Re: [PHPLIB] sessions and IE vs Navigator From: Tyler Jones (tjones <email protected>)
Date: 11/29/99

Thank you Fabrizio! Thank you Holgi!

I was able to solve the problem. After first reading Fabrizio's suggestion posted Nov.
10, I tried the allowcache ->no, but it didn't work. I just realized that I changed it
in local.inc and not session.inc. It was still set to private.

I changed that and I also realized that I had not called the $sess->delete() correctly,
so after reading Holgi's suggestion, I looked again at my logout.php and tried it. Now,
a user logs out and right back in, it creates a new sess id, which is what I want.

I actually removed the timestamp included with the sample and replaced it with current
date. So the session ends and then the page calls current date. It's really for
appearances only, so I don't mind. If it helps anyone, I've included the logout script
I use.

Again, thanks guys.
Tyler

<?php
include "${DOCUMENT_ROOT}/prepend.php3";

// We use the following features:
// sess for session variables
// auth for user authentication (yes, you need to be logged in to log out :-)
  page_open(array("sess" => "Example_Session", "auth" => "Example_Auth"));

?>
<?
  $auth->logout();
  //page_close();
  $sess->delete();
 ?>

<html>
  <h1>Session Over</h1>

  You have been logged in to ###. Your authentication
  was valid until <b>

<?
$date=date("d. M. Y, H:i:s");
PRINT "$date";
?></b>.<p>

  Your session has ended. You have been logged out.<br>
Click <a href="http://###">here</a> to start new session.<br>
Click <a href="http://###">here</a> to go to ### Web Site.
</body>
</html>

holgi wrote:

> Am Wed, 10 Nov 1999 schrieb Tyler Jones:
>
> > That's exactly what I want to happen, but I want it to create a new session id if
> > I log out and immediately log back in. Then there's still the issue of it
> > creating the id, but making me enter the username and password again to get to
> > the page.
>
> kristian k. explained on the list a few days ago, that if you log out, your
> authentication will be destroyed, but not your session. might that be your
> problem ? if so, try to destroy the session in in your logout.php3
>
> just an idea... maybe i got your problem wrong and didnīt say anything
> useful ;-)
>
> ciao,
> holgi

Original post:
I'm experiencing a problem that I can't find a solution for in the
documentation.

I'm using sessions, auth and perm. In Navigator I have no problems.
Here's the oddity. When user logs in with IE the first time, no
problems. But after he logs out and attempts logging in again, he is
sometimes forced to enter user name and pass twice -- once establishes a
session id, second time lets user enter the auth-ed page. But this isn't
always the case. Sometimes he can log in fine the second time, but I
think it's under the same session id. Here's why I think that.

If I log out as a user and attempt to log back in as a different user in
IE, I get in no problem, but when I log out, I notice that the user name
and perm setting is that of previous user. That tells me that the
session id is not being destroyed. But this is not a problem in
Navigator.

I've tried delete() and put_id(), but I may not be utilizing it
correctly.

Does anyone know what I need to do to fix this problem?

BTW, this same issue appears in the example pages included with the lib.

Here's what I want to happen:

1. User goes to auth'ed page and the page initiates a session id. User
is forced to log in.
2. User is ready to log out, so by clicking logout, he exits and the
session id is destroyed.
3. User is ready to log back in, either as same user or different user
on same browser. He goes to the auth'ed page and it creates a NEW
session id and user is forced to log in. The cycle repeats itself as
many times as users log in and out.

thanks,
Tyler

-
PHP3 Base Library Mailing List. Send messages to <phplib <email protected>>.
To unsubscribe, send "unsubscribe" to <phplib-request <email protected>> in
the body, not the subject, of your message.