How to redirect after setting session?

Re: How to redirect after setting session?

deko <deko@hotmail.c om> wrote:[color=blue]
> I have a login page that is supposed to redirect the user to his private
> page after login. But header("Locatio n: $url") does not work after I set
> the $_SESSION variable - I get "Warning: Cannot modify header information -
> headers already sent by ...[/color]

Argghhh, yet another "Headers already sent" question.

This error has nothing to do with setting session. The error tells you
where the problem is: line 4
[color=blue]
> <?php
> session_start() ;
> ?>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
> "http://www.w3.org/TR/html4/loose.dtd">
> <html>
> <head>
> [etc, etc]
> [login form]
> <?
> if (credentials are valid)
> {
> session_start() ;
> $_SESSION['username'] = $uid;
> header("Locatio n: $url");
> }
> ?>
>
> One option I've heard about is using ob_start() at the top of the page - but
> that seems to screw up my session. I could also use Javascript like this:[/color]

Fix your script flow is the better one:

<?php
session_start() ;

if(credentials are valid)
{
//set session and redirect
die();
}
?>
<html>
....

Re: How to redirect after setting session?

I agree with Daniel Tryba: "Fix your script flow is the better one:"

At the moment you are calling session_start() ; twice on the check
credentials section. Once at the start of the page and once in "if
(credentials"
This can't be done after the head of the html.
You only every need to start the session once in a page.
Follow Daniel Tryba instructions for the layout and you'll be fine.
Brent Palmer.




"deko" <deko@hotmail.c om> wrote in message
news:E4rYd.1698 2$OU1.5230@news svr21.news.prod igy.com...[color=blue]
>I have a login page that is supposed to redirect the user to his private
> page after login. But header("Locatio n: $url") does not work after I set
> the $_SESSION variable - I get "Warning: Cannot modify header
> information -
> headers already sent by ...
>
> The abbreviated code on the login page looks like this:
>
> <?php
> session_start() ;
> ?>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
> "http://www.w3.org/TR/html4/loose.dtd">
> <html>
> <head>
> [etc, etc]
> [login form]
> <?
> if (credentials are valid)
> {
> session_start() ;
> $_SESSION['username'] = $uid;
> header("Locatio n: $url");
> }
> ?>
>
> One option I've heard about is using ob_start() at the top of the page -
> but
> that seems to screw up my session. I could also use Javascript like this:
>
> <script language="javas cript">
> window.location .href=("<?php echo $url; ?>");
> </script>
>
> but then folks without Javascript won't get redirected.
>
> Are there any other alternatives?
>
> Thanks in advance.
>
>[/color]

Re: How to redirect after setting session?

> <?php[color=blue]
> session_start() ;
>
> if(credentials are valid)
> {
> //set session and redirect
> die();
> }
> ?>[/color]

Thanks for the help.

So I moved the code to the top of the page, and the redirect works now. But
there are a couple of problems:

Before, when I hit my browser's back button, I would get "Warning... page
has expired" - which was nice - so the user could not log in again. Now I
don't get that error - it just goes back to the login page. Is there a way
to have that error appear?

The other thing, which is more of a problem, is that when the the session
expires, the "private page" has this code:

echo "Your session has timed out. You must <a href= '".$url."'>l og in
again</a> to view this page.";
session_destroy ();

When the user clicks on the link to go back to the login page, and re-enters
credentials, then clicks submit, the redirect fails with "Cannot find
page..." - apparently the header is getting screwed up the second time
around. What appears in the address window of my browser is something like
this:

https://hostname.myisp. com/~acctname/<?php%20echo%20 http://www.mysite.com/login.php;%20?>

Is there a way to clear out the header first? Other suggestions?

Here is the revised code:

session_start() ;
if ($username && $password)
{
$uid = trim($username) ;
$pas = trim($password) ;
if (credentials are valid)
{
$_SESSION['user'] = $uid;
$_SESSION['timeout'] = time();
$url="https://hostname.myisp. com/~acctname/privatePage.php ";
header("Locatio n: $url");
unset($em);
unset($pw);
die();
}
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
[html code...]
<?php
//if we are here then user enter bad credentials
if ($username && $password)
{
echo "Login Failed";
}
?>
[more html code...]

Re: How to redirect after setting session?

