Search code examples
phpsessiondestroy

Session Handling in PHP 5

i've a problem with php session handling that i can't explain to myself. I'm studying php from scratch, and i can't figure out how to mantain a session live:

This is my index page, where a user can login or register to the database visiting the right page, and then come back to see if he's logged in:

Code:

Index

    <?php session_start(); ?>

     <a href="register.php" target="_self"> Register </a> 

     <a href="login.php" target="_self"> Login </a>


 <?php

if(isset($_SESSION['login']))
    {
        echo "Logged as: ".$_SESSION['nlogin'];

?>
     <form method="post" action="<?php unset($_SESSION['login']) ?>">
     <input type="button" name="logOut" value="LogOut" />
     </form>

<?php
    }
    else
    {
    echo "Please Register or Login";
    }
    ?>

In fact this work, because when i come back from login.php it says, "Logged as: Admin"

But when i click on the link to get the login page, or register page again from the index page, i should get the same message, "Logged as...", but the session appear to be closed instead. :(

here's login.php:

<?php


session_start(); 

include "dbConnect.php";

if(isset($_SESSION['login']))
    {
        echo "Logged as: ".$_SESSION['nlogin']; // IT NEVER SHOW THIS MESSAGE
    }

if(isset($_POST['submit']) &&(trim($_POST['submit']) == "Login"))
    {
        if(!isset($_POST['user']) || $_POST['user']=="")
        {
            echo "Attenzione inserire l'username.";
        }
        elseif(!isset($_POST['pwd'])||$_POST['pwd']=="")
        {
            echo "Attenzione inserire la password.";
        }
        else
        {
            $u = trim(filter_var($_POST['user'], FILTER_SANITIZE_STRING));
            $u = str_replace(" ","_",$u);
            $p = trim(filter_var($_POST['pwd'], FILTER_SANITIZE_STRING));
            $p = sha1($p);

            $istance = new dbHandle;
            $istance->connect(); 
            $data = $istance->query("SELECT * FROM login WHERE username_login = '$u' AND password_login = '$p'");
            if(mysql_num_rows($data) == 0)
            {
                echo "Failed";


                echo "<a href='index.php' target='_self'> Go Back </a>";
            }
            else
            {
                echo "Logged";
                $res = $istance->getdata($data);
                $_SESSION['login'] = $res->id_login;
                $_SESSION['nlogin'] = $res->username_login; 



                echo "<a href='index.php' target='_self'> Go Back </a>";

            }
        }
    }
    else
    {
    ?>
        Login


        <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
            ...
                   <input name="user" type="text" size="20" required="required"/>
            ...
                   <input name="pwd" type="password" size="20" required="required"/>
            ...
                   <input type="submit" name="submit" value="Login"/>  
        </form>


         <form method="post" action="<?php unset($_SESSION['login']) ?>">
         <input type="button" name="logOut" value="LogOut" />
         </form>

  <?php
    }
    $istance->disconnect();
?>

When i come back using the link above "Go Back" to the index page, it shows Logged as... but when i come back here again, it does not.

So i assume my session were destroyed automatically? but why?

Thanks, i appreciate your help.

I forget to say that PHP.ini has

session.cookie_lifetime

set to "0"

Thanks

Solution

  • You are calling unset($_SESSION['login']) many times. It removes your login:

    <form method="post" action="<?php unset($_SESSION['login']) ?>">

    Try this:

    <form method="post" action="index.php">
<input type="button" name="logOut" value="LogOut" />
</form>

<? if (isset($_REQUEST['logOut'])){ session_destroy(); } ?>