Barry,

session_start(); will not wipe clean the user's session so there is something else going on.


Does the login.html authentication script correctly set $_SESSION['username'] ?

Also, it has been my experience that code like isset($_SESSION['username']) is better if you replace it with array_key_exists('username',$_SESSION)

Thanks,
   --Dustin
Barry Zimmerman wrote:
I have a problem with my system, not sure how I can fix this one. A user has
a log in page and takes them to different pages, now each of these pages has
a check to make sure they are logged in with the following code:

session_start();
if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) {
header ("Location: login.html");
exit;
}

So if they are not logged in it redirects them to the log in page. No
problems there.

Now if a user is not logged in and comes back to that page, it starts the
session so giving them a session id and redirects them back to thge login
page. The problem I have is I do NOT want the session to start, I need them
to hit the log in page with no sessions there. I have tried all sorts but
just cannot get this to work.

I have tried adding this to the code.

session_start();
if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) {
*session_destroy();*
header ("Location: login.html");
exit;
}

But that did not work? Please I am stuck for ideas?



--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to