I'm making a login system for a site. On the main page, it checks the session to see if the user is logged in; if not, it redirects them to the login page (login.php) using a "Location: ..." header.
The username/password form on login.php submits back to itself (back to login.php) - then, after verifying the info, the page sets the user as logged in (via the session var) and redirects the broswer to the original page using another Location header.
I didn't explain that very well, so here's an example:
1. user goes to index.php.
2. index.php sees that user is not logged in, redirects to login.php.
3. user enters username/pass in the form on login.php, submits to login.php.
4. login.php now detects the form was submitted, verifies the info, logs the user in, and redirects to index.php.
5. index.php sees that user is logged in, so it displays the normal content. done.
Anyway, this works at first, but after logging in and logging out once, there's a problem: When I try to submit the login form a second time, the browser waits a long time, and finally says the page cannot be displayed. I get no PHP errors.
I think this happens because the browser remembers one or both of the pages as being redirects, so then it gets into an endless loop of them redirecting to each other (even though the PHP pages are written so that this would never really happen).
So it may be a caching problem. Sure enough, after clearing my IE cache, it worked again. So I tried adding some anti-caching headers to both pages, but that didn't seem to help. And that's where I'm stuck now.
Any ideas? I think this is more of a concept issue than a code issue, but it might be helpful to see the code. So tell me if you want me to post it.
I vaguely remember having this problem before on another site. I should go look at how i fixed that. If all else fails, I guess I could replace the automatic redirects with regular links, forcing the user to click through more pages.
Thanks for any help!
-Karl
