Session variables are lost after using the following code to redirect:
header('Location: ./protected_page.php');
exit; //doesn't seem to do anything
On protected page I make sure to use session_start() before referencing any session variables.
Please help!
You redirect to the same domain.If you are redirecting from
www.thedomain.com to thedomain.com can possibly end you session
Ensure register_globals is off, you can check this on the php.ini file and also using phpinfo().
The session variables aren't overwritten.
switching between http and https can also end your session.
Related
I made a simple registration page, which after validation, adds a unique identifier to the session id to identify the user and also sets a session variable 'UID' to a custom value. Then the script redirects to a new page.
$_SESSION['UID'] = $id;
session_id($sessID);
echo session_id();
session_write_close();
header("Location: https://localhost/AccountWebsite/landing.php");
exit();
?>
The landing page is supposed to be accessible only by members (i.e. those with a special unique session id set by my script), and that functionality wasn't working. So to check why, at the moment I allow anyone to access the page and their session id is echoed, and so is the 'UID' session variable.
<?php
session_start();
echo session_id()."\n";
echo $_SESSION['UID'];
?>
Now, when I echo the id it isn't the one I set myself. It is the generic PHP one, and the variable doesn't exist. During debugging, I commented out the redirect in the registration script, and instead had it echo the session id that it had just set. The echoed id is correct (obviously since it's echoed in the script it's set in), although when I enter the cookie manager on Firefox, it displays the session id as the generic php one, which means the session is reset when the first script ends and not between sessions.
Make sure session_start(); is called before any sessions are being
called. So a safe bet would be to put it at the beginning of your
page, immediately after the opening php tag before anything else.
Also ensure there are no whitespaces/tabs before the opening php
tag.
After the header redirect, end the current script using exit(); (Others have also suggested session_write_close(); and
session_regenerate_id(true), you can try those as well, but I'd use
exit();)
Make sure cookies are enabled in the browser you are using to test it on.
Ensure register_globals is off, you can check this on the php.ini file and also using phpinfo(). Refer to this as to how to turn it off.
Make sure you didn't delete or empty the session
Make sure the key in your $_SESSION superglobal array is not overwritten anywhere
Make sure you redirect to the same domain. So redirecting from a www.yourdomain.com to yourdomain.com doesn't carry the session
forward.
Make sure your file extension is .php (it happens!)
I have done all of the above from dayuloli's answer on this post
and have been debugging all day. Please help, why does the session not keep the id and variable values I set to it by the end of the script and sccross the whole server?
Additional info: I tried another example folder (on htdocs) where one page sets a variable and the other echoes it, and it worked.
You don't need to set a session_id unless you want multiple sessions. If you do specify a session_id, you need to call session_start() afterwards to start using it and submit the cookie into the client's browser.
Beyond that explanation, you need to use session_start() at the top of any script that requires sessions.
From http://php.net/manual/en/function.session-id.php:
session_id() needs to be called before session_start()
session_id() will always send a new cookie when session_start() is
called
Hi Today I am facing one strange Problem
After login validation I am storing the user name in session and redirecting it to some other page .
Validation page .
if (mysql_num_rows($sqlQuery) == 1) {
session_start();
$_SESSION['username'] = $login;
print $_SESSION['username'];
header("Location: dialout.php");
}
.
on dialout.php I am trying to print session like
var_dump($_SESSION);
But it doesn't print anything .
some googling I found that problem might be in writing the session directory .
So to check that I wrote one script .
print session_save_path();
if (!is_writable(session_save_path())) {
echo 'Session path "'.session_save_path().'" is not writable for PHP!';
}
else{
echo "writable -------------";
}
From above script I am getting writable.
Just wondering why my I am unable to access the session on dialout.php page
In your Validation page,the following code should be at the top of the file, as first line in your code.
session_start();
It should be included in every page if you want to use session variable.
First, carry out these usual checks:
Make sure session_start(); is called before any sessions are being
called. So a safe bet would be to put it at the beginning of your
page, immediately after the opening
After the header redirect, end the current script using exit();
(Others have also suggested session_write_close(); and
session_regenerate_id(true), you can try those as well, but I'd use
exit();)
Make sure cookies are enabled in the browser you are using to test
it on.
Ensure register_globals is off, you can check this on the php.ini
file and also using phpinfo(). Refer to this as to how to
turn it off.
Make sure you didn't delete or empty the session
Make sure the key in your $_SESSION superglobal array is not
overwritten anywhere
Make sure you redirect to the same domain. So redirecting from a
www.yourdomain.com to yourdomain.com doesn't carry the session
forward.
