Page not recognizing login session - Need to manually refresh - Please view my code

I have a strange problem. When a guest visits my contact-user.php page, they get a message telling them the must login before viewing the page.

After the guest logs in, they view the same page and it tells them they have to login again (keeps on looping). But if they manually refresh that page with the “you must be logged in” message, it recognizes the login and lets them in.

How can I get this page to immediately recognize that the user is logged in and not require them to refresh the page manually?

Here is my code for contact-user.php


<?php 
session_start();
header("Cache-Control: private, max-age=10800, pre-check=10800");
header("Pragma: private");
header("Expires: " . date(DATE_RFC822,strtotime("+2 day")));
include("connection.php"); 
mysql_select_db("database");


if (isset($_SESSION['username'])) { 
********    MY HTML PAGE CONTENT     ********
 }


else {
echo "<meta http-equiv='REFRESH' content='2;url=http://www.mysite.com/login.php'>
<center><font color='#EE0000'><p>You must be logged in before negotiating. You will now be redirect to the login page.</p></font></center>";
}
?>

Here is my code for login.php script:


<?php
include("connection.php"); 
mysql_select_db("database");
session_start();
if(isset($_POST['login'])){
       $username = mysql_real_escape_string($_POST['username']);
       $password = mysql_real_escape_string($_POST['password']);
	   $tUnixTime = time();
       $sGMTMySqlString = gmdate("Y-m-d H:i:s", $tUnixTime);
       if (!$username || !$password) {
          print "Please fill out all fields.";
          exit;
       }
       $logres = mysql_num_rows(mysql_query("SELECT * FROM members WHERE username = '$username' and password = '$password'"));
       if ($logres <= 0) {
          print "Login failed. If you have not already, please signup. Otherwise, check your spelling and login again.";
          exit;
       } 
       else {
       $_SESSION['username'] = $username;
       if (isset($_SESSION)) {
         echo'You are now logging in'; mysql_query("UPDATE members SET activity = '$sGMTMySqlString' WHERE username = '$username'");
       }
       else {
         echo "You are not logged in!";
       }  
       echo'<html><head><meta http-equiv="REFRESH" content="1;url=http://www.mysite.com/members/' . $_SESSION['username'] . '/"></head><body></body></html>';
       exit;
       }
}
?>



Thanks a lot!!

I think this worked, I altered this line +2 to -1:
header(“Expires: " . date(DATE_RFC822,strtotime(”+2 day")));

My page also seems to remember the information and written paragraphs in the form if they forget to fill out a required field and press back button, which is very important.

Let me know if this sounds correct to you.

Best Regards

Try sending an expiry date for the past, not the future. The browser thinks the page doesn’t expire until the day after tomorrow, so it shows a cached version (i.e. the one with the login message in it).

I am having a problem again. It turns out that everything works good in Firefox but not in Internet Explorer (as I just found out). Do you know an additional solution to this?

Thanks

That’s also due to caching, to stop it doing that you’ll need to send an expiry date in the past. That way the browser will fetch a fresh page. If you want it to remember the values people posted in it, it’s best to do something like saving the values in session, and then writing them out to the form when it’s requested.