Re: [PHP] Session destruction problem
On Sat, Feb 23, 2008 at 10:49 PM, Adil Drissi [EMAIL PROTECTED] wrote:
Hi,
I made an error i was using
unset($_SESSION[sessioname]) instead of
unset($_SESSION). I'm sorry, but anyway, now i want to
give another detail. All the time i was testing with
opera. After testing in firefox and ie there is no
problem with the code i posted.
It sounds to me as though your installation of Opera is not
properly respecting the headers sent by the server to destroy the
session cookies. Maybe checking Google for `opera cookie retention`
or `opera session problems` would help. Looks to me as though you're
certainly not the only one to find that Opera doesn't handle cookies
and sessions as well as expected, or as well as Firefox/SeaMonkey and
(*gasp!*) Micro$oft Internet Exploder.
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session destruction problem
Adil Drissi wrote: Hi, I made an error i was using unset($_SESSION[sessioname]) instead of unset($_SESSION). I'm sorry, but anyway, now i want to give another detail. All the time i was testing with opera. After testing in firefox and ie there is no problem with the code i posted. Yes, that was the suggestion six days ago ;-) -Shawn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session destruction problem
Hi,
I made an error i was using
unset($_SESSION[sessioname]) instead of
unset($_SESSION). I'm sorry, but anyway, now i want to
give another detail. All the time i was testing with
opera. After testing in firefox and ie there is no
problem with the code i posted.
Thank you very much for your help
--- Adil Drissi [EMAIL PROTECTED] wrote:
Hi,
Below you'll find my code. I think now that the
problem is in my algorithm, because the is created
anytime the page is refreshed. But i don't know how
to
check if the client was logged out or it is a real
new
connexion to the page. As you will see one can click
on logout, then press the back button of the
browser,
and then refresh the page, but he is still
connected.
I would like to help me fixe that. Here is the code:
---index.php--
//the first page where the user enters his login and
password
!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0
Transitional//EN
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;
html xmlns=http://www.w3.org/1999/xhtml;
head
meta http-equiv=Content-Type content=text/html;
charset=utf-8 /
link rel=stylesheet type=text/css
href=../styles/style.css media=screen /
titleLogin page/title
/head
body
form name = manage action = manage.php
method=post
div style = padding-top: 40px; padding-bottom:
40px;height = 100%;
centertable width = 100% cellspacing=10
trtd width = 50% align = rightLogin/tdtd
width = 50% align = leftinput type=text
name=login //td/tr
trtd width = 50% align =
rightPassword/tdtd
width = 50% align = leftinput type=password
name=password //td/tr
/table
input type=submit name=connect value =
Connect/
br/br/br/
/center
/form
/body
/html
- manage.php
//where the form posts data and here is where the
session is created
?php
session_start();
$sessionid = session_id();
$referer = @$HTTP_REFERER;
if (isset($_REQUEST['connect'])){
$passwd = addslashes($_POST['password']);
$login = addslashes($_POST['login']);
require_once ../../../includes/connexion.php;
$sql = mysql_query(SELECT * FROM user WHERE login
='.$login.' and password = '.$passwd.') or
die(Incorrect username or password.);
$result = mysql_fetch_array($sql);
if (($result[0] != null)) {
$_SESSION['sessioname'] = $_POST['login'];
}
else Header (Location: ./index.php);
mysql_close();
}
else if(!isset($_SESSION['sessioname'])) {
Header (Location: ./index.php);
}
?
!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0
Transitional//EN
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;
html xmlns=http://www.w3.org/1999/xhtml;
head
meta http-equiv=Content-Type content=text/html;
charset=utf-8 /
/head
body
?php
if(isset( $_SESSION['sessioname'])) {
echo $_SESSION['sessioname'] ;
echo , . session_id();
echo , a href = 'logout.php'Log Out/a
nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;;
}
else echo a href = 'index.php'Login/a
nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;;
?
