Mattydor Posted January 6, 2014 Share Posted January 6, 2014 Hi all I've been tearing my hair out with this for too long so I'm asking for help. I've been working through the book and everything is going well until this chapter. I believe I have created the sessions as I should. I can log in and out and I've added session_start(); to every page that needs to be restricted by login (password.php, view_users.php, etc). Yet, when I log out I can still view the pages. Is there nothing else I should add to the pages for them to work? No include for login_functions.inc.php, for example? I'm new to this (did you guess?) so I may be missing something so obvious that it wasn't thought worth mentioning. The only mention of how to make the other pages work is this on page 354, as far as I can see: " For the Login/Logout links to work on the other pages (register.php, index.php, etc.), you’ll need to add the session_start() command to each of those. " Thanks for any help you can give me. Mat Link to comment Share on other sites More sharing options...
HartleySan Posted January 6, 2014 Share Posted January 6, 2014 Hello, and welcome to the forums. Are you saying that even after you log out, you can still see the logged-in version of the pages, even though you shouldn't be able to? If that's the case, then very likely, you're not properly destroying the session when the user logs out. What is the condition(s) you're using for testing whether a user is logged in or not? Is that condition still being met even after the user logs out? Please provide us with some more information, and hopefully, we can help. Thanks. Link to comment Share on other sites More sharing options...
Mattydor Posted January 7, 2014 Author Share Posted January 7, 2014 Sorry, I'm not sure I know what you mean. When I log in, it redirects to loggedin.php and the link in header.html changes to 'LOGOUT', so I assumed I was logged in. The only extra code I added to the other pages was session_start(); at the top of each page. I have also added echo session_id(); to all the pages and the session cookie is always present (even after logging out). I'm following the book exactly, as far as I can tell. Link to comment Share on other sites More sharing options...
Mattydor Posted January 7, 2014 Author Share Posted January 7, 2014 Actually, am I being stupid. I'm literally just adding 'session_start();' to each page. nothing more. Is there anything else I should add? Link to comment Share on other sites More sharing options...
Larry Posted January 7, 2014 Share Posted January 7, 2014 Yes, you need to add some sort of code that checks for the presence of something in the session that indicates whether or not the person should be allowed to view the content. Link to comment Share on other sites More sharing options...
Recommended Posts