Jump to content

PHP Session variables and use of the browser back button.


sepoto

Recommended Posts

I'm noticing that the code which I have at the top of each page:

<?phpsession_start();  if($_SESSION['loggedin'] != TRUE){    header("Location: index.php");}  ?>

is working very well until I attempt to use the back button of Google Chrome. At that point I am sent to index.php. I've been reading into this issue and I see a lot of code that looks like it may be old or possibly deprecated. Is there some way to make this code work with the back button? Comments or suggestions?Many Thanks!

Link to comment
Share on other sites

When I use the back button of my browser it appears that my $_SESSION['loggedin'] = TRUE is passed over as though it does not exist. Would the correct work around be to just place my own back button onto the page? If there is a way for the back button to work without this problem I would really like that but I don't know how to make that happen yet. Thank you for your reply!

Link to comment
Share on other sites

If I look at the flow of execution of the program I see that when the button is pressed to go to calander.php from main.php there is that .ajax is called from main.php executing customer.comitt-to-session.php and then once execution of customer.comitt-to-session.php completes main.php then does a window.location.replace("calendar.php"); from main.php. After that flow completes I hit the back button and I end up at index.php. This is the top of main.php

 <?phpsession_start();  if($_SESSION['loggedin'] != TRUE){	header("Location: index.php");} ?>

This is the top of calander.php

 <?php session_start();  if($_SESSION['loggedin'] != TRUE){    header("Location: index.php");} require_once('include.securelogin.php');$mysqli = new mysqli($ad_host, $ad_user, $ad_password, "samedaycrm"); if ($mysqli->connect_errno) {    printf("Connect failed: %s\n", $mysqli->connect_error);    exit();} $firstname = $_SESSION['firstname'];$lastname = $_SESSION['lastname'];$address1 = $_SESSION['address1'];$address2 = $_SESSION['address2'];$city = $_SESSION['city'];$state = $_SESSION['state'];$zip = $_SESSION['zip'];$phone = $_SESSION['phone'];$email = $_SESSION['email'];$cell = $_SESSION['cell']; $tSQL = "select * from customers where firstname = \"$firstname\" and lastname = \"$lastname\" and address1 = \"$address1\" and address2 = \"$address2\" and city = \"$city\" and state = \"$state\" and zip = \"$zip\" and phone = \"$phone\" and email = \"$email\" and cell = \"$cell\""; $result = $mysqli->query($tSQL);$row_cnt = $result->num_rows; $result->data_seek(0); $cnt = 0;while ($row = $result->fetch_assoc()) {    $arr[$cnt]['idcustomers'] = $row['idcustomers'];    $arr[$cnt]['firstname'] = $row['firstname'];    $arr[$cnt]['lastname'] = $row['lastname'];    $arr[$cnt]['address1'] = $row['address1'];    $arr[$cnt]['address2'] = $row['address2'];    $arr[$cnt]['city'] = $row['city'];    $arr[$cnt]['state'] = $row['state'];    $arr[$cnt]['zip'] = $row['zip'];    $arr[$cnt]['phone'] = $row['phone'];    $arr[$cnt]['email'] = $row['email'];    $arr[$cnt]['cell'] = $row['cell'];    $cnt++;} $tSQL = "select idevents, title, UNIX_TIMESTAMP(start), UNIX_TIMESTAMP(end), allday, url, customerid from events where customerid = \"$arr[0]['idcustomers']\""; $result = $mysqli->query($tSQL);$row_cnt = $reault->num_rows; $cnt = 0;while ($row = $result->fetch_assoc()) {    $arre[$cnt]['id'] = $row['eventid'];    $arre[$cnt]['start'] = $row['start'];    $arre[$cnt]['end'] = $row['end'];    $arre[$cnt]['allDay'] = $row['allDay'];    $arre[$cnt]['title'] = $row['title'];    $arre[$cnt]['url'] = $row['url'];    $cnt++;} ?>

Edited by sepoto
Link to comment
Share on other sites

If there is a problem in customer-committosession.php which is the call to AJAX I certainly don't see it yet. This is the code for it:

 <?phpsession_start();$_SESSION['loggedin'] = TRUE; require_once('include.securelogin.php');$mysqli = new mysqli($ad_host, $ad_user, $ad_password, "samedaycrm"); if ($mysqli->connect_errno) {    printf("Connect failed: %s\n", $mysqli->connect_error);    exit();} $firstname = $_POST['firstname'];$lastname = $_POST['lastname'];$address1 = $_POST['address1'];$address2 = $_POST['address2'];$city = $_POST['city'];$state = $_POST['state'];$zip = $_POST['zip'];$phone = $_POST['phone'];$email = $_POST['email'];$cell = $_POST['cell']; $_SESSION['firstname'] = $firstname;$_SESSION['lastname'] = $lastname;$_SESSION['address1'] = $address1;$_SESSION['address2'] = $address2;$_SESSION['city'] = $city;$_SESSION['state'] = $state;$_SESSION['zip'] = $zip;$_SESSION['phone'] = $phone;$_SESSION['email'] = $email;$_SESSION['cell'] = $cell; echo "Customer selected for scheduling. Forwarding to calendar.";?>

Link to comment
Share on other sites

I'm attaching by zip file everything I can without compromising the security of my site or it's customers.

Edited by sepoto
Link to comment
Share on other sites

I have to create some code that will reproduce the error. It should be easy. I'm fairly confident that the problem is fully related to window.location.replace("calendar.php"); So a simple log in script containing that JavaScript redirect and some PHP session code is what I'm building.

Edited by sepoto
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...