1. Welcome to the new MacRumors forums. See our announcement and read our FAQ

php sessions and IE4/5

Discussion in 'Web Design and Development (archive)' started by mrjamin, Jan 1, 2004.

  1. macrumors 65816

    mrjamin

    #1
    Yo,

    i've been using sessions in PHP for a little while now, and recently tried to log into a site i made that used sessions to maintain logins etc, and it was doing weird stuff in IE4. It seemed that it created the session, but the session wasn't carried accross pages. Any known issues? Here's the code i used:

    PHP:
    session_start();
    require(
    'dbconnect.inc.php');
    require(
    'functions.inc.php');
    if(isset(
    $_POST['Submit'])){
        
    $sql "SELECT * FROM `users` WHERE `username` = '$_POST[username]' AND `password` = '".crypt($_POST['password'],"salt")."' LIMIT 1";
        
    $result mysql_query($sql);
        if(
    mysql_num_rows($result) == 1){
            
    $_SESSION['username'] = $_POST['username'];
            
    $_SESSION['login'] = time();
            
    $_SESSION['admin'] = true;
            if(
    mysql_result($result,0,superuser) == 1){
                
    $_SESSION['superuser'] = true;
                
    $append yes;
            }
            
    header("Location: admin/index.php?$append");
            
    $sql "UPDATE `users` SET `lastlogin` = UNIX_TIMESTAMP() WHERE `username` = '$_POST[username]' AND `password` = '".crypt($_POST[password],"salt")."'";
            
    mysql_query($sql);
        } else {
            
    $badlogin true;
        }
    } elseif(isset(
    $_SESSION['username']) && $_SESSION['login'] < strtotime("-10 minute",time())){
        
    $expired true;
        
    session_destroy();
    }
    Any idea why IE4 didn't like this? Once logged in, it successfully redirected you to the protected area, but then the headers in the protected area pages redirected the user back to an "access denied" page, as though the session wasn't carried on. Any tips would be appreciated.

    Here's the sessions code of each protected page:

    PHP:
    session_start();
    if(!isset(
    $_SESSION['username']) || !isset($_SESSION['login']) || !isset($_SESSION['admin'])){
        
    header("Location: ../denied.php");
    } else {
        if(
    $_SESSION['login'] < strtotime("-10 minute",time())){
            
    header("Location: ../adminlogin.php");
        } else {
            
    $_SESSION['login'] = time();
        }
    }
     

Share This Page