LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 03-27-2012, 11:42 AM   #1
devUnix
Member
 
Registered: Oct 2010
Posts: 606

Rep: Reputation: 59
PHP Site - Controlling User Environment for the Session During Log-in and Log-out


Friends,


Whenever a user logs-in, I am setting cookies containing the user ID and the associated password and his/her User Name which is obtained from the DB Table after checking whether the User ID and Password values are valid (found) or not. Then the User Control Panel is displayed:


user_login.php

PHP Code:

            setcookie
("login_id",$emp_id,0);
            
setcookie("login_password",$password,0);
            
setcookie("user_first_name",$rs->Fields["emp_name"]->Value,0);
            
setcookie("user_last_name",$rs->Fields["emp_last_name"]->Value,0);
            echo 
"Login Succeeded! Redirecting...";
            echo 
"<script>top.location='user_panel.php'</script>"
The User CP has many pages/links that will also check for the cookies whether they contain any value or not before they can display their contents (the pages):


validate_login.php: called inside a user page such as "Post_Thread.php"

PHP Code:

<?php
    
if($_COOKIE["login_id"] == "" || $_COOKIE["login_password"] == ""){
?>
<script type="text/javascript">
<!--
top.location = "index.html"
//-->
</script>

<?php

    
}
?>

It works fine up to this level. Next when a user logs out the cookies are destroyed so that any page such as "Post_Thread.php" will not show up if called directly using the direct URL (www.example.com/Post_Thread.php):

user_logout.php

PHP Code:

<?php
    setcookie
("login_id""", -1);
    
setcookie("login_password""", -1);
    
header('Location: index.html');
?>
Well, it all works fine. But when a user logs-out and another user logs-in on the same computer without closing the browser then the cookie set in the first page above still gives the previous user's name:


PHP Code:
echo $_COOKIE['user_first_name']; 
even though it is being overwritten when the other user logs-in.

Note the underlined words above. If the browser is closed and opened again then the above cookie will give the correct information.


So, am I having any incorrect strategy here to provide a User Environment wherein different users can log-in on the same computer using the same browser such as Google Chrome or IE, of course, after logging out from one account?

Let me give you an example from this forum itself. I am using Google Chrome and the URL is

PHP Code:
http://www.linuxquestions.org/questions/newthread.php?do=newthread&f=9 
I am going to hit this URL in IE and I am getting this message:


PHP Code:
LinuxQuestions.org Message 
      You are not logged in 
or you do not have permission to access this pageThis could be due to one of several reasons:
1.You are not logged inFill in the form at the bottom of this page and try again.
2.You may not have sufficient privileges to access this pageAre you trying to edit someone else's post, access administrative features or some other privileged system?
3.If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.
Log inUser Name:
 
Password:
 
Forgotten Your Password? Remember Me?  
   
 
The administrator may have required you to register before you can view this page. 

That is exactly what I am trying to achieve / do. That is why I am calling "validate_login.php", as mentioned above, from inside every page which is user specific and it is only checking for the cookies whether they contain any values or not. This works fine. But when the user A logs out and the user B logs-in the cookies still have the user A's information stored in them.


A Side Note: Do you keep a similar strategy or some other one to maintain user's log-in information across several pages to ensure that only the logged-in user has access to those pages which are not for the Guest User and also that two log-ins to not clash i.e. only one Log-in is maintained and validated?

Last edited by devUnix; 03-27-2012 at 11:54 AM.
 
Old 03-27-2012, 08:18 PM   #2
theNbomr
LQ 5k Club
 
Registered: Aug 2005
Distribution: OpenSuse, Fedora, Redhat, Debian
Posts: 5,399
Blog Entries: 2

Rep: Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908
Perhaps use keys that get passed in hidden fields, rather than using cookies. The browser must be caching the cookies in some way, but it should treat fields in forms as un-cached.
Whatever you did to make your posting so wide makes it really annoying to post a reply.
--- rod.
 
Old 03-27-2012, 11:14 PM   #3
devUnix
Member
 
Registered: Oct 2010
Posts: 606

Original Poster
Rep: Reputation: 59
Quote:
Originally Posted by theNbomr View Post
Perhaps use keys that get passed in hidden fields, rather than using cookies. The browser must be caching the cookies in some way, but it should treat fields in forms as un-cached.
Whatever you did to make your posting so wide makes it really annoying to post a reply.
--- rod.
Thanks for the input!

I think it is the PHP tag that is making the posting rather wide. I have noticed this on some other posts as well.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Only able to log-in with a Guest Session - User name just returns to login Securejohn Linux - Newbie 1 12-20-2011 06:18 PM
openSUSE 11.1 How can I force Log Off for inactive user session? Wasted.Daze Linux - Security 1 06-22-2009 06:26 AM
What the %$#@ is pam_unix (cron:session) doing every ten minutes? (/var/log/auth.log) CoffeeKing!!! Linux - Security 3 02-05-2009 08:07 AM
Problem with PHP log in to site page!! Tom "Techno" Earl Programming 3 11-18-2006 11:46 AM
disabling user's log session dominant Linux - Newbie 1 04-03-2006 06:22 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 02:54 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration