My problem is somewhat similar to the following post.
PHP error: unable to change header information - headers already submitted
But in my case, I decided to start the session as soon as I determine that there are no verification errors in the login form, and the login information matches the database information. Here is the following code:
Login page (before any html)
session_name('username');
session_name('ip');
session_name('start');
session_start();
Checkbox Login.php (in html body)
} else {
$user = $_POST['username'];
$userpass = md5($_POST['password']);
$login_results = statement("select username, password from `$admin` where username='$user' and password='$userpass'");
if (mysql_num_rows($login_results)!= 1) {
$errmsg = "<span id='error'>Login failed: Username or password not on file</span>";
}else {
$_SESSION['username'] = "$user";
$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
header("Location: index.php");
}
}
}
}
If you look at the else block above the code, I check the login and, if it's good, I want to assign session variables and go to my index page. Which has this code at the very beginning:
session_cache_expire( 20 );
session_start();
$inactive = 1200;
if(isset($_SESSION['start']) ) {
$session_life = time() - $_SESSION['start'];
if($session_life > $inactive){
header("Location: logout.php");
}
}
$_SESSION['start'] = time();
$newip = $_SERVER['REMOTE_ADDR'];
if (!isset($_SESSION['username']) || empty($_SESSION['username']) || $newip!= $_SESSION['ip']) {
header('Location: login.php');
}
, , , header() , , , - login.php. , , header(), . , , , . ? , login.php?