/body
/html
logout.php --
?php
session_start();
unset($_SESSION[sessioname]);
$_SESSION = array();
session_destroy();
header(location: index.php);
?
--- Richard Lynch [EMAIL PROTECTED] wrote:
On Sat, February 16, 2008 2:31 pm, Adil Drissi
wrote:
I need help with sessions.
I have a simple authentification relying only on
sessions (i don't use cookies).
Do you mean that you are also using the
no_cookie
setting in PHP and
using the URL to pass around the session ID?
Or jut that you don't use extra cookies on top
of
the one PHP uses
by default?
After the user submits
his username and password, the script checks if
that
corresponds to a record in a mysql table. If
this
is
the case $_SESSION['sessioname'] =
$_POST['login'];.
the $_SESSION['sessioname'] is checked in
subsequent
pages to see if the user is connected or not.
The problem is after the user logs out, and
after
that
uses the previous button of the browser he
becomes
connected. How can i prevent this please.
If the URL has the old session ID, and you aren't
destroying it
completely somehow, then they'll be logged in once
they go back to the
URL with the session ID.
?php
session_start();
unset($_SESSION[sessioname]);
session_destroy();
header(location: index.php);
?
If you want to destroy the session completely,
use:
$_SESSION = array();
to wipe out ALL the session data.
Also, on *some* browsers, sending the cookies
session_start (if you
are using cookies) and the Location: header with
an
INCOMPLETE URL
means the browser will screw up.
Use the COMPLETE URL in your header(Location)
And use a capital L in Location, as well, to be
totally kosher, I
think.
--
Some people have a gift link here.
Know what
Re: [PHP] Session destruction problem
Adil Drissi wrote: thank you tedd, I understood what you explained to me last time. I was wondering if there is another method to prevent that. Thanks --- tedd [EMAIL PROTECTED] wrote: At 2:45 PM -0800 2/19/08, Adil Drissi wrote: Hi, Below you'll find my code. I think now that the problem is in my algorithm, because the is created anytime the page is refreshed. But i don't know how to check if the client was logged out or it is a real new connexion to the page. As you will see one can click on logout, then press the back button of the browser, and then refresh the page, but he is still connected. I would like to help me fixe that. Here is the code: You received an answer, but fail to understand. Unless you use javascript to manipulate the browser's history you are going to continue to have problems with the user browser's back button. But, explain why the user using the back button is a problem. If he logs in, he's in. If he logs out, he's out. If he hits the back button after logging out and cancels his log out -- so what? What problems does that present? Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs apologies, I completely forgot that your using session_destroy ammend to.. ?php session_start(); session_destroy(); unset($_SESSION); session_write_close(); sleep(1); header(location: /index.php); ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session destruction problem
Adil Drissi wrote: thank you tedd, I understood what you explained to me last time. I was wondering if there is another method to prevent that. Thanks --- tedd [EMAIL PROTECTED] wrote: At 2:45 PM -0800 2/19/08, Adil Drissi wrote: Hi, Below you'll find my code. I think now that the problem is in my algorithm, because the is created anytime the page is refreshed. But i don't know how to check if the client was logged out or it is a real new connexion to the page. As you will see one can click on logout, then press the back button of the browser, and then refresh the page, but he is still connected. I would like to help me fixe that. Here is the code: You received an answer, but fail to understand. Unless you use javascript to manipulate the browser's history you are going to continue to have problems with the user browser's back button. But, explain why the user using the back button is a problem. If he logs in, he's in. If he logs out, he's out. If he hits the back button after logging out and cancels his log out -- so what? What problems does that present? Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs Looks like your on an old 4.x version of php; try the following. ?php session_start(); unset($_SESSION[sessioname]); session_destroy(); session_write_close(); sleep(1); header(location: index.php); ? Regards Nathan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session destruction problem
At 10:47 AM + 2/21/08, Nathan Rixham wrote: apologies, I completely forgot that your using session_destroy ammend to.. ?php session_start(); session_destroy(); unset($_SESSION); session_write_close(); sleep(1); header(location: /index.php); ? Nathan: I don't think it's that simple. For example, go here: http://www.webbytedd.com//destroy-sessions/index.php Login using anything. Log out. Click the browser back button. I think this is what the OP was talking about. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session destruction problem
