Basically just making some back-end for my portfolio, in pretty early days right now so the code is messy and a lot of playing around still.
I had sessions working but now they’re not.
My website is set up like so: portfolio, then sub folder for my back end. It contains an index.php (which I log in through) then its supposed to load dashboard.php and pass in the session (which should pass in that im logged in) then load all of the dashboard.
However it loads “You are not logged in” the weird thing is.. if i purposely type in an incorrect password on the index.php, it STILL loads dashboard.php and says “you are not logged in” instead of just echoing “please try again”
My index.php: http://pastebin.com/eCzxUCkY Dashboard.php: http://pastebin.com/waJ2HAXA
Thought it may be neater to post them there instead.
Please help 🙁 I’ve restarted my pc, cleared my cache, done everything. It won’t work locally, and it wont work on my host. HOWEVER i do have another site running all the same stuff and it still works. So i feel like its something in my actual code 🙁
Advertisement
Answer
Try this. I added some extra error checking.
On your log in page replace this
<?php session_start(); if (isset($_SESSION["username_login"])) { $username = $_SESSION["username_login"]; $loggedIn = true; }
with this
<?php session_start(); if (isset($_SESSION["username_login"]) && $_SESSION["username_login"] != '') { // does the session exist and if so, does it have a value $username = $_SESSION["username_login"]; $loggedIn = true; } else { $_SESSION['username_login'] = NULL; // empty the session value unset($_SESSION['username_login']); // kill the session $loggedIn = false; }
On your dashboard, replace this
<?php session_start(); $username = $_SESSION["username_login"]; $loggedin = true; } ?>
with this
<?php session_start(); if (isset($_SESSION["username_login"]) && $_SESSION["username_login"] != '') { // does the session exist and if so, does it have a value $username = $_SESSION["username_login"]; $loggedin = true; } else { $_SESSION['username_login'] = NULL; // empty the session value unset($_SESSION['username_login']); // kill the session $loggedin = false; } ?>
session_destroy()
does not “kill” a session. It’s equivalent to $_SESSION['something'] = ''
. The session is still alive, it’s just empty.
To completely kill a session you have to “unset” it.
References