I have a simple page to check if the session are set or no
session_start();
if (!isset($_SESSION['id'])) {
$_SESSION['checkin'] = 'yes';
header("Location: https://blabla.php");
exit();
} else {
// do something here
}
<HTM>
web page
</HTML>
everytime i the session is not set, i would not load the page. i have try to delete the exit() funciton, page load correctly, but i cannot redirect it to the url
EDIT :
I am forget to write session_start(); here, but in my real code, they already inputed
It is likely that you have a non-header output before the header line.
Try adding an ob_start() after the session_start().
Related
I am trying to verify that a user has logged in before showing them the page, using the method below, while the if/else method works when wrapped around plain html, it is failing when there is php involved. I am a novice by the way. What happens is the page simply loads as if the two tags below weren't there...which would be fine had I previously logged in, but I hadn't.
<?php
session_start();
if(isset($_SESSION['user'])) {
?>
HTML/PHP Page goes here.
<?php
} else {
header("Location: cms/admin/loginreadmode.php");
}
?>
Thanks in advance,
You can debug just below your session_start(); by printing your session:
echo '<pre>';
print_r($_SESSION);
die();
If $_SESSION['user'] isn't showing up in your array it isn't be set.
You can do this like this:
session_start();
$_SESSION['user'] = true;
Are you sure that you have add session support in every page?
if (!isset($_SESSION)) {
session_start();
}
This code should be working, so mistake is probably somwhere else I suggest checking if you set $_session["user] after login.
You should also replace your not-working code part with simple
echo "hello";
to chek it.
1) That is not a great method of checking whether a user is logged in, purely checking whether a user sessions exists can end up causing a lot of problems. Storing the ID in the sessions and then checking whether the ID is valid may be a better way,
2) When I copy the code above into a test document it goes straight to the redirect page in the else statement. This is down to the user session not being set, as soon as I set the user session before the code is executed it works fine. I see 'HTML/PHP Page goes here.'.
Setting the user session:
$_SESSION['user'] = 'TestUser';
You can change the code at the top of the page to be
<?php
session_start();
if(!isset($_SESSION['user'])) {
header("Location: cms/admin/loginreadmode.php");
die();
}
?>
Really annoying problem I can't solve/can only partially solve. Nice juicy one for you pros.
I've got a basic login system set up. Like this:
Login.php:
line 1: session_start();
Check if($_SESSION['logged_in'] == true) header("Location: /controls.php);, incase they've already entered their details.
If they haven't entered them yet, user enters credentials, if valid: $_SESSION['logged_in'] = true;
After database credentials are checked and session is set to true, redirect using PHP header("Location: /controls.php);
Bear in mind, the session is now set.
Controls.php
line 1: session_start();
line 2: if($_SESSION['logged_in'] != true) {header("Location: /index.php");}
Instantly I get taken to index.php ONLY IN CHROME AND FIREFOX.
Also, I have accounttools.php, where the session is again required. Once I try to access accounttools.php, the session is destroyed/unset and any attempt to load accounttools.php results in the header redirect to my /index.php page, again ONLY IN FIREFOX AND CHROME.
I've also got to add in something. If I go back to login.php and re-login, everything works fine and the session gets set properly. Is this a browser-based bug? PHP is executed before any data gets sent to the browser, so how on earth can these browsers act differently if the PHP has already been executed by the time anything reaches the user?
Login file:
// Login.php
<?php session_start();
if($_SESSION['logged_in'] == true)
{
header("Location: /controls.php");
exit();
}
if($_POST['username_login'] && $_POST['password_login'])
{
// Do necessary database work to check credentials (edited out here).
// ...
// Check re-hashed pass against database hash (password checking)
if($make_password == $current_user[0]['password'])
{
// If this is OK login is a success.
$_SESSION['logged_in'] = true;
header("Location: /controls.php");
exit();
}
}
?>
Controls file:
// controls.php
// This page instantly redirects to index.php
<?php session_start();
// Go to homepage if logging out.
if($_POST['logging_out'])
{
unset($_SESSION['logged_in']);
header("Location: /index.php");
exit();
}
// No access unless logged in.
// This session seems to no longer exist at this point. Why??
if($_SESSION['logged_in'] != true)
{
header("Location: /index.php");
exit();
}
?>
Edit: I've discovered something else: If I login and manually enter the URL of the $_SESSION-restricted page, the $_SESSION is not destroyed.
There is some part of the header() redirect that is causing th $_SESSION to become unset/destroyed in Google and Mozilla.
I've also been Googling like crazy and apparently this is a common problem amongs PHP coders. Someone must have a clue what this is?
I see a problem with the way you are redirecting after a successful login: It is a javascript redirect so it will only happen after all the php has finished executing and the result has been sent to the browser. That means that codes after your redirect are executed as well.
I would recommend not outputting anything to the browser until the very end and use the:
header("Location: /...");
exit();
combination everywhere where you want to redirect so that you are sure that nothing happens to your session after the redirect code.
To avoid getting headers already sent problems, I would also recommend getting rid of stuff like:
?>
<?php
like on the first lines of login.php.
