I have a restricted area for customers of my work’s company. This is an area where registered customers with their own user name and password can access to download manuals and technical documents etc.
I am hearing some reports that users will have to login twice to get to the area - This happens in Chrome, IE 7/8 and some Firefox’s.
It has only happened to me once or twice. Does anyone know why this may be?
Without seeing the code your login form submits to, it’s really a guess as to what the problem is.
Normally, the script doing the username/password authentication will set a session variable (for login confirmation on restricted access pages) if the username/password are correct and then redirect to user to the restricted access area. If the username/password are not correct or invalid, the session variable is not created and the user is sent back to the login page. So it sounds like you have a system problem with how sessions are handled or there is a logic error in the code doing the username/password authentication. I suspect it’s the latter, but without seeing your code I can’t be sure.
Edit:
I didn’t see your post with the code until I posted this post
session_register is deprecated and should not be used. You should be using session_start() as you have elsewhere in your code.
you are attempting to start a session with session_start() and session_register() at different parts of your code. That is not correct.
session_start() should be at the very top of your script as the first line after your opening php tag <?php.
If the username/password are correct, then set a session variable should be set. I don’t see this variable in your code. Then at the top of each page where a user needs to be logged in, first check if the session variable exists and has the correct value. If it does, then continue loading the page. If it doesn’t, then abort loading the page and display a message saying the user must be logged in to view the page.
You are mixing short and long php tags. That is not a good idea generally. Usually it’s safer to use long php tags (<?php…?>) as short php tags can cause issues if your server is not configured correctly (but I’m not an expert on that side of things, or anything really come to think of it :)).
For a login script, I’m not sure why you need to insert any records like in your code.
So to summarise, apart from the incorrect way you are attempting to start a session, you have logic errors in your code that need to be fixed.
The issue you mentioned is usually caused then the “login page” is on non SSL, and redirect the member to SSL as it log him/her in.
If you are using SSL, make certain that the user is redirected to SSL on the login page if he enterer it without using SSL.
For your issues with sessions, put the session_start at the top of the page right before your database login info, then remove session_name and use $_SESSION[‘name’] = true; instead of session_register.
I would also recommend you to read some tutorials on PHP before continuing with your work, it will most probably make a lot more sense if you do that.
I had two duplicate files which were conflicting - one (an older log.php file) in the root directory and one in the restricted directory. I removed the one ion the root directory and kept the other in the restricted directory.
They were causing the whole problem.
I = noob,
but at least I am learning.
I also swatted up on books and videos and removed lots of garbage code that wasn’t needed.
Make sure you do update to put session_start(); at the very beginning of your document. The problem you had could easily be caused by this, as session_start(); Begins your session. If you are applying a name to the session prior to session_start(); Then it might only get the session name the second time around.
It should be as close to the top of your page as you can get it.