SitePoint Sponsor

User Tag List

Results 1 to 15 of 15

Thread: Php sessions

  1. #1
    BoOm-Rocka! Smarky's Avatar
    Join Date
    Jun 2000
    Location
    England
    Posts
    1,319
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    me is stuck

    session_unregister('user');
    unset($user);
    $user=($user2);
    session_destroy();
    session_register('user');
    echo($user);


    $user still holds the old value and not that of user2. how do i clear the session value to make way for a new one?
    Garlic bread, I've tasted it, it's the future

  2. #2
    chown linux:users\ /world Hartmann's Avatar
    Join Date
    Aug 2000
    Location
    Houston, TX, USA
    Posts
    6,455
    Mentioned
    11 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:

    session_unregister
    ($user);
    session_destroy();

    session_register($user); 
    That should work.....

  3. #3
    SitePoint Author Kevin Yank's Avatar
    Join Date
    Apr 2000
    Location
    Melbourne, Australia
    Posts
    2,571
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Corrected code:

    PHP Code:
    session_unregister('user');
    session_destroy();

    session_register('user'); 
    Kevin Yank
    CTO, sitepoint.com
    I wrote: Simply JavaScript | BYO PHP/MySQL | Tech Times | Editize
    Baby’s got back—a hard back, that is: The Ultimate CSS Reference

  4. #4
    BoOm-Rocka! Smarky's Avatar
    Join Date
    Jun 2000
    Location
    England
    Posts
    1,319
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    yeah me used $var by mistake took me ages to figure it out /me slaps himself cheers kevin.
    Garlic bread, I've tasted it, it's the future

  5. #5
    chown linux:users\ /world Hartmann's Avatar
    Join Date
    Aug 2000
    Location
    Houston, TX, USA
    Posts
    6,455
    Mentioned
    11 Post(s)
    Tagged
    0 Thread(s)
    ack... sorry about that, I need to review my code more often

  6. #6
    BoOm-Rocka! Smarky's Avatar
    Join Date
    Jun 2000
    Location
    England
    Posts
    1,319
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Actually I had corrected your code without noticing I had made the same mistake else were though which was causing a big problem .
    Garlic bread, I've tasted it, it's the future

  7. #7
    SitePoint Author Kevin Yank's Avatar
    Join Date
    Apr 2000
    Location
    Melbourne, Australia
    Posts
    2,571
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Note that to change the value of a session variable, you don't have to delete and re-create the variable and session. Just assign the registered variable a new value -- that value will be stored in the session.
    Kevin Yank
    CTO, sitepoint.com
    I wrote: Simply JavaScript | BYO PHP/MySQL | Tech Times | Editize
    Baby’s got back—a hard back, that is: The Ultimate CSS Reference

  8. #8
    BoOm-Rocka! Smarky's Avatar
    Join Date
    Jun 2000
    Location
    England
    Posts
    1,319
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey kev,

    Really hmmm I better have a play around with it then because i couldn't get it to rewrite the session data so i had to destory it first.
    Garlic bread, I've tasted it, it's the future

  9. #9
    SitePoint Author Kevin Yank's Avatar
    Join Date
    Apr 2000
    Location
    Melbourne, Australia
    Posts
    2,571
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Kevin Yank
    CTO, sitepoint.com
    I wrote: Simply JavaScript | BYO PHP/MySQL | Tech Times | Editize
    Baby’s got back—a hard back, that is: The Ultimate CSS Reference

  10. #10
    BoOm-Rocka! Smarky's Avatar
    Join Date
    Jun 2000
    Location
    England
    Posts
    1,319
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    right Kev i read that but I am still having problems.

    $user is passes to members.php which is where i check the login. $user is also the session Var so everytime the page is visited the session should be updated if the session already contained data right? well the following code

    session_start();
    session_register('user');
    echo($user);

    prints out the old user login that was stored in the session and not the one the user just logged in using. Echo($user); on its on gives the value that was in the form.

    http://localhost/rf1/members.php?user=rapidf1

    yet the echo($user); returns the result mark onto the screen. Which is the user i logged in as last.

