I have a website where users can log their commutes. I have a separate interface for admins to access the management console and make changes to the data if needed.
Basically, the management page will check to see what privileges a user has and based on that will allow the admins to access it, among other security measures.
This works perfectly, and they can access what they need to. However, if you were to close your browser and go back to the site, you'd be logged out, which is good. The problem is that you can log back in just fine, but any page that requires you to be logged in will say you aren't, and the PHP session is destroyed and you are shown to be logged out. If you log back in everything works fine again. No where in my code have I called the session destroy function unless you are specifically clicking the logout button. I'm calling session_start() at the top of the pages that need it, but I can't understand why the session is randomly being destroyed.
For example, you must be logged in to enter a commute, so I have this code at the top of the commute entry page:
session_start();
if(!isset($_SESSION['user'])){
header("location: signup.php");
}
If they're not logged in, it sends them to the signup page.
But if they log in after closing their browser, it will destroy the session when accessing this page and send them to the sign up page either way. If they log in again this won't happen.
So from what I can tell the php session isn't really working properly when they close their browser and open the page up again.
Aucun commentaire:
Enregistrer un commentaire