SitePoint Sponsor

User Tag List

Results 1 to 23 of 23
  1. #1
    SitePoint Member
    Join Date
    Oct 2003
    Location
    scarborough
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Managing Users With PHP Sessions & MYSQL

    Hi

    I have followed your tutorial explaining 'Managing Users With PHP Sessions & MYSQL'. It is an excellent tutorial and I have edited it to fit in with my requirements, it works fine except for one problem. I have tried to include a logout button on my pages and this button links to a page called logout.php.

    Logout.php contains the following code:

    <?
    $_SESSION = array();
    session_destroy();
    ?>

    When i click the button i get the following error:

    Warning: Trying to destroy uninitialized session

    i cant figure out how the session is uninitialized when i have logged in and it wont let me login unless i enter the user details into the sessions.

    hope you can help

    maybe i need to set a session name or something? to open the session i am using session_start();
    where would i set the session name in this statement?

    Thanking you in advance
    any suggestions will be greatfully received

  2. #2
    SitePoint Addict marylin77's Avatar
    Join Date
    Aug 2003
    Location
    Spain
    Posts
    362
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Where is this tutorial?
    I am interested in it, too :]

  3. #3
    SitePoint Evangelist
    Join Date
    Nov 2001
    Location
    UK
    Posts
    553
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think, by doing $_SESSION = array(); you're destroying the session data. Therefore when you come to running session_destroy(), PHP see's no session.

    Try swapping the order of these two lines and see what happens.

    Edit:

    The article is at http://www.sitepoint.com/article/319


    Edit:

    Another edit: Just taken a look at the code - I'm probably wrong
    Regards, Ant.

  4. #4
    Free your mind Toly's Avatar
    Join Date
    Sep 2001
    Location
    Panama
    Posts
    2,181
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You didn't include the session_start();

    PHP Code:
    <?php
    session_start
    ();
    $_SESSION = array();
    session_destroy();
    ?>
    Community Guidelines | Community FAQ

    "He that is kind is free, though he is a slave;
    he that is evil is a slave, though he be a king." - St. Augustine

  5. #5
    Free your mind Toly's Avatar
    Join Date
    Sep 2001
    Location
    Panama
    Posts
    2,181
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by marylin77
    Where is this tutorial?
    http://www.sitepoint.com/article/319
    Community Guidelines | Community FAQ

    "He that is kind is free, though he is a slave;
    he that is evil is a slave, though he be a king." - St. Augustine

  6. #6
    SitePoint Member
    Join Date
    Oct 2003
    Location
    scarborough
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for th assisstance people
    (Toly) I have included session_start, just not in the logout file?
    it is included on the login type pages so the session has been created. all i want to do is destroy it now.

  7. #7
    Free your mind Toly's Avatar
    Join Date
    Sep 2001
    Location
    Panama
    Posts
    2,181
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You need to include the session_start(); in the logout.php file too. Just like I have it in the post above. If you don't include it in the logout.php file, php won't be able to destroy anything since it won't recognize any session.

    session_start(); not only starts a session, it also continues a session that has been already started.
    Community Guidelines | Community FAQ

    "He that is kind is free, though he is a slave;
    he that is evil is a slave, though he be a king." - St. Augustine

  8. #8
    SitePoint Member
    Join Date
    Oct 2003
    Location
    scarborough
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks very much for explaining that
    Im sooo stupid
    Sorry i read that in the tutorial but didn't take it in!

    thanks again

  9. #9
    SitePoint Member
    Join Date
    Oct 2003
    Location
    scarborough
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It does log me out BUT i get this error also
    Any ideas?

    Warning: Cannot send session cache limiter - headers already sent (output started at logout.php:12)

  10. #10
    Free your mind Toly's Avatar
    Join Date
    Sep 2001
    Location
    Panama
    Posts
    2,181
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hmmm... Are you using any headers in the logout.php file to redict to somewhere else perhaps?

    This is what I've always used on my logout.php file:
    PHP Code:
    <?php
    session_start
    ();
    $_SESSION = array();
    session_destroy();
    header("Location: url to redirect here" ); // redirects to my login page 
    exit;
    ?>
    Community Guidelines | Community FAQ

    "He that is kind is free, though he is a slave;
    he that is evil is a slave, though he be a king." - St. Augustine

  11. #11
    SitePoint Member
    Join Date
    Oct 2003
    Location
    scarborough
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    hmmm

    i just tried that and got this error

    Warning: Cannot send session cache limiter - headers already sent (output started at /usr/local/home/httpd/vhtdocs/hfta/hqn/admin/logout.php:11) in /usr/local/home/httpd/vhtdocs/hfta/hqn/admin/logout.php on line 13

    Warning: Cannot add header information - headers already sent by (output started at logout.php:11) in logout.php on line 16

    if i then visit the protected pages i need to login so the logout works...just these annoying errors that seem to get in the way. it doesnt redirect to the given page i guess cos it cant add the header.

    and i have no idea what a session cache limiter is!

    the code on my logout page is:

    <html>
    <head>
    <title></title>
    </head>
    <body bgcolor="#ffffff">
    <?
    session_start();
    $_SESSION = array();
    session_destroy();
    header("Location: http://www......myloggedoutpage.php" );
    exit;
    ?>
    You are now logged out

    <p></p>
    <p><a href="protectedpage.php">pro1</a></p>
    <p><a href="protectedpage2.php">pro2</a></p>
    </body>
    </html>

  12. #12
    Free your mind Toly's Avatar
    Join Date
    Sep 2001
    Location
    Panama
    Posts
    2,181
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    session_start(); must be at the beginning of the page before anything else and that goes the same for header, it needs to go before any html is output.

