Here goes it --- Another SESSION question!!!

lukatchikm

Hi All,

In a nutshell, a user logs in. When they do so, a session username, password, and department are set. This holds true, for those values are reflected and appear in my session text file.

When a user is logged in, they should be able to access all admin. pages hastle-free...Otherwise, they'll be reverted to a login page...

Here's the deal during testing: When I go to log a user out, control is bouncing back to the login page...Really, what's supposed to happen is this: It will check if the session variables have been set. If they have, they will be unset, and the session will be destroyed. But this isn't happening...For some reason out of the unknown, it's not recognizing those session vars. which have been saved in my text file...What's going on here??

My code is as follows. A user is logged in, so those variabels should be available to all session enabled pages...Why is it not accepting those vars. ??? TIA, Mike

<?if ( (session_is_registered('username')) AND (session_is_registered('password')) AND (session_is_registered('department')) ){//start the session 
session_start(); 
// Unset the session variables 
unset($_SESSION['username']); 
unset($_SESSION['password']); 
unset($_SESSION['department']); 
// Destroy the session 
session_destroy();
}

else
{
header ("Location:dhl.htm");
} 

?>

Remember, a user will only be able to see this page if they officially log out of administration. If a user just typed the URL for this page into their browser, I do not want it to set a session...That's why I did not put session_start() as the first thing on the page...

We have to check first if session vars. exist. If they do, start a session, unregister vars, and destroy them.

Thanks for everyone's help!

tsinka

Hi,

you must put session_start() on top of the script since you need to start the session before you can use session_is_registered.

Use isset($_SESSION['variable']) instead of session_is_registered('variable').

Destroy the session with:

<?PHP
$_SESSION = array();
session_destroy();
?>

Thomas

lukatchikm

I understand that session_start() must be at the TOP of every page requiring sessions, but here's the situation...

Users only should be able to see this page if they are logging out of the admin. panel. If I put session_start() on top of the page, and someone manually types the URL into the browser, it will automatically start a session and bounce back to the login page, but not set any variables because there are none to set.

What's supposed to happen is this: When a user logs out, code will check if session variables username, password, and department are set. If they are, they will be unregistered and destroyed. The session will officially be ended.

Otherwise, if a session is not set, control will re-direct the user to the login page so that they CAN start a session.

When I click the link to log the user out, it's automatically getting bounced back to the login page, despite username, pass, and dept. already being set...What's going on??

<?
//start the session 
session_start(); 
if ( (session_is_registered('username')) AND (session_is_registered('password)') AND (session_is_registered('department')) )
{
// Unset the session variables
[unset($_SESSION['username']); 
unset($_SESSION['password']);
unset($_SESSION['department']);

// Destroy the session 
session_destroy(); 
} 

else 
{ 
header ("Location:dhl.htm");
} 
?>

tsinka

Hi,

please post more code (including the one containing the link) by copy'n'pasting it.

I noticed that there are differences in the if statement between your first post and your last post

=> ('password)') instead of ('password'))

Add print_r($_SESSION) after session_start() to see which data is stored in the session.

Just to debug change the script to:

 <? 
//start the session 
session_start();  

print_r($_SESSION);
if ( (session_is_registered('username')) AND (session_is_registered('password)') AND (session_is_registered('department')) ) 
{ 
// Unset the session variables 
[unset($_SESSION['username']);  

unset($_SESSION['password']); 
unset($_SESSION['department']); 

// Destroy the session 
session_destroy();
  die("Session destroyed");  

} else {  

  die("No session data");
}  

?>

Thomas