Hi, Below you'll find my code. I think now that the problem is in my algorithm, because the is created anytime the page is refreshed. But i don't know how to check if the client was logged out or it is a real new connexion to the page. As you will see one can click on logout, then press the back button of the browser, and then refresh the page, but he is still connected. I would like to help me fixe that. Here is the code: -----------index.php------------------ //the first page where the user enters his login and password <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> <html xmlns="http://www.w3.org/1999/xhtml";> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="stylesheet" type="text/css" href="../styles/style.css" media="screen" /> <title>Login page</title> </head> <body> <form name = "manage" action = "manage.php" method="post"> <div style = "padding-top: 40px; padding-bottom: 40px;height = 100%;"> <center><table width = "100%" cellspacing="10"> <tr><td width = "50%" align = "right">Login</td><td width = "50%" align = "left"><input type="text" name="login" /></td></tr> <tr><td width = "50%" align = "right">Password</td><td width = "50%" align = "left"><input type="password" name="password" /></td></tr> </table> <input type="submit" name="connect" value = "Connect"/> <br/><br/><br/> </center> </form> </body> </html> ------------- manage.php ------------ //where the form posts data and here is where the session is created <?php session_start(); $sessionid = session_id(); $referer = @$HTTP_REFERER; if (isset($_REQUEST['connect'])){ $passwd = addslashes($_POST['password']); $login = addslashes($_POST['login']); require_once "../../../includes/connexion.php"; $sql = mysql_query("SELECT * FROM user WHERE login ='".$login."' and password = '".$passwd."'") or die("Incorrect username or password."); $result = mysql_fetch_array($sql); if (($result[0] != null)) { $_SESSION['sessioname'] = $_POST['login']; } else Header ("Location: ./index.php"); mysql_close(); } else if(!isset($_SESSION['sessioname'])) { Header ("Location: ./index.php"); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> <html xmlns="http://www.w3.org/1999/xhtml";> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> </head> <body> <?php if(isset( $_SESSION['sessioname'])) { echo $_SESSION['sessioname'] ; echo ", ". session_id(); echo ", <a href = 'logout.php'>Log Out</a> "; } else echo "<a href = 'index.php'>Login</a> "; ?> </body> </html> ------------ logout.php ------------------ <?php session_start(); unset($_SESSION["sessioname"]); $_SESSION = array(); session_destroy(); header("location: index.php"); ?> --- Richard Lynch <ceo@xxxxxxxxx> wrote: > On Sat, February 16, 2008 2:31 pm, Adil Drissi > wrote: > > I need help with sessions. > > I have a simple authentification relying only on > > sessions (i don't use cookies). > > Do you mean that you are also using the "no_cookie" > setting in PHP and > using the URL to pass around the session ID? > > Or jut that you don't use "extra" cookies on top of > the one PHP uses > by default? > > > After the user submits > > his username and password, the script checks if > that > > corresponds to a record in a mysql table. If this > is > > the case "$_SESSION['sessioname'] = > $_POST['login'];". > > the $_SESSION['sessioname'] is checked in > subsequent > > pages to see if the user is connected or not. > > The problem is after the user logs out, and after > that > > uses the previous button of the browser he becomes > > connected. How can i prevent this please. > > If the URL has the old session ID, and you aren't > destroying it > completely somehow, then they'll be logged in once > they go back to the > URL with the session ID. > > <?php > session_start(); > unset($_SESSION["sessioname"]); > session_destroy(); > header("location: index.php"); > ?> > > If you want to destroy the session completely, use: > $_SESSION = array(); > to wipe out ALL the session data. > > Also, on *some* browsers, sending the cookies > session_start (if you > are using cookies) and the Location: header with an > INCOMPLETE URL > means the browser will screw up. > > Use the COMPLETE URL in your header("Location") > > And use a capital "L" in Location, as well, to be > totally kosher, I > think. > > -- > Some people have a "gift" link here. > Know what I want? > I want you to buy a CD from some indie artist. > http://cdbaby.com/from/lynch > Yeah, I get a buck. So? > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
