i think i dug myself into a grave

bakaneko

Ok,

I am having trouble with sessions and after multiple post and not being able to get it to work i am using hidden post to validate and authenticate members. I must also add that part of the sessions still works that is i get the same session id on each page. but, i use hidden post to send the id number between pages to validate the info.

now, that all works but now how do i log out? i can close the broswer of course that always works but without closing the browser if i hit logout and destroy the session. if i go back to a previous member page and resubmit the form information i am logged back in again?

any suggestions.... i can post code if you want me to.

thx

bakaneko

dalecosp

{Aside} I'd think that using hidden POST fields would not be the most secure way of doing this.... {/aside}

originally posted by bakaneko
if i go back to a previous member page and resubmit the form information i am logged back in again?

Can you explain exactly what you mean?

If you mean --- if I log out, then go to a login page and log in, am I logged in? ... the answer is 'of course you are.'

If you mean --- if I log out, then go to a page in the browser's history and submit information to the webserver, will it accept it?
... the answer is 'I don't think so, but I've never tried.' (Logically, if the session was destroyed, you'd not have the "logged in" variable, so you shouldn't be able to access that page if the "login check" is done correctly...)

If you mean something else, it's beyond my capacity to understand based on what you have written thus far... 🙂

bakaneko

haha... it isnt beyond your comprehension 🙂
it is beyond my abilities to adequetely explain it 🙁

well what i mean is since everything is in forms, when you hit the back button it ask if you want to resubmit the information. well, once i end the session i dont want to be able to do that. cuz if i did, then i would be in the member section.

right now, the only way to clear the form data from the browser is to close the browser and start it again. that is gonna be hectic for the user. so i want to know is there a way to end the session and clear all the form data? or should i just try the session idea again... 😕

dalecosp

Well, I may be of little help.

About the only analogous situation I have is a shopping site; after the order is submitted, I call session_destroy().

Each of the "sensitive" pages - "checkout.php", "process.php", etc. has code that insures that if a user accesses the page with an empty cart, he's sent to the shopping cart page, which will tell him that the cart is empty.

if (!$_SESSION['cart']) {
   header("Location: cart.php");

I did find this: http://www.web-caching.com/forums/Forum1/HTML/000208.html

bakaneko

see that is the problem for some reason my $_SESSION or session_register wont work...🙁