SitePoint Sponsor

User Tag List

Results 1 to 5 of 5

Thread: Session Help??

  1. #1
    SitePoint Member cschoon's Avatar
    Join Date
    Dec 2009
    Posts
    17
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Session Help??

    Hello,

    I have a login system for people. They have two questionnaires to fill out.
    Running through some tests on my own I have discovered a weird bug. The last question on one of the forms is a date. I have 3 select boxes (Year, Month, Day) They choose the year, the month, the day. I use a $_GET for the useraccount. I also use sessions to make sure they are logged in correctly. The two sessions I check for are the user level and the username. If not then kick back to login in screen.

    When I hit update/save, everything saves and updates correctly in the db.

    When I use the back key on the browser to go back three screens to the beginning the useraccount now reads the date I inserted in my last question from the form.
    so my url has
    HTML Code:
    www.url.com?account=11-19-1994(insert a date)
    HTML Code:
    instead of www.url.com?account=56 (the properid it should have).
    I have not posted code because I am not even sure what code to post.
    If you have any suggestions of what to post I will post it so anyone can take a look. I have echoed my $_session['var']; and what I see happening is when the user logs in, the correct session var is displayed.
    But as soon as I hit the back key my $_session['var'] is getting changed.
    I can't figure out why my session var is being replaced/changed??

    Thanks

  2. #2
    SitePoint Wizard
    Join Date
    Nov 2005
    Posts
    1,191
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You shouldn't be using the user account in the url like that. Store it in the session. And $_SESSION['var'] should be something meaningful like $_SESSION['account'] (or was that just for illustration?)

  3. #3
    SitePoint Member cschoon's Avatar
    Join Date
    Dec 2009
    Posts
    17
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by hash View Post
    You shouldn't be using the user account in the url like that. Store it in the session. And $_SESSION['var'] should be something meaningful like $_SESSION['account'] (or was that just for illustration?)
    Hello,
    Yes $_session['var'] was for illustration. I think I get what you mean about the url and account. Could you post an example of that.
    As I read it do you mean ie the url.com?account=$_session['account']
    Is that what you meant??

  4. #4
    SitePoint Guru mmarif4u's Avatar
    Join Date
    Dec 2006
    Location
    /dev/swat
    Posts
    619
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This will help you in understanding sessions.

    http://www.tizag.com/phpT/phpsessions.php

  5. #5
    SitePoint Wizard
    Join Date
    Nov 2005
    Posts
    1,191
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by cschoon View Post
    Hello,
    Yes $_session['var'] was for illustration. I think I get what you mean about the url and account. Could you post an example of that.
    As I read it do you mean ie the url.com?account=$_session['account']
    Is that what you meant??
    That link above probably helps, but the idea is to store something in the session, eg userid, and then use that to verify the user and grab any other data needed. There is no need to pass userid (or account) as the browser will send a cookie with session id and php will grab the appropriate session file, which will make whatever you stored there avail in $_SESSION


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •