Seanny's Profile User Rating: -----

Reputation: 0 Apprentice
Group:
New Members
Active Posts:
2 (0 per day)
Joined:
10-August 12
Profile Views:
145
Last Active:
User is offline Sep 16 2012 10:45 AM
Currently:
Offline

Previous Fields

Dream Kudos:
0
Icon   Seanny has not set their status

Posts I've Made

  1. In Topic: User Authentication Class

    Posted 15 Aug 2012

    Oddly enough, just restarting my server fixed my problem. I'm going to chalk that up as the "What?" moment of the day.

    Regardless, thank you for the help Atli. As you may have noticed I'm quite new to PHP. I have enabled that error reporting and changed my code as you suggested.
  2. In Topic: User Authentication Class

    Posted 15 Aug 2012

    Thanks for the great tutorial, it really helped me understand session security.

    I want to use authentication for my page 'graph.php', but I'm having a weird bug.
    When the user first authenticates everything is great, but if the user wants to refresh the page, the user is forced to log in again.

    I've narrowed it down to the fact that everytime you refresh the page, the session is restarted, which makes a new session-ID which causes a mismatch when I use the method checkSession. Is there any way to stop this from happening? It would be really annoying if the user would have to log in every time they refresh. I guess I could update the session id every time the user refreshes, but wouldn't that compromise session security?

    Here is my code to my graph.php page. Don't worry it's very short.

    <html>
    <body>
    <?PHP
    require_once 'auth.php';
    
    session_start();
    
    $auth = new Auth();
    
    if(!isset($_SESSION['user_id'])){
            //header( 'Location: index.html' );
            echo '<p>user_id is not set <p>';
    } else {
            //Check we have the right user
            $logged_in = $auth->checkSession();
    
            if(empty($logged_in)){
                    //Bad session, ask to login
                    //$auth->logout(); //I commented this out while debugging, but I don't think it would change anything.
                    echo '<p>BAD SESSION<p>';
                    //header( 'Location: index.html' );
    
            } else {
                    //User is logged in, show the page
                    echo '<p>SWEET<p>';
            }
    }
    ?>
    </body>
    </html>
    
    
    


    So to clarify, every time I hit F5 after being logged in successfully, I get the 'BAD SESSION' message, which means the user would have to log in again.

    Thank you for your time,
    Seanny

My Information

Member Title:
New D.I.C Head
Age:
Age Unknown
Birthday:
Birthday Unknown
Gender:

Contact Information

E-mail:
Private

Friends

Seanny hasn't added any friends yet.

Comments

Seanny has no profile comments yet. Why not say hello?