At 2:45 PM -0800 2/19/08, Adil Drissi wrote: Hi, Below you'll find my code. I think now that the problem is in my algorithm, because the is created anytime the page is refreshed. But i don't know how to check if the client was logged out or it is a real new connexion to the page. As you will see one can click on logout, then press the back button of the browser, and then refresh the page, but he is still connected. I would like to help me fixe that. Here is the code: You received an answer, but fail to understand. Unless you use javascript to manipulate the browser's history you are going to continue to have problems with the user browser's back button. But, explain why the user using the back button is a problem. If he logs in, he's in. If he logs out, he's out. If he hits the back button after logging out and cancels his log out -- so what? What problems does that present? Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session destruction problem
thank you tedd, I understood what you explained to me last time. I was wondering if there is another method to prevent that. Thanks --- tedd [EMAIL PROTECTED] wrote: At 2:45 PM -0800 2/19/08, Adil Drissi wrote: Hi, Below you'll find my code. I think now that the problem is in my algorithm, because the is created anytime the page is refreshed. But i don't know how to check if the client was logged out or it is a real new connexion to the page. As you will see one can click on logout, then press the back button of the browser, and then refresh the page, but he is still connected. I would like to help me fixe that. Here is the code: You received an answer, but fail to understand. Unless you use javascript to manipulate the browser's history you are going to continue to have problems with the user browser's back button. But, explain why the user using the back button is a problem. If he logs in, he's in. If he logs out, he's out. If he hits the back button after logging out and cancels his log out -- so what? What problems does that present? Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session destruction problem
Hi,
Below you'll find my code. I think now that the
problem is in my algorithm, because the is created
anytime the page is refreshed. But i don't know how to
check if the client was logged out or it is a real new
connexion to the page. As you will see one can click
on logout, then press the back button of the browser,
and then refresh the page, but he is still connected.
I would like to help me fixe that. Here is the code:
---index.php--
//the first page where the user enters his login and
password
!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0
Transitional//EN
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;
html xmlns=http://www.w3.org/1999/xhtml;
head
meta http-equiv=Content-Type content=text/html;
charset=utf-8 /
link rel=stylesheet type=text/css
href=../styles/style.css media=screen /
titleLogin page/title
/head
body
form name = manage action = manage.php
method=post
div style = padding-top: 40px; padding-bottom:
40px;height = 100%;
centertable width = 100% cellspacing=10
trtd width = 50% align = rightLogin/tdtd
width = 50% align = leftinput type=text
name=login //td/tr
trtd width = 50% align = rightPassword/tdtd
width = 50% align = leftinput type=password
name=password //td/tr
/table
input type=submit name=connect value =
Connect/
br/br/br/
/center
/form
/body
/html
- manage.php
//where the form posts data and here is where the
session is created
?php
session_start();
$sessionid = session_id();
$referer = @$HTTP_REFERER;
if (isset($_REQUEST['connect'])){
$passwd = addslashes($_POST['password']);
$login = addslashes($_POST['login']);
require_once ../../../includes/connexion.php;
$sql = mysql_query(SELECT * FROM user WHERE login
='.$login.' and password = '.$passwd.') or
die(Incorrect username or password.);
$result = mysql_fetch_array($sql);
if (($result[0] != null)) {
$_SESSION['sessioname'] = $_POST['login'];
}
else Header (Location: ./index.php);
mysql_close();
}
else if(!isset($_SESSION['sessioname'])) {
Header (Location: ./index.php);
}
?
!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0
Transitional//EN
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;
html xmlns=http://www.w3.org/1999/xhtml;
head
meta http-equiv=Content-Type content=text/html;
charset=utf-8 /
/head
body
?php
if(isset( $_SESSION['sessioname'])) {
echo $_SESSION['sessioname'] ;
echo , . session_id();
echo , a href = 'logout.php'Log Out/a
nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;;
}
else echo a href = 'index.php'Login/a
nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;;
?
