 |  |  |  |  |  |  |  |
Help me understand sessions....please
Please support our PHP advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases
Thread Solved |
•
•
Join Date: Feb 2008
Posts: 478
Reputation: 
Solved Threads: 1
Posting Pro in Training
How do I set the session on a page, so that if I were to type the direct link for the page into the address bar, it doesn't display, instead the user would be redirected to the homepage or login page?
The man who in view of gain thinks of righteousness; who in the view of danger is prepared to give up his life; and who does not forget an old agreement however far back it extends - such a man may be reckoned a complete man.
~ Confucius, The Confucian Analects
~ Confucius, The Confucian Analects
you need to add a session checker to everything...
pseudocode:
Determining what an authenticated session is is more or less unique to every implementation so that check depends on how you define "valid". By default, I'm pretty sure php always starts a session if autostart is set, so simply checking for a started session is no good. You need to look at something that only authenticated users have in their session or you are just slowing an attacker down.
-r
pseudocode:
PHP Syntax (Toggle Plain Text)
Determining what an authenticated session is is more or less unique to every implementation so that check depends on how you define "valid". By default, I'm pretty sure php always starts a session if autostart is set, so simply checking for a started session is no good. You need to look at something that only authenticated users have in their session or you are just slowing an attacker down.
-r
•
•
Join Date: Feb 2008
Posts: 478
Reputation:
Solved Threads: 1
Posting Pro in Training
Hi,
Is the following piece of code what you are talking about?
Is the following piece of code what you are talking about?
PHP Syntax (Toggle Plain Text)
The man who in view of gain thinks of righteousness; who in the view of danger is prepared to give up his life; and who does not forget an old agreement however far back it extends - such a man may be reckoned a complete man.
~ Confucius, The Confucian Analects
~ Confucius, The Confucian Analects
•
•
Join Date: Jan 2008
Posts: 74
Reputation:
Solved Threads: 5
Junior Poster in Training
I used the following code:
php Syntax (Toggle Plain Text)
•
•
Join Date: Feb 2008
Posts: 478
Reputation:
Solved Threads: 1
Posting Pro in Training
here is what i have on my login page...:
[ICODE=php]$_SESSION['username'] = $_POST['user'];
$_SESSION['password'] = $md5pass;
logininfo();
header("Location: apHome.php"); [/ICODE=php]
here is what i have on my home page...:
[code=php]
<?php
session_start();
include('./connect.php');
if (isset($_SESSION['username']))
{
$name = $_SESSION['username'];
}
?>
[/code=php]
i have other pages linked from this homepage, and i want to include them in this session ( so that even if i type the direct link in the address bar, i would ot be able to access the page)...
[ICODE=php]$_SESSION['username'] = $_POST['user'];
$_SESSION['password'] = $md5pass;
logininfo();
header("Location: apHome.php"); [/ICODE=php]
here is what i have on my home page...:
[code=php]
<?php
session_start();
include('./connect.php');
if (isset($_SESSION['username']))
{
$name = $_SESSION['username'];
}
?>
[/code=php]
i have other pages linked from this homepage, and i want to include them in this session ( so that even if i type the direct link in the address bar, i would ot be able to access the page)...
The man who in view of gain thinks of righteousness; who in the view of danger is prepared to give up his life; and who does not forget an old agreement however far back it extends - such a man may be reckoned a complete man.
