Confused by Sessions

I’ve recently figured out how to make a registration form and a login form. I also have a database-driven quiz that publishes scores and user info to a database. But I’m finding sessions a wrestling match.

I put the following code at the top of my login page @ mysite/admin/login and the page the form forwards the user to…


Everything seems to work fine.

But how are pages in different sections supposed to know I’m logged in? My test page is @ mysite/test/gw-intro-1 After selecting answers and clicking the Submit button, users are forwarded to mysite/test/grade.php, where they can see their score.

It was actually working partially. I had it set up so it somehow knew if I was logged in and would publish test scores to the database, though I couldn’t get it to publish other information (e.g. usernames).

Then something happened, and, even though I’m logged in at mysite/admin/login, my pages in the test section don’t seem to know it. I posted…


…at the top of the static index page that serves as the home page for the test section, to make sure the code appears in every page. But it still doesn’t work.

Yet another problem is that if I refresh my test page, or if I click the Submit button and get forwarded to the results, it often logs me out.

So what’s the magic code that makes a page in one section know you’re logged in and lets you do things without logging you out?


The way I do it is to generate a token value when the person logs in. That token is saved to the database to identify who it is that is logged in and is also loaded into a session variable that gets passed from page to page. When a page receives a token in the appropriate session variable then it knows that the person in the database the token points to is logged in.

Using a token (randomly generated string of characters) rather than the login name helps to prevent people being able to fake that someone is logged in.

Thanks. I Google’d for sessions + PHP + token and found a hopefully better tutorial. :wink:

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.