logging with sessions

dv6cougar

ok i know there's another thread about this here already, however, this is a much different question

i have written a login script and it does work for the most part however, my session_id() isnt' being produced.... i have no idea why, it catches the session_name() just fine but not the id.. ehre's that portion of the script

function checkLoggedIn($status) {
	switch($status) {
		//if yes, make sure that the user is logged in
		case "yes":
			if(!$_SESSION['session']['loggedIn']) {
				header("Location: index.php");

			exit;
	}
	break;

	//if no check that the user isn't logged in
	case "no":
		if($_SESSION['session']['loggedIn']) {
		//set a varible for session name and id

			header("Location: member.php?".session_name()."=".session_id());
		}
		break;
	}
	//now all is good so return true
	return true;

} // end function check status

another problem is that when I call the function back checkLoggedIn("yes"); in the member.php page it still goes back to index.php, like runs a loop on me, so i'm thinking since it works without the checkLoggedIn("yes"); that my session isn't being produced correctly... here's the session portions of my script

function checkMemSession($login, $pass) {
	$_SESSION['session']['login']=$login;
	$_SESSION['session']['password']=$pass;
	$_SESSION['session']['loggedIn']=true;
}//end function checkMemSession

function flushSession() {
	unset($_SESSION['session']);
	//has been uset so destroy it
		session_destroy();

	return true;
}// end function flushSession

how come my session doesnt' seem to be working out right? i've compared it to other scripts that i've seen and ti seems to look pretty much the same to me, any ideas?

thanks alot

😃

ereptur

Just want to make sure, since your post didn't have it listed... are you using a session_start() at the top of each page that needs to access the session variables?

dv6cougar

actually no i'm not, but i've used a free login script in the past that i found on some website and it doesn't either......

i kind of thought of that myself, but i wasnt' sure as the ohter one works fine....

i'll try adding that though

any other thoughts?

ereptur

That should be it. According to the PHP Manual you MUST include session_start at the top of any page that needs access to the session variables. session_start doesn't only start sessions, but if it finds that the session id the client is sending to the script matches an existing session cookie on the web server then it will continue that session as well.

dv6cougar

woo hoo, there we go, that was it 🙂

thanks alot for your help!

also, a second question now 🙂

if i was to log the session in the database, i would insert the ifno i want via an insert into query, however, i would wanna add teh user name and such with it

so could I just do $_SESSION['session']['login'];

to insert who logged in?

thanks again 🙂

ereptur

yep, the logging system I designed uses the following bit of code:

$user = $_SESSION['user'];
$session = session_id();
$query = "INSERT INTO logpages VALUES (NULL,'$user','$sessin',NOW())";

and the structure of my table is
[log_entry_id,username,session_id,datetime]
in this way I can keep another table that records every page the user visits using the session id as a cross reference and show every page that a user visited on a per session basis.

ereptur

Thought I might add, that using multi-dimential arrays for your sessions like you are doing will find as well. No modification necessary.

dv6cougar

awesome, i just wanna be able to track it down if it ever becomes a problem..... best way i could think of was storing the info in the database.

your insert NOW() into hte database.... how does that work?

i mean i know it would be now as in time/date but how does it get inserted?

usually i use the function date(); and just run my info into the databse ona varchar....

thanks again!

ereptur

NOW() in MySQL returns the international standard date format
e.g. 2003-05-23 21:29:23
I found it useful and more efficient to have the database do as much date caculation as possible. It seems to be faster at it and of course you can use DATE_SUB, DATE_FORMAT, and similar functions to manipulate dates since PHP lacks many of these.

dv6cougar

hmm i tried to print out NOW(); with no luck.... -- scratch that, i cant' print out anything from msyql haha, i didnt' read what you said thoroughly, my fault

anyway, now i got my sessiont o insert, and the time i did works fine with me

however! now my logout.php page isn't redirecting to index.php as i'm telling it to.... it worked ebfore i did the update query, and the update DOES go through, but after running the page i get this page cannot be displayed or wahtever..?

here's my script any clues?

<?
require("./actions.inc");
session_start();
	//set our variables to recognize and insert the time :)
	$session = session_id();
	$date = date("n-j-Y/h:i-A");
	mysql_query("UPDATE mem_session SET time_out='$date' WHERE session_id='$session'");


checkLoggedIn("yes");
flushSession();
header("Location: index.php");
?>

ereptur

Usually you don't want to start a session in the same script that you destroy it although theoretically it would work fine. Is there a reason that you are doing this? As for the redirection, I don't know any reason that this should fail. It should work without any problems.

dv6cougar

well without the session_start(); the script wasn't running for me at all....

i see your point though, what would be a better way of doing so?

and i'll play with the header();

that's odd stuff!

thanks alot btw, you've been a big help 🙂

dv6cougar

hmm well now login wont' header(); either.. that's odd!

it's inserting the info, but ti's incorrect 🙁

ereptur

The information is incorrect in the database?

As for using logout code with sessions, I guess you would actually have to issue a session_start in order to have to be able to destory the proper session.

My logout code is quite simple

session_start();
session_unset();
setcookie(session_name());
$_SESSION = array();
session_destroy();
header("Location: index.php");

As you can see, I don't do any logging in the database for logouts. The reason for this is that I've found about 90% of my users never actually logout, they just close the browser which destroys the session fine, so it seems a waste to spend time writing the code to do something that won't be used 90% of the time.

Make sure that the file this function exists in exists in the same directory as the index.php file. It could be trying to find a file in the directory it is in and can't find it. That's why I usually use
header("Location: /"); to get back to the document root.

Or else I will create a $CONFIG variable which is an associative array that hold many site configuration content and have $CONFIG['docroot'] set as a "/" or whatever url folder the software exists in. Then you can call your header with that variable rather than a hard-coded value.

dv6cougar

yes... i have used that before $DOCUMENT_ROOT i belive i used though... something like that

i should be good to go! thanks 🙂

ereptur

glad I could help