[Solved] The best practice to set login session?

PHP
1

In the process of designing a social network, I am struggling to find a best practice to set login session.

At the moment I have an splash page, a header php, and a home page. The header php is included by the splash page and the home page. The splash page contains the log in form, and the home page is just the landing page for registered users.

Initially I thought it could be a good idea to check session login in the header php and re-route the users to the home page when they sign in. So here is the code:

//in header php session_start(); if(isset($_SESSION["new_user"]) && basename($_SERVER["PHP_SELF"])=="splash_page.php"){ header("Location: home_page.php"); }

//in splash page code for logging in script
$_SESSION[“new_user”] = $new_user;
header(“Location: splash_page.php”);

//in home page just include the header php

Doing so resulted in receiving an error message “Cannot modify header information - headers already sent” when I logged in.

Update:
I changed the action attribute of log in form to “home_page.php” and it works as I wanted. But my question still remains that is this a good practice to set login session? I think there must be some kind of standard by all the social network builders out there.

2

Did you output HTML before setting the headers? Because that’s what the error is saying;and you can’tdo that :slight_smile: .

2 Likes
3

Oh man, you are always dead on. The header php has a <?php ?> and then !DOCTYPE followed by some html codes. But I also want to invoke header() in the splash page (or other pages that include header php). What should I do then?

4

Can you not do it before you output any HTML? Aka at the top of the file? What do you NEED outputted before you do the headers?

5

Figure out if you need to throw a header before you include the header. There is nothing in the HTML that would change your PHP logic.

1 Like
6

I was following this video series on how to make a social network from scratch:

The reason why I thought I had to use the header function after html is because:

  1. the header php must contain some html
  2. the splash page must include header php in the beginning
  3. I want to have the flexibility to use header() after including the header php

Now my solution is actually change the action attribute of the sign in form to “home.php”. It works but is this a better solution than using header()? What if I want to use header() later for whatever reasons?

7

Please see answer above, I am still trying to understand as much as I can the design philosophies

8

Why?
You’re trying to assert it needs to be:

<?php
include_once('header.php');
$splashdata = "I'm a spicy meatball";
echo $splashdata;
?>

But… PHP doesnt actually spit things out in this fashion. It does ALL of it’s processing, and then flushes it’s output buffer to the browser. (There are functions that counteract this behavior, but lets assume the default).

So, my contention to you is that there is NO difference in doing this instead.

<?php
$splashdata = "I'm a spicy meatball";
include_once('header.php');
echo $splashdata;
?>

As long as i dont break my PHP tag, or echo/print/etc something to the buffer, i can use header().

9

I have a db php that connects to the database and creates an object. This db php is included by the header php…If I write the code before include_once() I will have another error of referring to an non-existent object…

10

so… dont include db.php in header.php? Or more to the point, since i assume header.php requires database data (otherwise you wouldnt include it in in header.php, right?), require_once it instead.

11

So require_once db.php in header.php
and in splash page:
require_once(db.php)
php code first
require_once(header.php)

Like so? I usually am a pretty minimalistic person, and requiring db.php twice just feels like…blasphemy

12

This is where proponents of an MVC model will pipe up and say “see! This is why we do it.”

Well, if -every- page in your site is going to use the database, then you wouldnt need to call it in header.php.

Alternatively, wrap your header output in a function definition.

header.php

require_once('db.php');
function myheader() {
 // HTML And Stuff.
}

page.php

<?php    
require_once('header.php');
// do some PHP Stuff
myheader();
//Rest of Page HTML

EDIT: But dont call it header(). Because that’s silly and conflicts. slaps own wrist

1 Like
13

Thanks! I will give it a try to see how it works. Will get back when everything works properly

14

Ok I think I got it right this time…

Just to give a clear description:
I have header php, splash php, home php and other php
I want the header php to direct new users to splash if they are on other pages
I want the header php to direct signed in users to home if they are on index page
other pages are pretty much empty right now
splash php contains a block of code that uses db and also session

session_start() must be in header php to check login information
session_start() must also be in splash php to set login information

In header php:
require_once(db)
session stuff
function something(){
html stuff
}

In splash php, I have then:
require_once(header)
block of code…

Thanks for the great advice StarLion!

15

The only problem with the solution is that if I use echo in the block of php code, the result shows above the header menu. But of course I can have some work around for it.

16

Same workaround you had for the header - store whatever you were going to output, and echo it later.

17

I am dumb, thanks again!

18

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.