1: i use register.php to sign up the clients,
2: the data collected from the form is send to 1.php, it is saved in database
3: after form data is saved in database, 1.php forwards selected form data (myValue) to register.php?myValue='abc'
in 1.php, i am saving a session variable like this
#session_start();
$_SESSION['color']='blue';
the code of register.php is
if (isset($_SESSION['color'])) {
header('Location: http://mydomain.com/thankyou.php');
}
else {
#session_start();
some other stuff that was initially use for signing up the clients
my logic is to check for session variable and to redirect it to some-other page
when step 1 , step 2 and step 3 are complete, page should be
redirected to thankyou.php
currently, when step 1, step 2, step 3 are done, instead of opening thankyou.php, the following page is being opened
http://mydomain.com/register.php?myValue='abc'
however, if i re-open register.php or go back to step one (opening register.php), thankyou.php is displayed...
can somebody guide me where i am doing the blunder? why redirection is not being successful although session variables are being created?
code Update
i tried the following code at the top of my register.php
#session_start();
if (isset($_SESSION['color'])) {
header('Location:http://mydomain.com/thankyou.php');
exit;
}
else{
remaining stuff
it occasionally do the trick, redirects to the page, while on occasion (greater in number), it fails in redirecting to thankyou.php,, also the code needs to delete complete history and cache to work (after doing so, still miss hits occurs..)
Make sure you use exit(0); right after you do a header redirect otherwise php will still parse and run the rest of your script, sometimes it can cause some funny behaviour.
In your register.php, you can't test for the session variable before you issue the session_start, so your code should be more like:
session_start();
if (isset($_SESSION['color'])) {
header('Location: http://mydomain.com/thankyou.php');
}
else {
// Something else....
EDIT:
Another thing I've found useful when trying to set session variable in conjunction with redirects is to proceed to the redirect only after running a function. Here's how it would work:
$throwAwayVariable = setColor('blue');
if($throwAwayVariable ){ // separated out into a function so it wouldn't redirect before the session variable was saved
session_write_close();
header("Location: http://mydomain.com/thankyou.php");
}
function setColor($color){
#session_start();
$_SESSION['color']='blue';
return true;
}
Since not all your code is posted, you'll have to figure out where this goes, but I've always had my session vars work after this process.
Your session_start() call in register.php needs to be BEFORE you call any $_SESSION variables.
I have the same issue, then I try to add session_start and session_write_close, and it works!
session_start();
$_SESSION['status'] = 'Updated Poem successfully';
session_write_close();
header("location: index.php");
To login I use:
<?php
session_start();
if($_POST){
$csUSER='USERNAME';
$csPASS='PASSWORD';
$user=$_POST['user'];
$pass=$_POST['pass'];
if ($user==$csUSER) {
if ($pass==$csPASS){
$_SESSION['cdb']="1";
header("Location: /");
exit;
} else {
$passerror='<span class="errormsg">Wrong Password.</span>';
} // END IF PASSWORD
} else {
$usererror='<span class="errormsg">Wrong Username.</span>';
} // END IF USERNAME
} // END IF $_POST
?>
To allow myself to do admin tasks per page (included in all pages [top of page]):
<?php
session_start();
if(isset($_SESSION['cdb'])){
$loggedn="WORD";
}
?>
This allows me to:
<?php
if ($loggedn=="WORD") { WHATEVER }
?>
And to make sure I only have access to backend pages when logged in (included in all backend pages):
<?php
// backend login check
if($loggedn!="WORD") {
header("Location: /"); // if not logged in, go to homepage
exit;
}
?>
The problem is, it works perfect on my pc, but I have another pc my wife uses for data collation and it does not stay logged in on her pc. We both use Linux (Fedora) with FF. I have been over ever line of code in each page, help!
A few things to check:
Ensure that you are starting with a clean slate. Clear cache and cookies in your browser to ensure that you don't have an old session open.
Ensure that session data is being stored on the new machine. Session data is commonly stored in /tmp
Ensure that there is no client-specific code being executed in relation to the session.
Call the exit function after redirecting to another page, otherwise the following code will be executed anyway, what can lead to strange behaviour.
if($loggedn != "WORD")
{
// redirect to login page
header("Location: login.php");
exit;
}
// the following code will be executed if exit is not called
...
I'm losing the data in $_SESSION when I do a header redirect. When I walk through this with a debugger I can see all my data in $_SESSION before I exit();
Login.php :
...
if($result == 1){
header("Location: /myaccount.php");
session_write_close();
exit();
} else {
header("Location: /login.php?invalid=yes");
exit();
}
Then I put a breakpoint after the session_start() conditional below and $_SESSION is completely empty.
myaccount.php:
<?php
if(!isset($_SESSION['user_id'])) { session_start(); }
$docRoot = getenv("DOCUMENT_ROOT");
...
Where did my session go?
Make sure you are using the function session_start(); before the if-statement on myaccount.php
You should call session_start() on every page accessing (that is, reading or writing) $_SESSION, and call it before any access to the session array. So, be sure you call session_start() on both pages.
Yes don't delete post ... I had EXACTLY the same issue, and this post caused me to involuntarily smack palm firmly against forehead. And it fixed the problem (with my code that is, not my dumbness). Cheers!