/body
/html
logout.php --
?php
session_start();
unset($_SESSION[sessioname]);
$_SESSION = array();
session_destroy();
header(location: index.php);
?
--- Richard Lynch [EMAIL PROTECTED] wrote:
On Sat, February 16, 2008 2:31 pm, Adil Drissi
wrote:
I need help with sessions.
I have a simple authentification relying only on
sessions (i don't use cookies).
Do you mean that you are also using the no_cookie
setting in PHP and
using the URL to pass around the session ID?
Or jut that you don't use extra cookies on top of
the one PHP uses
by default?
After the user submits
his username and password, the script checks if
that
corresponds to a record in a mysql table. If this
is
the case $_SESSION['sessioname'] =
$_POST['login'];.
the $_SESSION['sessioname'] is checked in
subsequent
pages to see if the user is connected or not.
The problem is after the user logs out, and after
that
uses the previous button of the browser he becomes
connected. How can i prevent this please.
If the URL has the old session ID, and you aren't
destroying it
completely somehow, then they'll be logged in once
they go back to the
URL with the session ID.
?php
session_start();
unset($_SESSION[sessioname]);
session_destroy();
header(location: index.php);
?
If you want to destroy the session completely, use:
$_SESSION = array();
to wipe out ALL the session data.
Also, on *some* browsers, sending the cookies
session_start (if you
are using cookies) and the Location: header with an
INCOMPLETE URL
means the browser will screw up.
Use the COMPLETE URL in your header(Location)
And use a capital L in Location, as well, to be
totally kosher, I
think.
--
Some people have a gift link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now.
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
--
PHP General Mailing List
Re: [PHP] Session destruction problem
On Sat, February 16, 2008 2:31 pm, Adil Drissi wrote: I need help with sessions. I have a simple authentification relying only on sessions (i don't use cookies). Do you mean that you are also using the no_cookie setting in PHP and using the URL to pass around the session ID? Or jut that you don't use extra cookies on top of the one PHP uses by default? After the user submits his username and password, the script checks if that corresponds to a record in a mysql table. If this is the case $_SESSION['sessioname'] = $_POST['login'];. the $_SESSION['sessioname'] is checked in subsequent pages to see if the user is connected or not. The problem is after the user logs out, and after that uses the previous button of the browser he becomes connected. How can i prevent this please. If the URL has the old session ID, and you aren't destroying it completely somehow, then they'll be logged in once they go back to the URL with the session ID. ?php session_start(); unset($_SESSION[sessioname]); session_destroy(); header(location: index.php); ? If you want to destroy the session completely, use: $_SESSION = array(); to wipe out ALL the session data. Also, on *some* browsers, sending the cookies session_start (if you are using cookies) and the Location: header with an INCOMPLETE URL means the browser will screw up. Use the COMPLETE URL in your header(Location) And use a capital L in Location, as well, to be totally kosher, I think. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session destruction problem
Adil Drissi wrote: Hi everybody, I need help with sessions. I have a simple authentification relying only on sessions (i don't use cookies). After the user submits his username and password, the script checks if that corresponds to a record in a mysql table. If this is the case $_SESSION['sessioname'] = $_POST['login'];. the $_SESSION['sessioname'] is checked in subsequent pages to see if the user is connected or not. The problem is after the user logs out, and after that uses the previous button of the browser he becomes connected. How can i prevent this please. Here is my logout.php: ?php session_start(); unset($_SESSION[sessioname]); session_destroy(); header(location: index.php); ? Thank you for advance Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping Is your session being set in any other place but your login page? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session destruction problem
Is your session being set in any other place but your login page? No, just in the page just to which the form of login and password points. Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session destruction problem
On Feb 16, 2008 3:31 PM, Adil Drissi [EMAIL PROTECTED] wrote:
Hi everybody,
I need help with sessions.
