hii.. herez a small problem with session handling, when i login to my application sessions are being registered, that is okay, and after getting logged in i can see the members page well, but when i'm opening the the loginpage.htm again in the new tab of firefox browser, i'm able to see the login page itself and not the members page. the sessions are not being synchronized, why is this happening? i tried to include session.php in the login page itself, so if the user is already logged in even though when i open a login page it shld be redirected to members page instead itz showing me server configuration error on the browser. i'm here with attaching my code..kindly help me with ur ideas and suggestions.. logincheck.php <?php session_start(); require_once 'securesession.class.php'; //Connect to mysql server $link=mysql_connect("localhost","root",""); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db=mysql_select_db("tge"); if(!$db) { die("Unable to select database"); } $username = strip_tags($_POST['username']); $password = strip_tags($_POST['password']); $encrypt = sha1($password); $query="SELECT * FROM login WHERE username='" . mysql_real_escape_string($username) . "' AND password='". mysql_real_escape_string ($encrypt). "'"; //require_once('attempt.log.class.php'); $result=mysql_query($query); $rows2=mysql_fetch_array($result); if($rows2["password"] == $encrypt && $rows2["username"] == $username ) { if(mysql_num_rows($result)>0) { //Login Successful $start=time(); $_SESSION['time_start']=$start; $_SESSION['username']=$username; $_SESSION['password']=$encrypt; $_SESSION['ip'] = $_SERVER['REMOTE_ADDR']; $ss = new SecureSession(); $ss->check_browser = true; $ss->check_ip_blocks = 2; $ss->secure_word = 'SALT_'; $ss->regenerate_id = true; $ss->Open(); $_SESSION['logged_in'] = true; //include "ip_bann.php"; include "authn.php"; include "scsession.php"; header("Location: redirect.php"); exit(); } else { //Login failed require_once('attempt.log.class.php'); session_destroy(); header("location: loginfail.htm"); exit(); } } else{ require_once('attempt.log.class.php'); session_destroy(); header("location: loginfail.htm"); } ?> Code (markup): authn.php code goes here: <?php require_once 'securesession.class.php'; //Start session session_start(); //Check whether the session variable //SESS_username is present or not $ss = new SecureSession(); $ss->check_browser = true; $ss->check_ip_blocks = 2; $ss->secure_word = 'SALT_'; $ss->regenerate_id = true; if (!$ss->Check() || !isset($_SESSION['logged_in']) || !$_SESSION['logged_in']) { header("location: login.htm"); exit(); } ?> Code (markup): can anyone help me out,how to overcome this.. if user logs in to gmail.com and tries to open gmail.com/login in the same browser's new tab, then the mailbox of tht particular user's loads not the login page of gmail. rite.. but in my applicationn, the login page is being opened instead of members page. hope u understand my problem.. Many thnx, pavan
Hi pavan, I would try to start your authn.php with session_start() rather than require_once. But I think the real problem is that it doesn't seem to use passing session ID through cookies and you don't pass PHPSESSID in url neither. Then it's easily lost when you open new tab or window. Does it help??
The first thing you have to have on each and every page that is going to be using a session is this: <?php session_start(); ?> PHP: It goes before everything else. It can't be included either. It has to be in the page itself.