Jump to content
Larry Ullman's Book Forums

Recommended Posts

Hi all

 

I've been tearing my hair out with this for too long so I'm asking for help.

 

I've been working through the book and everything is going well until this chapter. I believe I have created the sessions as I should. I can log in and out  and I've added session_start(); to every page that needs to be restricted by login (password.php, view_users.php, etc). Yet, when I log out I can still view the pages.

 

Is there nothing else I should add to the pages for them to work? No include for login_functions.inc.php, for example?

 

I'm new to this (did you guess?) so I may be missing something so obvious that it wasn't thought worth mentioning.

 

The only mention of how to make the other pages work is this on page 354, as far as I can see: "

  • For the Login/Logout links to work on the other pages (register.php, index.php, etc.), you’ll need to add the session_start() command to each of those. "

 

Thanks for any help you can give me.

 

Mat

Share this post


Link to post
Share on other sites

Hello, and welcome to the forums.

 

Are you saying that even after you log out, you can still see the logged-in version of the pages, even though you shouldn't be able to?

If that's the case, then very likely, you're not properly destroying the session when the user logs out.

 

What is the condition(s) you're using for testing whether a user is logged in or not? Is that condition still being met even after the user logs out?

 

Please provide us with some more information, and hopefully, we can help.

Thanks.

Share this post


Link to post
Share on other sites

Sorry, I'm not sure I know what you mean. When I log in, it redirects to loggedin.php and the link in header.html changes to 'LOGOUT', so I assumed I was logged in.

 

The only extra code I added to the other pages was session_start(); at the top of each page.

 

I have also added echo session_id(); to all the pages and the session cookie is always present (even after logging out). I'm following the book exactly, as far as I can tell.

Share this post


Link to post
Share on other sites

Yes, you need to add some sort of code that checks for the presence of something in the session that indicates whether or not the person should be allowed to view the content.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...