I am using sessions to handle a simple user database for a website. My login process has been working wonderfully. Now I've decided to include a way to let the user know when they failed to put in the correct information. Here is my logic process:
- User puts in their un/pw and clicks submit. This takes them to authentication.php
- authenticaiton.php hashes the pw and compares it to the database values
- if authentication.php does not find a match in the database it sets $_SESSION['pwFaill'] = true;
- The document header location is set to the previous page
- If the returning php page finds that $_SESSION['pwFail'] == true, it will echo a message "incorrect username/password".
This works great. However, $_SESSION['pwFail'] is still true. This means the user would get this message again and again.
So, after the echo statement, I set $_SESSION['pwFail'] = false. Now, I type in a bogus username/password and click submit. No message is given. I comment out that last statement, and it works again.
I can only assume that PHP is not running through my document correctly.
