Redirect in php with session

PHP redirection in IE when using session variables

The problem is while this works in FireFox, even with correct user credentials IE 7 keeps on redirecting back to page1 instead of displaying the contents of page3.

Some pointer please to solve this?

EDIT : A very weird solution but it works. I changed

and IE is happy now. But I am still clueless as to why isset didn’t work in IE

Check the HTTP traffic, there must be something wrong with the session cookie. A great tool for this is Fiddler.

4 Answers 4

Your script needs to exit() or die() after calling the header function.

header() doesn’t end the script. Some browsers will go ahead and move on to the new location, while others will wait while the rest of the script runs and display that output. Unless you call exit(), the script will run whether the output is shown or not.

I have tried using die() and exit() after the header call, but it only works in Frefox, IE does not work at all. I also tried dumping the $_SESSION using var_dump. FF shows the data array(1) < ["somevar"]=>string(9) «somevalue» > but IE shows array(0) < >

Indeed, you must die right after the header. If not, the code below will be executed and can lead to sercurity issues as not all clients actually follow the redirection header (cf the search engine spiders for instance).

You can check what is actually in session just var_dumping its content. The redirection won’t be taken into account during the test as an output is sent to the browser before the call to header().

It then means that you do not have any session running IE. Most probable case is that cookies are disables in IE security settings.

Use iehttpheasers or wireshark to find out if IE is sending back the cookie. I expect you’ll find that either it isn’t, or it is caching pages it shouldn’t.

header('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"'); header("Set-Cookie: SIDNAME=ronty; path=/; secure"); header('Cache-Control: no-cache'); header('Pragma: no-cache'); 

use this on top of the page to fixed IE7

header('location: land_for_sale.php?phpSESSID='.session_id()); 

use ?phpSESSID=’.session_id() to your location : to fixed IE6

Источник

If session exists redirect to other page PHP

I have index.php and home.php pages. index.php is like landing page, but if user is logged in or if session exist, i want to redirect him from index.php to home.php, if he tries to access index.php. And that redirect part of code is in header.php, which is part of code that is included both in home.php and index.php. The problem is i think that i got stuck in redirect loop, ERR_TOO_MANY_REDIRECTS this is error i am getting. I think i need to say that if this is home.php stop redirecting, but i am not sure how to do that This is my code in header.php

  //Some code not relevant to question

2 Answers 2

As many others have stated you end up in an infinite loop

You could solve it like this, define e.g. RESTRICTED before the header on pages where user need to be logged in

include('database.php'); session_start(); if ( defined( 'RESTRICTED' ) ) < if ( !isset( $_SESSION['id'] ) ) < header( 'Location: index.php' ); exit(); >> else < if ( isset( $_SESSION['id'] ) ) < header( 'Location: home.php' ); exit(); >> ?> 

In response to the logout issue, with logout button, send them to index.php?logout=true

 > else < if ( isset( $_GET['logout'] ) ) < $_SESSION = array(); >if ( isset( $_SESSION['id'] ) ) < header( 'Location: home.php' ); exit(); >> ?> 

In reply to comment, an example on how to handle logged in users

define( 'RESTRICTED', true ); require( 'header.php' ); 

In all pages where you want to send users to home.php if they are logged in:

define( 'SEND_TO_HOME', true ); require( 'header.php' ); 

 > else < if ( isset( $_GET['logout'] ) ) < $_SESSION = array(); >if ( defined( 'SEND_TO_HOME' ) && isset( $_SESSION['id'] ) ) < header( 'Location: home.php' ); exit(); >> ?> 

Источник

Redirect to home page after login php

I’ve created a login-form. How can I make so that when a user logs in he/she redirects to a page where it displays his/her name? I’ve walked through many tutorials on how to do this, but nothing was pretty good. main_login.php:

 
 
 
 
 
 
Member Login 
 
 
Username
 
:
 
Password
 
:
 
 
 
 
 
 
  
 
 

Please stop writing new code with the ancient MySQL extension: it is no longer maintained and the community has begun the deprecation process; you can use instead either the improved MySQLi extension or the PDO abstraction layer.

At least you have been reading a tutorial which tells you to escape the data used in queries. The bad thing is it didn’t tell you to use PDO or mysqli with prepared statements. Neither did it tell you to never ever store plaintext passwords in the database. And no I don’t blame you, only the shitload of bad resources (/ tutorials) on the web.

3 Answers 3

This example should help you a bit, but I recommend using mysqli and its a really bad idea to store your passwords in plain text. You should consider looking up mysqli, hashing passwords, and start familiarizing yourself with php 5.4 since many of the functions used here HAVE changed and are no longer supported.

