hi,i face some problem that after success login to the page but the seesion id not update at all..isnt my coding is wrong?? can anyone help me??thanks in advance.. <?php session_start(); include 'application.php'; $id = $_REQUEST['id']; $username = $_REQUEST["username"]; $password = $_REQUEST["password"]; $query = 'SELECT * FROM register WHERE username = "'. mysql_real_escape_string($username) . '"'; $result = mysql_query($query); if ($data = mysql_fetch_object($result)) { $_SESSION['dbhash'] = $data->password; $_SESSION['checkhash'] = md5($password); if(md5($password) == $data->password) { $_SESSION["login"] = true; $_SESSION["username"] = $data->username; $_SESSION["id"] = $data->id; if(mysql_num_rows($result) == 1){ $user = mysql_fetch_assoc($result); $query_update = 'UPDATE register SET session_id = "' . session_id() . '" WHERE id = "' . $user['id'] . '" LIMIT 1'; mysql_query($query_update); } } } redirect('home.php'); ?> PHP:
Which part is breaking? Setting the $_SESSION['id'] or updating the session_id in mysql? If it is the second part, you might want to improve your SELECT query to be something like this so that it is impossible to get more than one result: SELECT * FROM register WHERE username = "'.mysql_real_escape_string($username).'" AND password = "'.md5($password).'" LIMIT 1 PHP: Then you won't even need to use the conditional : "if(md5($password) == $data->password)" Edit: Just noticed this thread is a little older. My bad. I'll leave the response up here for searchers.