Session Security

Description: I have a portal protected by a login page. Upon successful login, you are then redirected to the home home page [php]<?php header('Location: home/'); ?>[/php] I then use very simplistic session security to navigate through the portal. Once you click logout, the session variables are destroyed.

Problem: If I log in to my portal, then log out, then immediately log back in, I can access the home page like I normally would. However, I get sent to my access denied page if I navigate away from the home page. (this only seems to be happening in Firefox and Chrome, NOT IE) The access_denied page only occurs if your session variables aren’t set. I’m not sure if this is a logic error in my code, or perhaps there is a setting that needs to be changed in the php config file. Here is the code.

Login Page (index.php)
[php]

<?php session_start(); // Check if the username and Pasword Post variables contain data if(isset($_POST['username']) && isset($_POST['password'])) { //If user tried to login $username = $_POST["username"]; $password = $_POST["password"]; // Connect to the db server and select the default database require('security/dbconnect.php'); db_connect(); //mysql_real_escape_string used to avoid SQL Injection attacks $sql = "SELECT * FROM users WHERE user='". mysql_real_escape_string($username)."' AND pass='". mysql_real_escape_string(md5($password))."' LIMIT 1"; // Run the SQL query $result = mysql_query($sql) or die(mysql_error()); // If mysql_num_rows returns a result, then the user exists in the database // and the password entered was correct if(mysql_num_rows($result)) { //Get the first name of user $row = mysql_fetch_object($result); $fullName = $row->full_name; $removeLastName = explode(" ", $fullName); $firstName = $removeLastName[0]; //Create a salt (this is not the real salt) $salt = '******************'; //Create Security Token $tokenString = (string) date('W') . $salt; $token = sha1($tokenString); //Declare Session Variables $_SESSION['token'] = $token; $_SESSION['valid_user'] = $firstName; //Regenerate session ID when privileges change, such as successful login session_regenerate_id(); header('Location: home/'); } else { $invalid = 'Could not log you in'; } } ?>

[/php]

Each Page then requires this file, and calls function check_valid_user() (user_auth.php)
[php]

<?php session_start(); function check_valid_user() { if (!isset($_SESSION['token'])) { header('Location: http://www.firebirdsmail.com/testfiles/new_portal/security/access_denied.php'); } } ?>

[/php]

Finally, the logout page (logout.php)
[php]

<?php require_once('user_auth.php'); check_valid_user(); $user = $_SESSION['valid_user']; //Destroy the session unset($_SESSION['token']); unset($_SESSION['valid_user']); session_destroy(); if(!empty($user)) { $logout = 'You have successfully logged out ' . $user; } else { //In theory, this will never occur $logout = 'Could not log you out'; } ?>

[/php]

Let me know if you need more details. Any help or advice would be greatly appreciated.

Sponsor our Newsletter | Privacy Policy | Terms of Service