Hi, I made an error i was using unset($_SESSION["sessioname"]) instead of unset($_SESSION). I'm sorry, but anyway, now i want to give another detail. All the time i was testing with opera. After testing in firefox and ie there is no problem with the code i posted. Thank you very much for your help --- Adil Drissi <adil.drissi@xxxxxxxxx> wrote: > Hi, > > Below you'll find my code. I think now that the > problem is in my algorithm, because the is created > anytime the page is refreshed. But i don't know how > to > check if the client was logged out or it is a real > new > connexion to the page. As you will see one can click > on logout, then press the back button of the > browser, > and then refresh the page, but he is still > connected. > I would like to help me fixe that. Here is the code: > > -----------index.php------------------ > //the first page where the user enters his login and > password > > <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 > Transitional//EN" > "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> > <html xmlns="http://www.w3.org/1999/xhtml";> > <head> > <meta http-equiv="Content-Type" content="text/html; > charset=utf-8" /> > <link rel="stylesheet" type="text/css" > href="../styles/style.css" media="screen" /> > <title>Login page</title> > </head> > <body> > <form name = "manage" action = "manage.php" > method="post"> > <div style = "padding-top: 40px; padding-bottom: > 40px;height = 100%;"> > <center><table width = "100%" cellspacing="10"> > <tr><td width = "50%" align = "right">Login</td><td > width = "50%" align = "left"><input type="text" > name="login" /></td></tr> > <tr><td width = "50%" align = > "right">Password</td><td > width = "50%" align = "left"><input type="password" > name="password" /></td></tr> > </table> > <input type="submit" name="connect" value = > "Connect"/> > <br/><br/><br/> > </center> > </form> > </body> > </html> > > ------------- manage.php ------------ > //where the form posts data and here is where the > session is created > > <?php > session_start(); > $sessionid = session_id(); > $referer = @$HTTP_REFERER; > if (isset($_REQUEST['connect'])){ > $passwd = addslashes($_POST['password']); > $login = addslashes($_POST['login']); > require_once "../../../includes/connexion.php"; > $sql = mysql_query("SELECT * FROM user WHERE login > ='".$login."' and password = '".$passwd."'") or > die("Incorrect username or password."); > $result = mysql_fetch_array($sql); > if (($result[0] != null)) { > $_SESSION['sessioname'] = $_POST['login']; > } > else Header ("Location: ./index.php"); > mysql_close(); > } > else if(!isset($_SESSION['sessioname'])) { > Header ("Location: ./index.php"); > } > ?> > <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 > Transitional//EN" > "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> > <html xmlns="http://www.w3.org/1999/xhtml";> > <head> > <meta http-equiv="Content-Type" content="text/html; > charset=utf-8" /> > </head> > > <body> > <?php > if(isset( $_SESSION['sessioname'])) { > echo $_SESSION['sessioname'] ; > echo ", ". session_id(); > echo ", <a href = 'logout.php'>Log Out</a> > "; > } > else echo "<a href = 'index.php'>Login</a> > "; > ?> > </body> > </html> > > ------------ logout.php ------------------ > <?php > session_start(); > unset($_SESSION["sessioname"]); > $_SESSION = array(); > session_destroy(); > header("location: index.php"); > ?> > --- Richard Lynch <ceo@xxxxxxxxx> wrote: > > > On Sat, February 16, 2008 2:31 pm, Adil Drissi > > wrote: > > > I need help with sessions. > > > I have a simple authentification relying only on > > > sessions (i don't use cookies). > > > > Do you mean that you are also using the > "no_cookie" > > setting in PHP and > > using the URL to pass around the session ID? > > > > Or jut that you don't use "extra" cookies on top > of > > the one PHP uses > > by default? > > > > > After the user submits > > > his username and password, the script checks if > > that > > > corresponds to a record in a mysql table. If > this > > is > > > the case "$_SESSION['sessioname'] = > > $_POST['login'];". > > > the $_SESSION['sessioname'] is checked in > > subsequent > > > pages to see if the user is connected or not. > > > The problem is after the user logs out, and > after > > that > > > uses the previous button of the browser he > becomes > > > connected. How can i prevent this please. > > > > If the URL has the old session ID, and you aren't > > destroying it > > completely somehow, then they'll be logged in once > > they go back to the > > URL with the session ID. > > > > <?php > > session_start(); > > unset($_SESSION["sessioname"]); > > session_destroy(); > > header("location: index.php"); > > ?> > > > > If you want to destroy the session completely, > use: > > $_SESSION = array(); > > to wipe out ALL the session data. > > > > Also, on *some* browsers, sending the cookies > > session_start (if you > > are using cookies) and the Location: header with > an > > INCOMPLETE URL > > means the browser will screw up. > > > > Use the COMPLETE URL in your header("Location") > > > > And use a capital "L" in Location, as well, to be > > totally kosher, I > > think. > > > > -- > > Some people have a "gift" link here. > > Know what I want? > > I want you to buy a CD from some indie artist. > > http://cdbaby.com/from/lynch > > Yeah, I get a buck. So? > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: > http://www.php.net/unsub.php > > > > > > > > > ____________________________________________________________________________________ > Be a better friend, newshound, and > know-it-all with Yahoo! Mobile. Try it now. > http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ > > > -- > PHP General Mailing List (http://www.php.net/) > === message truncated === ____________________________________________________________________________________ Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
