Jump to content
Larry Ullman's Book Forums

Sessions Without Cookies - Chapter 9

Recommended Posts

I am having trouble getting my scripts to work when it coes to sessions without cookies. I have amended the login.php script as per the book and then amended the remaining scripts header.html, loggedin.php and logout.php as described in the book but find when entering a valid email address and password I am returned straight to the index.php page. Please can you assist me in understanding what I am doing wrong, I have been trying to work through it and resolve it my self for the last 2 days. I have MySQL Server 5.5, php 5.3.6 and Windows 7 Home 64bit running on my own computer using the localhost server. Please find attached my scripts.



<?php # Script 9.16 - login.php

// Send nothing to the browser before session_start() line!

// Check if the form has been submitted.

if (isset($_POST['submitted'])) {


require_once ('../secure/mysql_connect.php'); // Connect to the db.

$errors = array(); // Initialise error array.

// Check for an email address.

if (empty($_POST['email'])) {

$errors[] = 'You forgot to enter an email address.';

} else {

$e = escape_data($_POST['email']);


// Check for a password.

if (empty($_POST['password'])) {

$errors[] = 'You forgot to enter a password.';

} else {

$p = escape_data($_POST['password']);


if (empty($errors)) { // If everything is OK.


/* Retrieve the user_id and first name for the email/password combination */

$query = "SELECT user_id, first_name FROM users WHERE email='$e' AND password=SHA('$p')";

$result = @mysql_query($query); // Run the query.

$row = mysql_fetch_array ($result, MYSQL_NUM); // Return a record, if applicable.

if ($row) { // A record was pulled from the database.

// Set the session data and redirect.

session_name ('YourVisitID');

ini_set('session.use_cookies', 0); // Don't use cookies.


$_SESSION['user_id'] = $row[0];

$_SESSION['first_name'] = $row[1];

// Redirect the user to the loggedin.php page.

// Start defining the URL.

$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);

// Check for trailing slash.

if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\')) {

$url = substr($url, 0, -1); // Chop off the slash.


// Add the page.

$url .= '/loggedin.php?' . SID; // Add the session name & ID.

header("Location: $url");

exit(); // Quit the script.


} else { // No record matched the query.

$errors[] = 'The email address and password entered do not match those on file.'; // Public message.

$errors[] = mysql_error() . '<br /><br />Query: ' . $query; // Debugging message.


} // End of if(empty($errors)) if.

mysql_close(); // Close the database connection.

} else { // Form has not been submitted.

$errors = NULL;

} // End of main submit conditional.

// Begin the page now.

$page_title = 'Login';


if (!empty($errors)) { // Print any error messages.

echo '<h1 id="mainhead">Error!</h1>

<p class="error">The following error(s) occurred:<br />';

foreach ($errors as $msg) { // Print each error.

echo "- $msg<br />\n";


echo '</p><p>Please try again.</p>';


// Create the form.



<form action="login.php" method="post">

<p>Email Address: <input type="text" name="email" size="20" maxlenght="40" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>"/></p>

<p>Password: <input type="password" name="password" size="20" maxlength="20"/></p>

<p><input type="submit" name="submit" value="Login"/></p>

<p><input type="hidden" name="submitted" value="TRUE"/>



include ('./includes/footer.html');




<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">



<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />


<title><?php echo $page_title; ?></title>

<style type="text/css" media ="all">@import "./includes/layout.css";</style>



<div id="wrapper"><!-- Goes with the CSS layout. -->

<div id="content"><!-- Goes with the CSS layout. -->


<div id="nav"><!-- Links section -->



<li class="navtop"><a href="index.php?<?php SID; ?>" title="Go to Home Page">Home</a></li>

<li><a href="register.php" title="Register?<?php SID; ?>">Register</a></li>

<li><?php // Create a login/logout link.

if ((isset($_SESSION['user_id'])) && (!strpos($_SERVER['PHP_SELF'], 'logout.php'))) {

echo '<a href="logout.php?<?php SID; ?>" title="Logout">Logout</a>';

} else {

echo '<a href="login.php?<?php SID; ?>" title="Login">Login</a>';





<!-- Script 9.8 - header.html -->

<!-- Start of page specific content -->



<?php # Script 9.17 - loggedin.php

# User is redirected here from login.php.

session_name ('YourVisitID');

ini_set('session.use_cookies', 0);

session_start(); // Start the session.

// If no session value is present redirect the user.

if(!isset($_SESSION['user_id'])) {

// Start defining the url.

$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);

// Check for a trailing slash.

if ((substr($url, -1) == '/') OR (substr($url, -1) =='\\')) {

$url = substr($urll, 0, -1); // Chop off the slash.


$url .= '/index.php'; // Add the page.

header ("Location: $url");

exit(); // Quit the script.


// Set the page title and include the HTML header.

$page_title = 'Logged In!';

include ('./includes/header.html');

// Print a customised message.

echo "<h1>Logged In!</h1>

<p>You are now logged in, {$_SESSION['first_name']}!</p>

<p><br /><br /></p>";

include ('./includes/footer.html');




<?php # Script 9.18 - logout.php

// This page lets the user log out.


ini_set('session.use_cookies', 0);

session_start(); // Access the existing session.

// If no cookie is present, redirect the user.

if(!isset($_SESSION['user_id'])) {

//Start defining the url.

$url = "http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);

// Check for a trailing slash.

if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\')) {

$url = substr($url, 0, -1); // Chop of the slash.


$url .= '/index.php'; // Add the page.

header("Location, $url");


} else { // Cancell the session.

$_SESSION = array(); // Destroy the variables.

session_destroy(); // Destroy the session itself.


// Set the page title and include the HTML header.

$page_title = 'Logged Out!';

include ('./includes/header.html');

// Print a customised message.

echo "<h1>Logged Out!</h1>

<p>You are now logged out!</p>

<p><br /><br /></p>";

include ('./includes/footer.html');


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...