Session Basics

neridaj

Hello,

I'm just learning about sessions and want to control access to inner pages of a website i.e., restricting access based on whether or not a user is logged in, and also why my sessions never seem to time out.

something like this, but this always calls display_folders()

if ($username && $passwd)
// they have just tried logging in
{
  try
  {
    display_folder();
    // if they are in the database register the user id
    $_SESSION['valid_user'] = $username;
  }
  catch(Exception $e)
  {
    // unsuccessful login
    do_html_header('Problem:');
    echo 'You could not be logged in. 
          You must be logged in to view this page.';
    do_html_url('login.php', 'Login');
    do_html_footer();
    exit;
  }      

}

Thanks for any insight,

Jason

okram

Hi,

did you call session_start() anywhere in your script before reading form the $_SESSION var ?

-okram

neridaj

Yes, I guess I should have include that.

// include function files for this application
require_once('bookmark_fns.php'); 
session_start();

//create short variable names
$username = isset($_POST['username']);
$passwd = isset($_POST['passwd']);

if ($username && $passwd)
// they have just tried logging in
{
  try
  {
    display_folder();
    // if they are in the database register the user id
    $_SESSION['valid_user'] = $username;
  }
  catch(Exception $e)
  {
    // unsuccessful login
    redirect();
    exit;
  }      

}

kterry

Doesn't session_start() need to be called at the very beginning of the script, before any other code or whitespace?

laserlight

Doesn't session_start() need to be called at the very beginning of the script, before any other code or whitespace?

No, it just needs to be called before output is sent to the browser.

bradgrafelman

Also note that you never store the actual username entered, only the boolean result from [man]isset/man.