Posted by Vincent Delporte on 12/10/06 02:23

.... contains POSTDATA. If you resend the data, any action the form
carried out will be repeated"?

I'm only getting started with learning how to use cookies and
sessions to secure a web application, but FireFox keeps showing that
familiar message whenever I hit the page, although I would expect the
form to be only handled by the web client the first time, when the
user logs on:

-----------------------------------
//index.php
<?php

//Already logged on?
if(!isset($HTTP_COOKIE_VARS["PHPSESSID"])){

//First time: Let's check login/passwd
$login = $HTTP_POST_VARS["login"];
$password = $HTTP_POST_VARS["password"];

if(!isset($login) and !isset($password)) {
?>
<form action="<?php echo $PHP_SELF; ?>" method=POST>
Login: <input type="text" name="login"
size="20" value=""><br>
Pass: <input type="password" name="password"
size="10" value=""><br>
<input type="submit" value="OK">
</form>
<?php
} else {
//connect to database, and check login/passwd
//if OK, save PHPSESSID into cookie
session_start();
setcookie("PHPSESSID",session_id());
print "Let's save PHPSESSID";
}
} else {
print "session = ". $PHPSESSID . "<p>";
//Let's read more data from the database
}
?>
-----------------------------------

Am I doing this wrong? I intend this code to be included in every page
of the application so that users can't access any of them without
having been authenticated.

Thank you.

[Back to original message]