Sessions

**exoskeleton** · Feb 23 '07, 07:50 AM

hello sir ... im a little bit confuse.. what's question exactly? how to maintain a session or how to destroy it?

**ronverdonk** · Feb 23 '07, 12:02 PM

Show us the code by which you destroy the session.

Ronald :cool:

**amrhi** · Feb 23 '07, 04:18 PM

please write your code.
But i think you forget to include session code in your page .so you can come again without log in.
for example try to write:include"c heck_session.ph p"; in your page.

**Hyperion** · Feb 28 '07, 10:11 AM

Originally posted by ronverdonk

Show us the code by which you destroy the session.

Ronald :cool:

Hello Ronald Thanks for ur reply,
in my first program
--------------------------------------------------------------------------------------------------------------------
index.php

--------------------------------------------------------------------------------------------------------------------
<?php

session_start() ;

include("dbconn ect.php");

if(isset($_POST['login']))

$username = $_POST['login'];

else

$username = "";

if(!empty($user name))

{

if(isset($_POST['pass']))

$pas =$_POST["pass"];

$qry = <<<STR

select username,passwo rd from users where username='$user name' and password='$pas' ;

STR;

$r=mysql_query( $qry)or die(mysql_error ());

$r1=mysql_fetch _assoc($r);

$rowcount=mysql _num_rows($r);

if($rowcount==1 )

{

$_SESSION['username'] = $r1["username"];

?>

<script language="javas cript">

document.locati on = "viewRecords.ph p";

</script>

<?php

}

else

{

print "invalid user";

}

}

?>

--------------------------------------------------------------------------------------------------------------------
view records.php
--------------------------------------------------------------------------------------------------------------------
<?php

session_start() ;

if(!isset($_SES SION["username"]))

{

die ("ERROR: Unauthorized access!");

}

else

{?>

<?php

function logout()

{

session_destroy ();

}

?>

<td width="150" align="center" valign="middle" background="ima ges/sub_menu.jpg">< span class="right">< a href="index.php " onClick="logout ();">Logout</a></span></td>

<?php

include("dbconn ect.php");

$results = mysql_query("se lect * from insertrecord ");

while($row = mysql_fetch_arr ay($results))

{

echo "<tr>";

echo "<td>" . $row['jobname'] . "</td>";

echo "<td>" . $row['country'] . "</td>";

echo "<td>" . $row['city'] . "</td>";

echo "<td>" . $row['description'] . "</td>";

echo "<td>" . $row['entrydate'] . "</td>";

echo "<td>" . $row['email'] . "</td>";

echo "</tr>";

}

echo "</table>";

?>

<?php

}

?>
NOTE:this is my situation when I click on logout button I just called session destroy function.but after clicking on log out button when i select browser's back button Im able to view all the details.
please help me ronald
regards,
ramya

**Hyperion** · Feb 28 '07, 10:17 AM

Originally posted by exoskeleton

hello sir ... im a little bit confuse.. what's question exactly? how to maintain a session or how to destroy it?

when i use this code Im able to enter into the website even though I logout,when I click on browsers back button
in my first program
--------------------------------------------------------------------------------------------------------------------
index.php

--------------------------------------------------------------------------------------------------------------------
<?php

session_start() ;

include("dbconn ect.php");

if(isset($_POST['login']))

$username = $_POST['login'];

else

$username = "";

if(!empty($user name))

{

if(isset($_POST['pass']))

$pas =$_POST["pass"];

$qry = <<<STR

select username,passwo rd from users where username='$user name' and password='$pas' ;

STR;

$r=mysql_query( $qry)or die(mysql_error ());

$r1=mysql_fetch _assoc($r);

$rowcount=mysql _num_rows($r);

if($rowcount==1 )

{

$_SESSION['username'] = $r1["username"];

?>

<script language="javas cript">

document.locati on = "viewRecords.ph p";

</script>

<?php

}

else

{

print "invalid user";

}

}

?>

--------------------------------------------------------------------------------------------------------------------
view records.php
--------------------------------------------------------------------------------------------------------------------
<?php

session_start() ;

if(!isset($_SES SION["username"]))

{

die ("ERROR: Unauthorized access!");

}

else

{?>

<?php

function logout()

{

session_destroy ();

}

?>

<td width="150" align="center" valign="middle" background="ima ges/sub_menu.jpg">< span class="right">< a href="index.php " onClick="logout ();">Logout</a></span></td>

<?php

include("dbconn ect.php");

$results = mysql_query("se lect * from insertrecord ");

while($row = mysql_fetch_arr ay($results))

{

echo "<tr>";

echo "<td>" . $row['jobname'] . "</td>";

echo "<td>" . $row['country'] . "</td>";

echo "<td>" . $row['city'] . "</td>";

echo "<td>" . $row['description'] . "</td>";

echo "<td>" . $row['entrydate'] . "</td>";

echo "<td>" . $row['email'] . "</td>";

echo "</tr>";

}

echo "</table>";

?>

<?php

}

?>
NOTE:this is my situation when I click on logout button I just called session destroy function.but after clicking on log out button when i select browser's back button Im able to view all the details.

regards,
ramya

**ronverdonk** · Feb 28 '07, 07:55 PM

You don't really expect me to look at 3 posts of unstructured code displays, do you??

Before you show any code, read the Posting Guidelines at the top of this forum!
Especially the part about enclosing shown code within php or code tags!!

Ronald :cool:

**routinet** · Feb 28 '07, 11:04 PM

Originally posted by Hyperion

when i try to logout, the session is destroy but i still can go inside to that page without login first by using IE Back button or history cache! How can i solve that?

It sounds like your problem is related to the cookie. When a session is created, the session information is stored locally on the server, and a session ID is sent to the remote system by way of a session cookie. It is usually called "PHPSESSID" or some other obvious name. The remote system stores this as the 'key' to their session on the server.

So now you log out. You call session_destroy (), which will delete all of the session-related information saved on the local server. It does NOT, however, delete the remote cookie. When the user tries to return to your site, and it is asking for a session id, the user is going to return the same session id it had last time. When your server does not see this session (because it has been destroyed locally), it will recreate a new session with the same id. Here's the catch: ANYWHERE ELSE YOU TIED TO THE SESSION ID AND DID NOT CLEAR WILL CONTINUE TO BE TIED. So, if you saved a cart using the session id as a way to track it, the cart will 'resurrect' itself from a destroyed session because you never removed the data.

Your solutions:

1) kill the remote cookie. See setcookie() for this.
2) kill the local session. session_destroy () handles this.
3) remove session-related tracks in your database...eras e the cart, remove any login indicators, etc.

**Hyperion** · Mar 26 '07, 07:34 AM

thanq for u reply sir.
can u please give me an example of destroying a remote cookie .

**ak1dnar** · Mar 26 '07, 08:53 AM

www.PHPBuddy.com - PHP and Cookies

http://www.phpbuddy.com/article.php?id=12

In this article we will discuss about cookies and how to make cookies work with PHP

Sessions

Sessions

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment