Mattydor 0 Posted January 6, 2014 Report Share Posted January 6, 2014 Hi all I've been tearing my hair out with this for too long so I'm asking for help. I've been working through the book and everything is going well until this chapter. I believe I have created the sessions as I should. I can log in and out and I've added session_start(); to every page that needs to be restricted by login (password.php, view_users.php, etc). Yet, when I log out I can still view the pages. Is there nothing else I should add to the pages for them to work? No include for login_functions.inc.php, for example? I'm new to this (did you guess?) so I may be missing something so obvious that it wasn't thought worth mentioning. The only mention of how to make the other pages work is this on page 354, as far as I can see: " For the Login/Logout links to work on the other pages (register.php, index.php, etc.), you’ll need to add the session_start() command to each of those. " Thanks for any help you can give me. Mat Quote Link to post Share on other sites
HartleySan 826 Posted January 6, 2014 Report Share Posted January 6, 2014 Hello, and welcome to the forums. Are you saying that even after you log out, you can still see the logged-in version of the pages, even though you shouldn't be able to? If that's the case, then very likely, you're not properly destroying the session when the user logs out. What is the condition(s) you're using for testing whether a user is logged in or not? Is that condition still being met even after the user logs out? Please provide us with some more information, and hopefully, we can help. Thanks. Quote Link to post Share on other sites
Mattydor 0 Posted January 7, 2014 Author Report Share Posted January 7, 2014 Sorry, I'm not sure I know what you mean. When I log in, it redirects to loggedin.php and the link in header.html changes to 'LOGOUT', so I assumed I was logged in. The only extra code I added to the other pages was session_start(); at the top of each page. I have also added echo session_id(); to all the pages and the session cookie is always present (even after logging out). I'm following the book exactly, as far as I can tell. Quote Link to post Share on other sites
Mattydor 0 Posted January 7, 2014 Author Report Share Posted January 7, 2014 Actually, am I being stupid. I'm literally just adding 'session_start();' to each page. nothing more. Is there anything else I should add? Quote Link to post Share on other sites
Larry 428 Posted January 7, 2014 Report Share Posted January 7, 2014 Yes, you need to add some sort of code that checks for the presence of something in the session that indicates whether or not the person should be allowed to view the content. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.