I have a strange problem. Right now I have a simple member login area that consists of just a few pages: Login.php member.php logout.php Everything works fine whenever the files are in the root directory...The problem is I want to have the above pages in an upper directory called "/interact" Well, when I put the files in the interact folder, all of the sudden I have a logging out problem. If I login and then say run the logout script, everything appears to work fine, it takes me back to my index page and my menu is repopulated with "login" and "sign up" options...indicating that the logout has worked. The problem however is that when I try to go directly to interact/member.php (for testing purposes) it once again says that I am logged in! This problem again does not occur when I experiment and put these files in the base directory...Probably something really silly and stupid but I just cant find it! here is the login code: <?php require_once('connx.php'); // Start the session session_start(); // Clear the error message $error_msg = ""; // If the user isn't logged in, try to log them in if (!isset($_SESSION['user_id'])) { if (isset($_POST['submit'])) { // Connect to the database $dbc = mysqli_connect(database info here) or die ('sorry Elvis is dead.'); // Grab the user-entered log-in data $user_username = mysqli_real_escape_string($dbc, trim($_POST['username'])); $user_password = mysqli_real_escape_string($dbc, trim($_POST['password'])); if (!empty($user_username) && !empty($user_password)) { // Look up the username and password in the database $query = "SELECT user_id, username FROM blahblah_user WHERE username = '$user_username' AND password = SHA('$user_password')"; $data = mysqli_query($dbc, $query); if (mysqli_num_rows($data) == 1) { // The log-in is OK so set the user ID and username session vars (and cookies), and redirect to the home page $row = mysqli_fetch_array($data); $_SESSION['user_id'] = $row['user_id']; $_SESSION['username'] = $row['username']; setcookie('user_id', $row['user_id'], time() + (60 * 60 * 24 * 30)); // expires in 30 days setcookie('username', $row['username'], time() + (60 * 60 * 24 * 30)); // expires in 30 days $home_url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/../member.php'; header('Location: ' . $home_url); } else { // The username/password are incorrect so set an error message $error_msg = 'Sorry, you must enter a valid username and password to log in.'; } } else { // The username/password weren't entered so set an error message $error_msg = 'Sorry, you must enter your username and password to log in.'; } } } ?> Code (markup): Here is the member.php page <?php session_start(); // If the session vars aren't set, try to set them with a cookie if (!isset($_SESSION['user_id'])) { if (isset($_COOKIE['user_id']) && isset($_COOKIE['username'])) { $_SESSION['user_id'] = $_COOKIE['user_id']; $_SESSION['username'] = $_COOKIE['username']; } } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head><meta name="Keywords" content=""> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>blah blah</title> <meta name="Description" content="blah blah"> <?php require_once('interact/appv.php'); require_once('interact/connx.php'); // Make sure the user is logged in before going any further. if (!isset($_SESSION['user_id'])) { echo '<p class="login">Please <a href="login.php">log in</a> to access this page.</p>'; exit(); } else { echo('<p class="login">You are logged in as ' . $_SESSION['username'] . '. <a href="././logout.php">Log out</a>.</p>'); } ?> Code (markup): And here is the logout script: <?php // If the user is logged in, delete the session vars to log them out session_start(); if (isset($_SESSION['user_id'])) { // Delete the session vars by clearing the $_SESSION array $_SESSION = array(); // Delete the session cookie by setting its expiration to an hour ago (3600) if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time() - 3600); } // Destroy the session session_destroy(); } // Delete the user ID and username cookies by setting their expirations to an hour ago (3600) setcookie('user_id', '', time() - 3600, '/','',0); setcookie('username', '', time() - 3600,'/','',0); // Redirect to the home page $home_url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/../index.php'; header('Location: ' . $home_url); ?> Code (markup):
it is because you are synchronizing your session to your cookies.. Important : never use cookies in holding important variables.. if you are going to dynamically destroy the session better use of ini_set() function and set time for session not COOKIES.
The only time you need to do anything with cookies is if you have a "keep me logged in" feature on your login page. Otherwise, the entire thing should be dealt with by sessions. Get rid of all that extra cookie stuff and your problem goes away.
Okay excellent...obviously in the early stages learning php...I know way less than I actually know! Removing the cookies has certainly solved my problem and I see no need for a "keep me logged in" feature