Printer Friendly Version
Email this thread to a friend
|
Featured Web Site Template |
|
Reflects user activity within the last 5 minutes
|
|
| Member |
Message |
ronnieplant
Joined: Feb 09, 2005
# Posts: 7
|
Posted: 2005-Feb-11 11:08
Hello everybody,
I'm trying to set up a login system and I've managed so far to get most things right. The only thing is, I'm confused by "sessions".
Basically, when do I start a new session and how do I follow on a session? I ask because I would like the user to navigate my site securely, but not having to sign in more than once. I would also like to use different permissions but I'll leave that 'til later.
My problem with sessions is only when the user inputs a wrong username or password (or both) into the login form. When that happens the variable set is:
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed ); line#52
the variable looks like this:
$MM_redirectLoginFailed = "login_form.html";
When I purposefully enter an incorrect username/password it says this:
Warning: Cannot modify header information - headers already sent by (output started at c:program filesapache groupApachehtdocscheckuser.php:12) in c:program filesapache groupApachehtdocslogin_form.html on line 52
It does use the variable because the correct page is there and it says "Incorrect" or "enter more information" etc. but I don't know what it's trying to do with the "sessions".
My session code is right at the beginning of every page and it looks like this:
<?php session_start();
if ( !isset( $_SESSION['count']))
$_SESSION['count'] = 1; else $_SESSION['count'] ++; ?>
Please help! I know you can do it Sinoed, don't let me down!
Thanks
|
 |
Sinoed
Joined: Dec 11, 2000
# Posts: 5266
|
Posted: 2005-Feb-11 20:57
Probably the best thing to say first is that a 'session' is just a length of time spent on your website by a specific user. The way that a session is determined is that PHP stores a special variable on the webserver to figure out which users are accessing which pages & for how long. There is a pretty good tutorial on them here: http://www.phpfreaks.com/tutorials/41/0.php
Essentially what it means is that once you've started a session you can't 're-modify it'. PHP creates a 'session' with a unique ID and saves it to the server when you start one. By trying to modify it you're asking PHP to go back and change the special ID of the file its saved and PHP gets confused. You'll get this error if you're trying to refresh a page that has a session header when you've already started a session on it. Its kind of telling you that you've already GOT a session so it doesn't know what to do next.
That means that you have two choices, either create a section of code that skips the headers if the wrong password is entered or break it into smaller sections - and thus different pages. I've found that if I try to create some kind of query statement ie. If !password then skip the session stuff, you'll get an error "Session headers already sent" when it comes to the session stuff (because PHP assumed that there wasn't any session info & sent that info along when it didn't find them before the 'skip' code).
There are probably more elaborate ways of getting around this problem or adding a MOD of some kind so you don't have to worry about having multiple pages but I just break it up into smaller chunks. Take your code, break it into two sections and pass it to a second page for processing. Since you haven't got any session headers here PHP isn't going to try to modify the session that was already started through the first section and you can then go to work with the rest of the code. You can of course pass the variables into other pages once you're done to set the right cookie for the correct username or whatever.
I'm not sure if that's entirely clear so let me know if you have another question.
Anyhow, I'm not a genius when it comes to sessions and I'm sure there is probably a better fix, but this worked for me. Someone else might have a better idea. 
|
|
ronnieplant
Joined: Feb 09, 2005
# Posts: 7
|
Posted: 2005-Feb-16 12:24
Thank you Sinoed, I've been away for a couple of days, and having a clear mind helps.
|
|
Sinoed
Joined: Dec 11, 2000
# Posts: 5266
|
Posted: 2005-Feb-18 02:19
no prob.
|
|
You are not permitted to post messages in this forum or topic, because of one or more of the following reasons:
- You have not yet logged in, or registered properly as a member
- You are a member, but no longer have posting rights.
- This is a private forum, for which you do not have permissions.
If you are a recent member, it's possible that you simply have not yet confirmed your account. Please
check your email for a message entitled 'JimWorld Forums: Confirm Your Account' and follow the instructions
contained within.
If you cannot find this message, click here to Re-Send it.
|
If you are still experiencing problem, please read the
Login Assistance
Article for some advice on what may be causing your login not to work properly.
|
Switch to Advanced Editor and ...
Create a New Topic
or Reply to this Thread
|
|
Inbox
