|
|
Posted by Gordon Burditt on 04/16/07 22:44
>When a user logs in to my site http://iwantyourquestion.com I set
>$_SESSION['loggedin'] to true if his username and password are OK.
>When he calls a page I check if $_SESSION['loggedin'] is true. If it
>not I ask him to log in.
>
>Every page has at the start:
>
>session_start();
>ob_start();
You forgot the part that begins <?php and *DOES NOT* have a DOCTYPE
line or any white space before it.
>A user just told me that he was asked to log in again after he entered
>his username and password. If they were incorrect he would be sent
>back to the login page, but that was not what happened. He was asked
>to log in again.
This is believable if he started a new session, which could happen a
number of ways:
- The user's browser doesn't accept cookies.
- The user cleared cookies.
- The user exited and restarted the browser, and your page uses
session cookies.
- The cookie expired. I'm not sure what your expire time is, but maybe
the user stayed logged in over a long lunch or weekend?.
- One of your pages forgot the session_start() call.
>The only reason I can think of is that $_SESSION['loggedin'] was not
>stored correctly. But why not?
Losing the session cookie is a major possibility. So also is running
out of disk space to store session data in.
>When he tried to log in a second time everything worked fine. He was
>allowed in.
>
>Has anyone else experienced this and know why it happens?
>
>Regards,
>
>Jan Nordgreen
>
Navigation:
[Reply to this message]
|