> When the user clicks on the link to go back to the login page, and
re-enters[color=blue]
> credentials, then clicks submit, the redirect fails with "Cannot find
> page..." - apparently the header is getting screwed up the second time
> around. What appears in the address window of my browser is something[/color]
like[color=blue]
> this:
>
>[/color]
https://hostname.myisp. com/~acctname/<?php%20echo%20 http://www.mysite.com/login.php;%20?>

I've noticed this behavior occurs in Firefox every time - even the first
time. Is there some bug in Firefox that prevents PHP from setting the
header? Or is my code not setting the header correctly?

Re: How to redirect after setting session?

deko <deko@hotmail.c om> wrote:[color=blue]
> Before, when I hit my browser's back button, I would get "Warning... page
> has expired" - which was nice - so the user could not log in again. Now I
> don't get that error - it just goes back to the login page. Is there a way
> to have that error appear?[/color]

You are the first person I see that actually wants that warning, most
people want to get rid of it (by using a redirect) :)

The only way I know to actually get the warning is to not do a
redirection after a post. You could make your login script like this:

<?php

if($user && $passwd)
{
if(valid())
{
?>
<html><body>
Login success <a href='next.php' >click here to continue.</a>
</body></html>
<?php
die();
}
}
else
{
$user='';
$passwd='';
}
?>
<html>
<?php
if($user)
echo "Login failed!";
?>
<form>
</form>
</html>

But that is getting very ugly very fast, I would suggest using a
template engine (like smarty) to truly seperate output and logic (do a
bunch of checks, determine template to show and set variables
accordingly to that tempalte).
[color=blue]
> The other thing, which is more of a problem, is that when the the session
> expires, the "private page" has this code:
>
> echo "Your session has timed out. You must <a href= '".$url."'>l og in
> again</a> to view this page.";
> session_destroy ();[/color]
[color=blue]
> https://hostname.myisp. com/~acctname/<?php%20echo%20 http://www.mysite.com/login.php;%20?>
>
> Is there a way to clear out the header first? Other suggestions?[/color]

That is scary... how is $url defined in that page?

Re: How to redirect after setting session?

> You are the first person I see that actually wants that warning, most[color=blue]
> people want to get rid of it (by using a redirect) :)[/color]

I can live with it, but I'll try your suggestion.
[color=blue][color=green]
> > The other thing, which is more of a problem, is that when the the[/color][/color]
session[color=blue][color=green]
> > expires, the "private page" has this code:[/color]
>[color=green]
> >[/color][/color]
https://hostname.myisp. com/~acctname/<?php%20echo%20 http://www.mysite.com/login.php;%20?>[color=blue][color=green]
> >
> > Is there a way to clear out the header first? Other suggestions?[/color]
>
> That is scary... how is $url defined in that page?[/color]

Good question. In fact, I think that was my problem.

But the real barf bag is that the SESSION does not appear to get set in
Firefox. I surfed around a bit and saw that others have also had similar
probelms with Firefox and login scripts. If you have any suggestions on how
to get the script working with Firefox, that would be great...

Thanks again for the help.

Re: How to redirect after setting session?

> But the real barf bag is that the SESSION does not appear to get set in[color=blue]
> Firefox. I surfed around a bit and saw that others have also had similar
> probelms with Firefox and login scripts. If you have any suggestions on[/color]
how[color=blue]
> to get the script working with Firefox, that would be great...[/color]

Some further testing with Firefox -

Here again is the Login page code:

session_start() ;
if ($username && $password)
{
$uid = trim($username) ;
$pas = trim($password) ;
if (credentials are valid)
{
$_SESSION['user'] = $uid;
$_SESSION['timeout'] = time();
$url="https://hostname.myisp. com/~acctname/privatePage.php ";
header("Locatio n: $url");
unset($em);
unset($pw);
die();
}
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
[html code...]
<?php
//if we are here then user enter bad credentials
if ($username && $password)
{
echo "Login Failed";
}
?>
[more html code...]


Here is all the code on the redirect page:

<?php
session_start() ;
echo $_SESSION['uid'];
?>

Result: Nothing is echoed on the screen. But the redirect works...

I've played around with the SSL settings in Firefox, but no luck. I'm
wondering if the problem has something about carrying sessions over an SSL
connection??