PHP Login Script Does Not Hold
Hi Experts,
I am building a small application, but upon successfull login I am trying to store information in $_SESSION. I am managed to replicate the behaviour in the below prototype.
index.php
login.php
result.php
Result Output
However, from login.php, I did store $user in $_SESSION, why it is not storing and outputing it in result.php?
I have another php application that is on the same server that is storing session data, so I dont think it is my server.
Any help will be greatly appreciated.
I am building a small application, but upon successfull login I am trying to store information in $_SESSION. I am managed to replicate the behaviour in the below prototype.
index.php
<?php
if (isset($_SESSION)){
session_destroy();
unset($_SESSION);
}
if (session_start() == FALSE) {
$error = 'Please enable cookies, then refresh this page.'
. '<br><br> This error must be resolved before logging in.';
}
?>
<!DOCTYPE html>
<!--
To change this license header, choose License Headers in Project Properties.
To change this template file, choose Tools | Templates
and open the template in the editor.
-->
<html>
<head>
<meta charset="UTF-8">
<title></title>
</head>
<body>
<a href="login.php">Click Here To Login</a>
</body>
</html>
login.php
<?php
$env['domain'] = '192.168.2.200';
logout(); //destroy previous sessions.
$lifetime = 60 * 60 * 24; // 24h in seconds
session_set_cookie_params($lifetime, '/', $env['domain'], TRUE, FALSE);
session_start();
$user = array();
$user['id'] = 1;
$user['name'] = 'John';
$_SESSION['user'] = $user;
header('Location: result.php');
function logout(){
//Destroy Session
if (isset($_SESSION)){
session_destroy();
unset($_SESSION);
}
//Delete Sess cookie
$name = session_name();
$expire = strtotime('-1 year');
$params = session_get_cookie_params();
$path = $params['path'];
$domain = $params['domain'];
$secure = $params['secure'];
$httponly = $params['httponly'];
setcookie($name, '', $expire, $path, $domain, $secure, $httponly);
}
?>
result.php
<?php
session_start();
print_variable($_SESSION, 'sess');
function print_variable($var, $label, $raw = true){
echo '<br>=========START=========<br>';
echo '<b>' . $label . '</b>';
if ($raw == true) echo '<pre>';
print_r($var);
if ($raw == true) echo '</pre>';
echo '<br>=========END=========<br>';
}
?>
Result Output
=========START=========
sess
Array
(
)
=========END=========
However, from login.php, I did store $user in $_SESSION, why it is not storing and outputing it in result.php?
I have another php application that is on the same server that is storing session data, so I dont think it is my server.
Any help will be greatly appreciated.
Last Comment
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
you only need to do session_start() once.
You can leave the session_destroy in your logout() function.
In your index file, you also seem to be destroying the session - not sure why, but you might want to remove that code.
You can leave the session_destroy in your logout() function.
In your index file, you also seem to be destroying the session - not sure why, but you might want to remove that code.
you only need to do session_start() once.On each page...
You probably need to rewrite much of 'login.php'. The 'logout' procedure needs to follow the example on http://php.net/manual/en/function.session-destroy.php .
I see that you are trying to extend the 'time-out' for the sessions. You might be able to do that on your private server. On shared hosting where there can be 100+ users, the shortest time out always 'wins' because they are all using common code because they are all using common code to run PHP. That is normally the standard 24 minutes / 1440 seconds.
Note that that is for a period of inactivity. A user who is continuously active can stay logged in indefinitely. At least until the server is rebooted. Most of the hosting companies I use reboot the servers every day between 3AM and 5AM.
I see that you are trying to extend the 'time-out' for the sessions. You might be able to do that on your private server. On shared hosting where there can be 100+ users, the shortest time out always 'wins' because they are all using common code because they are all using common code to run PHP. That is normally the standard 24 minutes / 1440 seconds.
Note that that is for a period of inactivity. A user who is continuously active can stay logged in indefinitely. At least until the server is rebooted. Most of the hosting companies I use reboot the servers every day between 3AM and 5AM.
"On each page..."
Oops, yeah. Sorry, wasn't really thinking about how that might be interpreted. :)
Oops, yeah. Sorry, wasn't really thinking about how that might be interpreted. :)
ASKER
Thank you both!
You're welcome!
PHP
PHP is a widely-used server-side scripting language especially suited for web development, powering tens of millions of sites from Facebook to personal WordPress blogs. PHP is often paired with the MySQL relational database, but includes support for most other mainstream databases. By utilizing different Server APIs, PHP can work on many different web servers as a server-side scripting language.
125K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
ASKER
Open in new window
From my original code, do I still keep lines 8, 23, etc...?