Results 1 to 1 of 1
Aug 24, 2004, 22:04 #1
- Join Date
- Aug 2004
- 0 Post(s)
- 0 Thread(s)
I am building a content management system that retreives users from a database then stores into a session.
On all administrative pages, there is a check to see if the user has a session ID.
Those pages have code like this:
The session is checked, and if not found, they are redirected to the login page.
I am developing on a standalone machine and I can see what is happening in the /tmp directory where session files are stored.
When you launch a browser the first login attempt seems to work with the session being set in the /tmp directory with the correct values, however when trying to use one of the administrative pages, I get redirected to the login page. This creates a new session and the second login attempt is again successful and I can use the administrative pages as I expect.
Logging out destroys the session and logging back in is without the above problem, it only happens for the first login attempt after the browser is launched.
The following is an extract from this article: http://www.zend.com/zend/spotlight/sessionauth7may.php
When a user visits a session-enabled script, PHP checks for the existence of a session ID that may have been passed to the script (in the form of a cookie or GET method). If a session ID was passed, it is then checked for validity, and if valid the variables associated with that session ID are created.
If no session ID was provided, or the session ID provided was invalid, PHP creates a new ID that it then passes on to the browser (in either cookie form or by GET method). Through this mechanism, PHP ensures that in the event no valid session ID is given (as either a cookie or GET parameter to PHP when the page is requested), it is assigned one for future requests. In the event a valid session ID is given, all of the data associated with that session ID will be
reloaded with identical values, and in the exact same state it was in when it was last accessed.
It seems that the first session is invalid , and being redirected to the login page sets a new session which is valid. The new session is the one being used.
I use the short version for sessions $_SESSION
Declare session_start() at the top of scripts that use sessions,
and isset(), unset() and session_destroy() for the session handling functions.
Last edited by cdr; Aug 24, 2004 at 23:47.