I have a simple authentification relying only on
sessions (i don't use cookies).
Just to let you know, if you're using sessions, you're using
cookies. You're not setting the data in the client-side cookie, but a
cookie is still installed on the system containing the PHPSESSID.
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session destruction problem
Hi,
I suppose this can be used to solve the problem i
posted. Can you please tell me how, or send a link to
ressource explaining that?
Thanks
--- Daniel Brown [EMAIL PROTECTED] wrote:
On Feb 16, 2008 3:31 PM, Adil Drissi
[EMAIL PROTECTED] wrote:
Hi everybody,
I need help with sessions.
I have a simple authentification relying only on
sessions (i don't use cookies).
Just to let you know, if you're using sessions,
you're using
cookies. You're not setting the data in the
client-side cookie, but a
cookie is still installed on the system containing
the PHPSESSID.
--
/Dan
Daniel P. Brown
Senior Unix Geek
? while(1) { $me = $mind--; sleep(86400); } ?
Looking for last minute shopping deals?
Find them fast with Yahoo! Search.
http://tools.search.yahoo.com/newsearch/category.php?category=shopping
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session destruction problem
At 12:31 PM -0800 2/16/08, Adil Drissi wrote: Hi everybody, I need help with sessions. I have a simple authentification relying only on sessions (i don't use cookies). After the user submits his username and password, the script checks if that corresponds to a record in a mysql table. If this is the case $_SESSION['sessioname'] = $_POST['login'];. the $_SESSION['sessioname'] is checked in subsequent pages to see if the user is connected or not. The problem is after the user logs out, and after that uses the previous button of the browser he becomes connected. How can i prevent this please. Here is my logout.php: ?php session_start(); unset($_SESSION[sessioname]); session_destroy(); header(location: index.php); ? That will destroy the session, but not the browser history. You'll need javascript to alter window history. Google window.history.forward Here's one link that may help: http://www.4guysfromrolla.com/webtech/111500-1.2.shtml Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session destruction problem
Hi, Thanks for the link, it is very interesting, but as the author says, the solutions are not perfect. I'm wondering how yahoo mail for example are doing, or maybe they are using something else (not php)? Thank you --- tedd [EMAIL PROTECTED] wrote: At 12:31 PM -0800 2/16/08, Adil Drissi wrote: Hi everybody, I need help with sessions. I have a simple authentification relying only on sessions (i don't use cookies). After the user submits his username and password, the script checks if that corresponds to a record in a mysql table. If this is the case $_SESSION['sessioname'] = $_POST['login'];. the $_SESSION['sessioname'] is checked in subsequent pages to see if the user is connected or not. The problem is after the user logs out, and after that uses the previous button of the browser he becomes connected. How can i prevent this please. Here is my logout.php: ?php session_start(); unset($_SESSION[sessioname]); session_destroy(); header(location: index.php); ? That will destroy the session, but not the browser history. You'll need javascript to alter window history. Google window.history.forward Here's one link that may help: http://www.4guysfromrolla.com/webtech/111500-1.2.shtml Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session destruction
Original message From: Kristofer Thorssell [EMAIL PROTECTED] Date: Thu, Sep 06, 2001 at 04:56:17PM +0200 Message-ID: [EMAIL PROTECTED] Subject: [PHP] Session destruction ? session_start(); if(session_destroy()) echo You are now logged out; ? is there something wrong with this? because i've seen many comments where people say that you can't have start and destroy in the same script. /Kristofer /Original message Reply I don't know who the h*ll told you that, but session_start() _has_to_be_ in the same script as session_destroy(). Otherwise that d#mn thing doesn't know what to destroy. /Reply -- * RzE: -- -- Renze Munnik -- DataLink BV -- -- E: [EMAIL PROTECTED] -- W: +31 23 5326162 -- F: +31 23 5322144 -- M: +31 6 21811143 -- -- Stationsplein 82 -- 2011 LM HAARLEM -- Netherlands -- -- http://www.datalink.nl -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