 $sql = sprintf( "SELECT * FROM $tbl_name WHERE username='%s' and password='%s' LIMIT 1;", mysql_real_escape_string($myusername), mysql_real_escape_string($mypassword) ); $result = mysql_query($sql); // MySQL count $count = mysql_num_rows($result); if ($count)< $_SESSION['username'] = $myusername; // $_SESSION['loggedin'] = true or false would work too $_SESSION['mypassword'] = $mypassword; // Why store the password in session data? header("Location: login_success.php"); >else < header("Location: main_login.php?msg=Login_Failed"); >?> 

  
 
 
 
 
 
Member Login 
 
 
Username
 
:
 
Password
 
:
 
 
 
 
 
 
  
 
 

Источник

PHP Session Expire Redirect [duplicate]

I have a Log In system and the session expires, but they need to refresh the page to be shown the login in screen again. Instead, my users enter data and hit submit to find out that they have been logged out. Is there any way to make the page automatically redirect to the log-in page once the session has expired? Thanks! EDIT. From reviewing the previously asked question found Here I have used the accepted answer for this application. Thank you all for your suggestions.

I can help you with a solution, but first I need to know if the session must expire after a duration, or is it ok to keep it alive as long as the user is on the page, or at least active.

5 Answers 5

You could use a meta-refresh tag, e.g. to redirect after 10 minutes:

This isn’t a very user friendly way to handle session expiry, particularly for the use case you’ve highlighted.

A better technique would be to track user activity with Javascript by picking up keypress and mousemove events. Every minute, if there has been some activity, fire off an XMLHttpRequest to keep the session alive.

Say your sessions expire after 10 minutes, and this JS notices no user activity for that time, it can inside a banner into your page alerting the user that their session has expired and offering ways to re-establish the session etc.

That way, people performing data entry or (whatever the form is for) don’t lose their session if they taking their time, and aren’t redirected if they leave their desk for lunch!

Источник

php how to redirect to last visited page when logged out from session [duplicate]

I have a couple of pages protected with a login; add.php , settings.php and archive.php At the top of each of these pages i have this code:

// check login session_start(); if(!isset($_SESSION['blog_login']))

session_start(); unset($_SESSION['blog_login']); header("Location: login.php"); 

if ($_SERVER['REQUEST_METHOD'] == 'POST') < $error = NULL; if(isset($_POST['username'],$_POST['password']))< $user = array( "username" =>$admin_name, "password"=> $admin_passw ); $username = $_POST['username']; $pass = $_POST['password']; if($username == $user['username'] && $pass == $user['password']) < session_start(); $_SESSION['blog_login'] = $username; header('Location:'.$_SESSION['last_visited']); >else < $error = '
Incorrect login data
'; > > > 

Unfortunately, the header(‘Location:’.$_SESSION[‘last_visited’]); line does not send me to the previous page i was before logging out. What i am doing wrong here?

You can add to mysql user table a value, so update user DB before logout with $_SESSION[‘last_visited’] , so when he login you can set from db last page on redirect and if is empty go to default page.

“Unfortunately, the header(‘Location:’.$_SESSION[‘last_visited’]); line does not send me to the previous page i was before logging out.” — so what happens instead then? No redirect anywhere at all? Errors? Redirect, but to a different URL then you expected to? Have you checked what $_SESSION[‘last_visited’] actually contains at this point at least?

4 Answers 4

You can use $_SERVER[‘HTTP_REFERER’] for this.

Skip the line $_SESSION[‘last_visited’] = $_SERVER[‘REQUEST_URI’]; in add.php , settings.php and archive.php

In your logout.php add the line $_SESSION[‘last_visited’] = $_SERVER[‘HTTP_REFERER’];

session_start(); unset($_SESSION['blog_login']); $_SESSION['last_visited'] = $_SERVER['HTTP_REFERER']; //bind the last visited page you came from to a session header("Location: login.php"); 

(Don’t need to change login.php )

you can store your current page URL in a variable after logout redirects to your URL address.

It seems to be one of the following two reasons.

1. You did not start session on your login.php page, it must start with: session_start();
2. $_SERVER[‘REQUEST_URI’] does not output anything.

Use $_COOKIE and set a cookie for last_visited_page then after user logs in check if cookie exist and if cookie exist then redirect to last_visited page using cookie.

You should not use $_SESSION for this because you log someone out then you clear $_SESSION data using session_destroy(); and when user revisits your website a new session is started. But if you use cookie then you don’t have to worry about that. Because cookie will be saved in browser so if he logins from same browser you can use $_COOKIE[‘last_visited_page’] and send him to his last visited page.

Источник