Make sure your file extension is .php (it happens!)
can all be found here: PHP session lost after redirect
Call session_start function in dialout.php befor accessing session variable like this :
session_start();
var_dump($_SESSION);
I was wondering how I would pass something using a session between pages that are in two separate directories. For example, if I had the following code, what would I need to add to make it work?
Page 1: directory\directory1\directory2\Page1.php
session_start();
$_SESSION['example'] = '123';
Page 2: directory\dir1\dir2\Page2.php
session_start();
echo $_SESSION['example'];
Your code should work if these pages are served within the same domain.
You do not have to session_start() in each page. Just write that, in a single file and share that file between the pages you want to hold the session in.
So, if you have page1.php and page2.php and session.php You can create session either in page1.php and check it in page two like: echo var_dump($_SESSION) and vise-versa
First of all, check if session-cookies are properly set. Some problems (e.g. Headers already sent) may cause your session cookie to not be set.
If this is working properly, you may have to change the session cookie parameters via session_set_cookie_params
By setting the second parameter (path) to /, the session cookie is valid for the root of your website and all subdirectories.
Example
session_set_cookie_params(0, '/');
The same settings can also be set in your php.ini or via ini_set(). See Session configuration
Note:
I'm not sure if these settings have any effect if session.autostart is enabled, in which case the cookie-header may already be sent before the changes are made.
I'm sorry guys -- after two hours of looking and commenting out and so on, I found one tiny include that was referencing a redirected domain. Somehow this threw everything else off. I'm still not sure why, but by fixing that file to the new domain I was able to fix it. Again, thanks for your help and time in replying to me!
I'm fairly familiar with sessions in PHP, yet I can't tell why these session variables are not sticking on this login system I have. When I log in, I get successfully sent to the index page, but any pages therein I get kicked back to the login page, and also when I reload the index page. I have echoed the session variable $_SESSION['login'] on the index page to make sure its value has accurately been carried over, and it's is there..
... code removed
My wild guess but usually a problem I always encounter in Apache under Linux when dealing with sessions.
Check session.save_path in php.ini. If there's a path there and doesn't exist in your system, create it e.g. session.save_path = "/var/lib/php/session". I'm guessing PHP cannot create session files and thus session won't persist across pages. Give the folder a write permission too, try 0777 (but it's not the best permission as it allows all users). HTH!
Why are you destroying the session during login? This is probably a reason.
session_start();
session_unregister('login');
session_write_close();
session_start();
session_destroy();
You probably might just call session_start() and clear 'login' session value:
<?
$ERRBG="";
$ERRMSG="";
session_start();
$_SESSION['login'] = null;
require_once("db/mysql_connect.php");
.......
Use session_start() only once in the php page at the starting
Do not use session_destroy().
If you want to remove session variable, use unset function.
In case if you want to remove all the variables use session_unset function
Use session_destroy() as the logout operation
Please do this step :
use session_start() at the top of page after <?php just once .
don't destroy session
write var_dump($_SESSION) on in your test-index and write it in that
page when you click on it , it's
redirect to login page ( insert
die() after it ) !
I think session start in your test-index but not in your other page
report result to me !
I've got a script that sets some session values before redirecting to / using header().
I've read many posts about the $_SESSION variable being destroyed / lost after header(), even after I implemented this:
// set session here
session_regenerate_id(true);
session_write_close();
header("Location: /");
session_start() is set in the correct places, does anyone know of anything that I might be missing?
On the index.php page I have this:
session_start();
print_r($_SESSION);
// outputs nothing :'(
The code is pretty complex so will not post it all, just snippets.
I've never seen any session related issues due to using location headers - are you sure you're calling session_start on both pages?
Hmm... this answer made a lot more sense before you added the session_start bits above, and mentioned the fact that you were sure you were using session_start. :-)
header must be sent before session close
session_regenerate_id(true);
header("Location: /");
// the header must be sent before session close
session_write_close(); // here you could also use exit();
just put exit; after header :D I solved by this
After the Header redirect you need to exit the PHP script:
header("Location: /");
exit();
In the interest of closing this question, we had concluded it was a problem with the server configuration, not surprising considering the host is well known for this kind of thing.
One possible option that was not mention here and happened to me is that I was creating another session. When you're using session in php you can use only one session at a time. If you create a new session the old one is lost. This is more likely to happen when you create a session for login and maybe you want another session for something else(It's not that recommended anyway). My case was a flash() method which I used to create a session only once a post was added/updated/deleted. And use that session in the views to display a message then destroy it. Every time I created a new session while adding/updating/deleting the other session that I used for login was destroyed. This is not something that happens to often but it's possible.
I had the same problem, I found that using a function related to Session helps to ensure if you started a session or not
if(session_status == PHP_SESSION_NONE)
session_start();
You don't need to start session_start() in each page. cuz untill your browser is closed the same session remains for the entire path you have specified in php.ini