Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 5 of 5

Thread: Naming Session

  1. #1
    Senior Member DesignBox's Avatar
    Join Date
    Apr 2004
    Posts
    340
    Member #
    5659
    I have a section on a website for members only to access where I have created a username and password with sessions and it works fine:

    At the beginning of my php file i have this:
    PHP Code:
    <?php
    session_start
    ();
    //if session isnt registered then redirect
    if(!isset($_SESSION['authorized'])) {
    // do a redirect back to homepage;
    }
    else {
    //if session is registered continue with members area code...;

    ?>
    Then further down i have this:

    PHP Code:
    <?php
        
    //Process login
        
    if (isset($_POST['username'])) {
        
    //Check Credentials
        
    if ($_POST['username'] == 'xxxx and
        $_POST['
    password'] == 'xxxx') {
        $_SESSION['
    authorized'] = TRUE;
        }
        }
        //Check login
        if (isset($_SESSION['
    authorized'])) {
        //Display Secure information
        ?>
    However in this section I also have another section called Board of Directors that has a different user name and password to the member section that not everyone should be able to access. So I tried naming the session as follows:

    PHP Code:
    <?php
    session_start
    ('board');
    //if session isnt registered then redirect
    if(!isset($_SESSION['board'])) {
    // do a redirect back to homepage;
    }
    else {
    //if session is registered continue with members area code...;

    ?>
    then in the body i have:

    PHP Code:
    <?php
        
    //Process login
        
    if (isset($_POST['username'])) {
        
    //Check Credentials
        
    if ($_POST['username'] == 'directorsusername' and
        
    $_POST['password'] == 'xxxx') {
        
    $_SESSION['board'] = TRUE;
        }
        
    //}
        //Check login
        //if (isset($_SESSION['authorized'])) {
        //Display Secure information
        
    ?>
    But when I try to go from one page to the other in this section it keeps asking me for the username and password because it isn't passing the session from page to page.

    I'm not sure if i explained this clearly enough...
    Any help is greatly appreciated.

  2.  

  3. #2
    Member Taffu's Avatar
    Join Date
    Dec 2006
    Posts
    34
    Member #
    14486
    First, are you using more than one session_start() in the single php file? Second, are you using session_start() at the beginning of each relavent page you're trying to navigate & keep the session constant active?

    Try putting the entire block of code for this page into one complete code block, that would help locate any script/syntax errors as well.
    Owner - http://www.project-guild.com (in development)

  4. #3
    Senior Member DesignBox's Avatar
    Join Date
    Apr 2004
    Posts
    340
    Member #
    5659
    No, these sessions are in different pages.
    I found the problem.

    I had commented out some code by accident!

  5. #4
    Senior Member filburt1's Avatar
    Join Date
    Jul 2002
    Location
    Maryland, US
    Posts
    11,774
    Member #
    3
    Liked
    21 times
    You may want to avoid redirects for security. Instead, a more secure solution is for the script to die (gracefully) with an error message rather than redirecting to one. A client can choose to ignore any HTTP header it wants, so if it wants to ignore the HTTP redirect, it may suddenly start showing secured content.
    filburt1, Web Design Forums.net founder
    Site of the Month contest: submit your site or vote for the winner!

  6. #5
    Senior Member
    Join Date
    Jun 2005
    Location
    Atlanta, GA
    Posts
    4,146
    Member #
    10263
    Liked
    1 times
    Naturally, another good solution is to redirect *then* exit, so that even if the browser ignores the redirect, the script still stops outputting.


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 03:57 AM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com