Hi, I have a simple admin section on a website which uses session variables to check if the user is allowed to enter the area. I take the username and the password and check it in the database. If the record exists I do this –
[code=php]if ($passNum == 0)
$errPass = “The password was incorrect please try again.”;
else
{
$_SESSION[‘guser’] = preg_replace(‘/W/’, ”, $trimUser);
$_SESSION[‘gauth’]= “True”;
// log in successful, redirect to success page
//session_write_close();
header(“Location: http://www.xxxxxxxx.xxxx/xxxx/xxxx.php”);
}
exit;
I have tried different variations on the theme and used different methods, I have included session_write_close() after the sessions have been created. I have tried to put the exit after the header call, I have commented it out but no luck. I call session_start() right at the top it is the 1st bit of code on this and on other subsequent pages.
What I don’t get is my code was working – but now it isn’t one day it allows me in the next it doesn’t.
To destroy the sessions I have a logoff.php page..
[code=php]// check if the user logged in, if so log them out!!!!
session_start();
if ($_SESSION[‘gauth’] == “True”)
{
echo(“destroying the session!”);
session_unset();
session_destroy();
session_write_close();
}
The other pages which check if the session exists is similar to the code below:
[code=php]// check if the user logged in….!!!!
session_start();
if ( !$_SESSION[‘gauth’] )
{
echo(“session is not registered! – redirect to index”);
//header(“Location: http://www.xxxx.xxxx/xxxx/xxxx.php”);
}
Is there something I am missing – working one minute then stops the next… no error messages, nothing. Please help I have been tearing my hair out on this for months!
BTW – The PHP version is 4.4.2 and register_globals is set to “on” if that helps.