appropriately but they are ALL redirected to the page that corresponded to the first person I logged in.

I am relatively new to PHP and sessions but did try to do a session_destroy but it had no affect. I think it may have something to do with the header (location line. Any help would be greatly appreciated.

// *** Start the session
session_start();
// *** Validate request to log in to this site.
$FF_LoginAction = $HTTP_SERVER_VARS['PHP_SELF'];
if (isset($HTTP_SERVER_VARS['QUERY_STRING']) && $HTTP_SERVER_VARS['QUERY_STRING']!="") $FF_LoginAction .= "?".$HTTP_SERVER_VARS['QUERY_STRING'];
if (isset($HTTP_POST_VARS['username'])) {
  $FF_valUsername=$HTTP_POST_VARS['username'];
  $FF_valPassword=$HTTP_POST_VARS['password'];
  $FF_fldUserAuthorization="";
  $FF_redirectLoginFailed="error.php";
  $FF_rsUser_Source="SELECT username, password, urlredirect ";
  if ($FF_fldUserAuthorization != "") $FF_rsUser_Source .= "," . $FF_fldUserAuthorization;
  $FF_rsUser_Source .= " FROM users WHERE username='" . $FF_valUsername . "' AND password='" . $FF_valPassword . "'";
  mysql_select_db($database_connlogin, $connlogin);
  $FF_rsUser=mysql_query($FF_rsUser_Source, $connlogin) or die(mysql_error());
  $row_FF_rsUser = mysql_fetch_assoc($FF_rsUser);
  if(mysql_num_rows($FF_rsUser) > 0) {
    // username and password match - this is a valid user
    $MM_Username=$FF_valUsername;
    session_register("MM_Username");
	$_SESSION['svURL']= $_POST['urlredirect'];
    if ($FF_fldUserAuthorization != "") {
      $MM_UserAuthorization=$row_FF_rsUser[$FF_fldUserAuthorization];
    } else {
      $MM_UserAuthorization="";
    }
    session_register("MM_UserAuthorization");
    if (isset($accessdenied) && false) {
      $FF_redirectLoginSuccess = $accessdenied;
    }
    mysql_free_result($FF_rsUser);
    session_register("FF_login_failed");
	$FF_login_failed = false;
    header ("Location: [url]http://localhost/register/[/url]" . $HTTP_SESSION_VARS['svURL']); 
    exit;
  }

blindeddie

try changing the header to this...

header ('Location: [url]http://localhost/register/[/url] ' . $HTTP_SESSION_VARS['svURL']);

that should do it, you had way to much stuff in the header statement that may have been causing the misdirection

blindeddie

sorry, pasted the wrong thing in:

header ('Location: http://localhost/register/ ' . $HTTP_SESSION_VARS['svURL']);

paul088

Destroy and unset an existing session before you start a new session to validate a user.