Posted by Jonno on 04/25/07 12:14

Hi

I am having a problem with session vars being propagated between pages
on this site:
http://www.meettheancestors.com/sessiontest/index.php
If you enter any user id and password and click Log In (no actual
validation is performed), and then move around the other pages and/or
keep refreshing the pages it will eventually display something that is
incorrect i.e. saying your logged in when you aren't or vice versa.
The exact same code here http://ccgi.gnosis.free-online.co.uk/index.php
works fine implying a problem with the first PHP installation.
Here is the code for the 3 files:
=========== index.php =============
<?php
session_start();
if (isset($_POST['userid']) && isset($_POST['password'])) {
// if the user has just tried to log in
$userid = $_POST['userid'];
$password = $_POST['password'];
//assume valid login so set session var
$_SESSION['loggedinusername'] = $userid;
}
?>
<html>
<body>
<h1>Home page</h1>
<?
if (isset($_SESSION['loggedinusername'])) {
echo 'You are logged in as: '.$_SESSION['loggedinusername'].' <br /
>';
echo '<a href="logout.php">Log out</a><br />';
} else {
if (isset($userid)) {
// if they've tried and failed to log in
echo 'Could not log you in.<br />';
} else {
// they have not tried to log in yet or have logged out
echo 'You are not logged in.<br />';
}

// provide form to log in
echo '<form method="post" action="index.php">';
echo '<table>';
echo '<tr><td>Userid:</td>';
echo '<td><input type="text" name="userid"></td></tr>';
echo '<tr><td>Password:</td>';
echo '<td><input type="password" name="password"></td></tr>';
echo '<tr><td colspan="2" align="center">';
echo '<input type="submit" value="Log in"></td></tr>';
echo '</table></form>';
}
?>
<br />
<a href="members_only.php">Members section</a>
</body>
</html>

=========== members_only.php =============
<?php
session_start();
echo '<h1>Members only</h1>';
// check session variable
if (isset($_SESSION['loggedinusername'])) {
echo '<p>You are logged in as '.$_SESSION['loggedinusername'].'</
p>';
echo '<p>Members only content goes here</p>';
} else {
echo '<p>You are not logged in.</p>';
echo '<p>Only logged in members may see this page.</p>';
}

echo '<a href="index.php">Back to main page</a>';
?>

=========== logout.php =============
<?php
session_start();
// store to test if they *were* logged in
$old_user = $_SESSION['loggedinusername'];
unset($_SESSION['loggedinusername']);
session_destroy();
?>
<html>
<body>
<h1>Log out</h1>
<?php
if (!empty($old_user)) {
echo 'Logged out.<br />';
} else {
// if they weren't logged in but came to this page somehow
echo 'You were not logged in, and so have not been logged out.<br /
>';
}
?>
<a href="index.php">Back to main page</a>
</body>
</html>
========================================

Am I doing something wrong or is there a problem or config issue with
the PHP server at http://www.meettheancestors.com/phpinfo.php (which I
have no control over).

Any help greatly appreciated.

Jonathan Attree

• Next in forum: Can't post message
• Prev in forum: Re: user input?
• Thread view: Session variable problem

[Reply to this message]