    Try this:

    PHP Code:
    <?php
    session_start
    ();
    $_SESSION = array();
    session_destroy();
    ?>
    <html>
    <head>
    <title></title>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    <meta Http-Equiv="Refresh" content="2;url=your url here">
    </head>
    <body>
    You are now logged out... You will be Redirected to the login page.
    </body>
    </html>
    Community Guidelines | Community FAQ

    "He that is kind is free, though he is a slave;
    he that is evil is a slave, though he be a king." - St. Augustine

  13. #13
    SitePoint Member
    Join Date
    Oct 2003
    Location
    scarborough
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    sorry if this is getting boring for you
    i really appreciate your assistance

    i pasted the code you just gave me over my old logout file (and changed the redirect url)
    and again the same error

    Warning: Cannot send session cache limiter - headers already sent (output started at logout.php:1) in logout.php on line 2

    i dont understand cos i havent sent any headers
    i searched thru all of the files for the text 'header' and it came back blank so nowhere have i tried to send headers...

  14. #14
    SitePoint Wizard
    Join Date
    Oct 2001
    Posts
    2,686
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi.
    Do not hav anything before the first <?php . Even a space will send a header/something to the browser.

    -HELge

  15. #15
    Free your mind Toly's Avatar
    Join Date
    Sep 2001
    Location
    Panama
    Posts
    2,181
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yeah, you shouldn't leave any space after the <?php, I forgot to mention that.
    Community Guidelines | Community FAQ

    "He that is kind is free, though he is a slave;
    he that is evil is a slave, though he be a king." - St. Augustine

  16. #16
    SitePoint Member
    Join Date
    Oct 2003
    Location
    scarborough
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thats fantastic
    it works great now
    thanks for all of your help Toly / Helge
    I know where to come in future for php asisstance, you guys are ace

    cheers

    hope you have a nice afternoon

    Bazgow

  17. #17
    Free your mind Toly's Avatar
    Join Date
    Sep 2001
    Location
    Panama
    Posts
    2,181
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Cool... Glad it worked.
    Community Guidelines | Community FAQ

    "He that is kind is free, though he is a slave;
    he that is evil is a slave, though he be a king." - St. Augustine

  18. #18
    SitePoint Addict marylin77's Avatar
    Join Date
    Aug 2003
    Location
    Spain
    Posts
    362
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have read all the article and it is very interesting, but i have a question :]
    The same goal of managing users with php and mysql could have done without sessions...I mean...only checking the password and the userid in the database and then access the restricted areas.
    Is it possible?
    Am I wrong?
    I don't get to see the usefulness of sessions...:[

  19. #19
    Free your mind Toly's Avatar
    Join Date
    Sep 2001
    Location
    Panama
    Posts
    2,181
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The other way I know off would be with cookies but not everybody has their browser set to accept cookies.
    Community Guidelines | Community FAQ

    "He that is kind is free, though he is a slave;
    he that is evil is a slave, though he be a king." - St. Augustine

  20. #20
    SitePoint Member
    Join Date
    Oct 2003
    Location
    scarborough
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I did it with cookies before
    I think one advantage/disadvantage! of sessions is that they time out. I also think they are stored where you want them to be which makes hacking them harder as they are not always in the same place. But as you say it is possible with cookies - when i did this b4 i used a logincheck at the top of all pages that required logging in-this matched the cookies to the database. I dont see what is wrong with this either except for the possibility of hacking...i could be well wrong tho!!

  21. #21
    PHP manual bot bronze trophy Gaheris's Avatar
    Join Date
    Oct 2003
    Location
    Germany
    Posts
    2,195
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Um, sessions are made to time out. Session are there to pass along data in a user session. If you're looking for a "stay-logged-in" feature then you need cookies.

  22. #22
    Free your mind Toly's Avatar
    Join Date
    Sep 2001
    Location
    Panama
    Posts
    2,181
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Of course you could set up sessions to not timeout if you had access to the php.ini file.
    Community Guidelines | Community FAQ

    "He that is kind is free, though he is a slave;
    he that is evil is a slave, though he be a king." - St. Augustine

  23. #23
    SitePoint Addict marylin77's Avatar
    Join Date
    Aug 2003
    Location
    Spain
    Posts
    362
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Toly
    The other way I know off would be with cookies but not everybody has their browser set to accept cookies.
    Here, in http://es.php.net/session it is explained how session id is propagated.
    In short:
    There are two methods to propagate a session id:


    Cookies

    URL parameter

    Does the article use cookies, doesn´t it?
    Regards from Spain.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •