I know this has been discussed a lot, but I can't seem to find a solution to my problem:
I have a password that is passed to new php file with a form as follows:
<form method="POST" action="test.php">
Password: <input type="password" name="password" size="15" />
</form>
On the test.php file I create a session, then get the password with POST as follows:
session_name('first');
session_start('first');
if (isset($_SESSION['pass_s']))
{
$_SESSION['pass_s'] = $_SESSION['pass_s'];
} else
{
$_SESSION['pass_s'] = $_POST['password'];
}
$pass = $_SESSION['pass_s'];
But I also refresh this page with the following:
$page = "test.php";
$sec = 60;
header("Refresh: $sec; url=$page");
The problem is, that the session stays set no matter what, so on new login the old session is started. I am stuck between naming my sessions and refreshing my page. I can't destroy sessions because of the refresh, but I also can't keep the session. I believe i is kept in the cookies.
I basically need to destroy a session on exit of page, but not while the refresh is running on the page?
Well I figured it out. No sessions needed. Here is what you do:
if ($_POST["password"] != "")
{
$passb = $_POST["password"];
$userb = $_POST["username"];
}
else
{
$userb = $_GET["userb"];
$passb = $_GET["passb"];
}
$urllink = "60;url=thisPage.php?userb=".$userb."&passb=".$passb;
then insert
<META HTTP-EQUIV="refresh" CONTENT=<?php echo $urllink?>>
this will refresh every 60 seconds
Basically you check if the variables is posted. then you put it in a link and send it to yourself on refresh. This still needs better security but works like a charm