View Full Version : Sessions re-direct problem!!

03-24-2004, 12:30 PM
I have a sessions problem with my site and am hoping someone can help.
I have a membership system which iI now have functional and works a treat.
In my script thats checks and validates the user I register session variables and caryy them throughout the site for the visit length.
This code is
$_SESSION['first_name'] = $first_name;
$_SESSION['last_name'] = $last_name;
$_SESSION['email_address'] = $email_address;
$_SESSION['user_level'] = $user_level;
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;

mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'");

header("Location: login_success.php");

With an else statement here to trigger an alternative event.
When i echo sessions on test page all is well with this code, so I know the sessions are correct.

echo $_SESSION['first_name'];
echo $_SESSION['last_name'];
echo $_SESSION['email_address'];
echo $_SESSION['user_level'];
echo $_SESSION['username'];
echo $_SESSION['password'];

When trying to prevent access from specific pages with

if (!isset($HTTP_SESSION_VARS['first_name']) || $HTTP_SESSION_VARS['first_name'] != "$first_name") {
header ("Location: /members/login_form.html");

I am redirected to the login page. To my mind the code above should let me access the page as the session does exist. I am running on a Apache Server with globals on and php4, so could that cause a problem with HTTP_SESSION_VARS. If anyone can shed light I would be grateful. Or help me out with an alternative method.
Thanks in advance guys

03-24-2004, 01:14 PM
sessions aren't really my thing, but here goes anyway....

try changing this code to:

if (!isset($_SESSION['first_name']) || $_SESSION['first_name'] != $first_name) {
header ("Location: /members/login_form.html");

(I am assuming the variable $first_name is being passed to the login script via the login form?)

also, why do you have:

$_SESSION['first_name'] = $first_name;

surely you should be using one of those commands (preferably the latter) - not both?

03-24-2004, 02:15 PM
first_name is register by a script used to check and verify the users details. It assigns the users first name as variable and registers it within a session.

All I need to do is create code that will redirect if the sessions do not exist but whatever I try re-directs me anyway.

03-24-2004, 05:14 PM
see when you define your session variables initially, do you have
before you do??

It might sound a silly question but you cant define variables into a session before you actually create it!

03-24-2004, 05:54 PM
What version of PHP are you using? session_register function is deprecated and you don't need to use it. simply writing:

$_SESSION["my_variable"] = "some value";

does the trick, and now that i said it you shouldn't use $HTTP_SESSION_VARS, it's deprecated too, you should use the super global array equivalent $_SESSION.

03-28-2004, 12:09 AM
Hey thanks guys for all your help. I sorted the problem on Friday after an age of hair pulling. Your aid wasnt in vein tho as Im sure your help will be much appreciated by others too.
Thanks again.