We Keep Coding

PHP Session Variables Not Working After Redirect

I am having an issue with the follow code. It can echo the variables before it redirects, no problem. But after it redirects, it cannot. It seems to be losing the session variables in the redirect process. Any thoughts?
Original Page:
if (password_verify($rawpassword,$row["passwordHash"])) {
session_start();
$_SESSION["email"] = $email;
$_SESSION["fname"] = $row["firstName"];
echo $_SESSION["email"];
echo $_SESSION["fname"];
header("Location: https://www.mywebsite.com/home.php");
} else {
header("Location: https://www.mywebsite.com/signin.php?addlComment=3True");
die();
}
The Following Page:
<?php
echo $_SESSION["email"];
echo $_SESSION["fname"];
?>

You should learn more about sessions to avoid making mistakes and not leaving your codes vulnerable!
Know that to work with sessions, you must start them right at the beginning of each script
Also, after you create your session, you don't need to use the 'echo' command and right after redirecting to the success page, in fact, it is on the success page that you should work with the 'echo' command, and create some variables to store the value of those sessions, to make it easier to work with, and to make the code cleaner!
Please try it:
Signin
<?php
session_start();
//Start the session in the top of the script
if (password_verify($rawpassword, $row["passwordHash"])) {
$_SESSION["email"] = $email;
$_SESSION["fname"] = $row["firstName"];
header("Location: home.php");
exit();
} else {
header("Location: signin.php?addlComment=3True");
exit();
}
Home
<?php
session_start();
session_regenerate_id(true); //It can help you to protect against attacks, try to learn it!
$email = $_SESSION['email'];
$first_name = $_SESSION['fname'];
//If the user try to access the page without make login, then redirect to the signin page
if(!email || !first_name)
{
header("Location: signin.php");
exit();
}
//Test the sessions variables
echo "Welcome, you're logged in! I know your first name is: {$first_name}";

$_SESSION variables not passing between files

I've got a login script that puts user details into session variables. Today I moved the website to a new host, and now my coding doesn't work. This is the best I can do, and it still doesn't work
main_login.php:
(script above here gets all the $info from the database. So far it is working)
if($count==1){
session_start();
$_SESSION['username'] = $info['username'];
$_SESSION['given'] = $info['given_name'];
$_SESSION['family'] = $info['family_name'];
$_SESSION['profile'] = $info['profile'];
$_SESSION['adultchild'] = $info['adultchild'];
$_SESSION['id'] = $info['id'];
header("location:welcome.php");
}
welcome.php:
// Check if session is not registered , redirect back to main page.
// Put this code in first line of web page.
session_start();
if(!isset($_SESSION['username'])){
header("location:main_login.php");
}
The trouble is when I print any of the session variables nothing happens. I've even tried doing a var_dump($_SESSION) but it comes up as an empty array. Frankly I've spent all day on this and am stuck.

session_start();
if(!isset($_SESSION['username']));
header("location:main_login.php");
}
change to:
session_start();
if(!isset($_SESSION['username'])){
// ^ typing mistake
header("location:main_login.php");
}

What is wrong with the way I'm establishing a PHP session?

I'm using the following code. Session is working on the same page; on the next page it is not showing the session variable value. Please let me know what I'm doing wrong?
<?php
session_start();
$_SESSION['emailaddress']=$emailAddress;
header("Location: $success "); /* Redirect browser */
exit;
?>

use session_start() in the page that you are redirecting to, as well ($success), before accessing the session values there
So that the "success.php" page looks something like:
<?
session_start();
print_r($_SESSION);
?>

<?php
if(some_condition is true)
{
session_regenerate_id();
session_start();
$_SESSION['emailaddress']=$emailAddress;
header("location: member-index.php");
exit();
}
on secure page:
<?php
//Start session
session_start();
//Check whether the session variable is present or not
if(!$_SESSION['emailAddress'])
{
header("location: access-denied.php");
exit();
}
?>
<p>This is secured page with session: <b><?php echo $_SESSION['emailAddress']; ?></b>

sessions not being set in all pages on php5

I am using session_start(); at the top of my login page. After a user logs in, a message is displayed on screen which shows that the session is being set. But, I cannot carry sessions from page to page or can I echo out SID. It is a blank value. I would be grateful if someone could show me where I am going wrong. Thanks
<?php
$userpost = mysql_real_escape_string($_POST['user']);
if (!isset($_SESSION['user'])) {
session_start();
$_SESSION['user'] = $userpost;
}
echo $_SESSION['user'] .' '. 'Just logged in' . SID;
// Or maybe pass along the session id, if needed
?>

You have to have session_start(); on the very top of your code, after <?php. Since you are checking if the session is set without starting the sessions, your code will fail.
Is has to be like this:
<?php
session_start();
$userpost = mysql_real_escape_string($_POST['user']);
if (!isset($_SESSION['user'])) {
$_SESSION['user'] = $userpost;
}
echo $_SESSION['user'] .' '. 'Just logged in' . SID;
// Or maybe pass along the session id, if needed
?>

It's because you're always looking in $_POST for your user data.
Bring the session_start() out of that condition:
<?php
session_start();
$userpost = mysql_real_escape_string($_POST['user']);
if (!isset($_SESSION['user'])) {
$_SESSION['user'] = $userpost;
}

You said that you called session_start() at the top of your login page, but you did not mention your other pages. session_start() needs to be called at the top of every page in your application. I generally put my session_start() logic, along with a snippet of code for logging the user out after a period of inactivity, in an include file and then include it at the top of every page.
<? session_start();
if (isset($_SESSION["last_activity"]) && (isset($_SESSION["username"])) && ((time() - $_SESSION["last_activity"]) > 900))
{
unset($_SESSION["username"]);
}
else
{
$_SESSION["last_activity"] = time();
}
?>

PHP Sessions Login System

I'm trying to test a simple login system without a db, just for testing purposes.
I have created a php file that checks if the username and pass are valid and register a session.
<?php
session_start();
define("ADMINUSER", "user");
define("ADMINPASSWORD", "pass");
$user = $_POST['user'];
$pass = $_POST['pass'];
if (($user==ADMINUSER) && ($pass==ADMINPASSWORD))
{
$_SESSION['logged_in'] = true;
header("Location: main.php");
}
else
{
header("Location: auth.php?flag=wrong");
}
?>
and include this in other files to check if the user is logged in:
<? session_start();
if ($_SESSION['logged_in'] != true)
{
header("Location: auth.php?flag=not");
exit;
}
?>
But this doesn't seem to work, as I close the window and try to open it again and it doesn't redirect me to the login page(auth.php).
What am I doing wrong ? Any help is appreciated.

This part of your code:
$_SESSION['logged_in'] == true;
Should be:
$_SESSION['logged_in'] = true;
= is an assignment operator.
== is a comparison operator.

It won't redirect you to the auth.php page since your session persists until you clear your browser's cookies or until the session runs out. Hence why closing the browser window won't log you off Facebook/Twitter etc.

You should always use an exit after a redirecting with the header function, otherwise loading of the page will continue.
header('Location: auth.php', true, 303);
exit;
It's a good practise to specify the code 303, instead of redirecting with the default 301. Code 301 means "moved permanently", code 303 means "see other".