~ Confucius, The Confucian Analects
~ Confucius, The Confucian Analects
•
•
Join Date: Jan 2008
Posts: 74
Reputation:
Solved Threads: 5
Junior Poster in Training
Here is what I suggest:
Create a page called secure.php
add the following code as it is: ONLY change " your_login_page "
Then in your other pages that you want secure, add:
Create a page called secure.php
add the following code as it is: ONLY change " your_login_page "
PHP Syntax (Toggle Plain Text)
Then in your other pages that you want secure, add:
PHP Syntax (Toggle Plain Text)
•
•
•
•
Originally Posted by maydhyam 
here is what i have on my login page...:
[ICODE=php]$_SESSION['username'] = $_POST['user'];
$_SESSION['password'] = $md5pass;
logininfo();
header("Location: apHome.php"); [/ICODE=php]
here is what i have on my home page...:
[code=php]
<?php
session_start();
include('./connect.php');
if (isset($_SESSION['username']))
{
$name = $_SESSION['username'];
}
?>
[/code=php]
i have other pages linked from this homepage, and i want to include them in this session ( so that even if i type the direct link in the address bar, i would ot be able to access the page)...
•
•
Join Date: Feb 2008
Posts: 478
Reputation:
Solved Threads: 1
Posting Pro in Training
So I created secure.php and also in my apHome.php script, i added the code snippet you told me to...and when i typed the direct link into the address bar to open apHome.php....I am getting the "Internet Explorer cannot display the webpage" message..so this is how it is done? the hiding/protection of the page "apHome.php"?
The man who in view of gain thinks of righteousness; who in the view of danger is prepared to give up his life; and who does not forget an old agreement however far back it extends - such a man may be reckoned a complete man.
~ Confucius, The Confucian Analects
~ Confucius, The Confucian Analects
•
•
Join Date: Feb 2008
Posts: 478
Reputation:
Solved Threads: 1
Posting Pro in Training
Hey,
I typed the incorrect page name in the header....I corrected it, and now it works...I just want to make sure and enter it into my other pages, and verify that they all work...
I'll keep you posted...
May
I typed the incorrect page name in the header....I corrected it, and now it works...I just want to make sure and enter it into my other pages, and verify that they all work...
I'll keep you posted...
May
The man who in view of gain thinks of righteousness; who in the view of danger is prepared to give up his life; and who does not forget an old agreement however far back it extends - such a man may be reckoned a complete man.
~ Confucius, The Confucian Analects
~ Confucius, The Confucian Analects
•
•
Join Date: Feb 2008
Posts: 478
Reputation:
Solved Threads: 1
Posting Pro in Training
Hey Vai,
So I put the piece of code into all my pages, and they worked nicely...I now understand how to set the sessions for my application....Thanks...
May
So I put the piece of code into all my pages, and they worked nicely...I now understand how to set the sessions for my application....Thanks...
May
The man who in view of gain thinks of righteousness; who in the view of danger is prepared to give up his life; and who does not forget an old agreement however far back it extends - such a man may be reckoned a complete man.
~ Confucius, The Confucian Analects
~ Confucius, The Confucian Analects
 |
Similar Threads
- Can't create sessions (PHP)
- How to expire pages? (prevent clicks on old ones) (PHP)
- JSP Sessions Help (JSP)
- Google and PHP (Search Engine Optimization)
- PHP sessions/$_POST problem. Too Stressed today! (PHP)
- Desperate Again Please HELP PHP (PHP)
- Blocking Brute-Force Attacks (ASP.NET)
- Trying to create a login system (PHP)
- login script using sessions (PHP)
- Dedicated Server (Networking Hardware Configuration)
Other Threads in the PHP Forum
- Previous Thread: Display content based on login information
- Next Thread: How to get rid of frames
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest PHP Posts
- Today's Posts
- Unanswered Threads
apache api array beginner beneath binary broadband broken button cakephp checkbox class cms code countingeverycharactersfromastring crack cron curl database date display dynamic echo email error fcc file files folder form forms freelancing function functions google href htaccess html image include incode insert integration ip javascript joomla limit link login mail match menu method mlm mod_rewrite multiple mysql oop pageing pagerank paypal pdf php problem query radio random recursion recursiveloop remote script search server sessions sms smtp soap source space sql strip_tags subversion support! survey syntax system table template tutorial undefined update upload url validator variable video virus web window.onbeforeunload=closeme; youtube