    Then the following code
    echo($user);
    session_start();
    echo($user);

    gives the result
    RapidF1
    Mark
    Last edited by Smarky; Feb 21, 2001 at 06:22.
    Garlic bread, I've tasted it, it's the future

  11. #11
    BoOm-Rocka! Smarky's Avatar
    Join Date
    Jun 2000
    Location
    England
    Posts
    1,319
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    session_start();
    session_unregister('user');
    session_destroy();
    echo($user);


    this code also returns the value that was in the session before showing that even the destory session isin't working

    when I close IE and reload it I don't have this problem but then as soon as i have logged in as one user and go back to login again then it logs me in as the first user i logged in as because this data is in the session. Even if i type the login and password for the new user
    Last edited by Smarky; Feb 21, 2001 at 06:13.
    Garlic bread, I've tasted it, it's the future

  12. #12
    SitePoint Author Kevin Yank's Avatar
    Join Date
    Apr 2000
    Location
    Melbourne, Australia
    Posts
    2,571
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    You're quite correct -- form submitted variables cannot override registered session variables. This is done for security purposes, to keep session variables hidden from the user. Consider how easy it would be for someone to override the prices of items in their shopping basket if they just had to adjust the variables by editing their URL's query string!

    If you want to allow your user to log in under a new name, your login page should destroy the session as it is loading. Thus:

    PHP Code:
    <?php // login page
      
    session_destroy(); // Remove the existing user/pass
    ?>
    <!-- login form HTML here -->
    Alternatively, use a different variable name for the form submission, and then set the session variable to the value of the submitted variable in your script (as I showed in the post I referred you to above):

    PHP Code:
    // $userid and $password are session variables
    $userid $submitteduserid;
    $password $submittedpassword
    Kevin Yank
    CTO, sitepoint.com
    I wrote: Simply JavaScript | BYO PHP/MySQL | Tech Times | Editize
    Baby’s got back—a hard back, that is: The Ultimate CSS Reference

  13. #13
    BoOm-Rocka! Smarky's Avatar
    Join Date
    Jun 2000
    Location
    England
    Posts
    1,319
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Cheers kev, I really didn't think about that one. I ended up at the start of the page putting $user into a new Var called $newuser and then putting it back into $user when the session had be started again. I couldn't get session_destory() to work. Am i right in beliveing you need to use session_start() before you destory it? just wondering because I didn't see it in your code.

    Thanks for all your help Kev I am building this fantasy game site thing and it looks like I may need more help when It comes to writing the game code but the login system is looking pretty good. Just finishing the change email and password pages now. Lost password and other pages are all done

    thanks
    Garlic bread, I've tasted it, it's the future

  14. #14
    SitePoint Author Kevin Yank's Avatar
    Join Date
    Apr 2000
    Location
    Melbourne, Australia
    Posts
    2,571
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Some people have had trouble with session_destroy() (as evidenced by the comments on that function's PHP Manual page). You can usually get around such problems just by calling session_unregister() for all of your session variables (or at least all of those you want to clear). It won't destroy the session, but it will destroy everything stored in it.

    This work-around assumes you have a well-defined set of session variables. If you have an unbounded number (usually not advisable, but you never know...), it might be worth poring over the discussion on that manual page for a solution.
    Kevin Yank
    CTO, sitepoint.com
    I wrote: Simply JavaScript | BYO PHP/MySQL | Tech Times | Editize
    Baby’s got back—a hard back, that is: The Ultimate CSS Reference

  15. #15
    BoOm-Rocka! Smarky's Avatar
    Join Date
    Jun 2000
    Location
    England
    Posts
    1,319
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    cheers kev


    *bows down and worships the mighty Kevin Yank*
    Garlic bread, I've tasted it, it's the future


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •