I have been using $_SESSION forever and never had an issue. Tonight things are not working when I'm trying to build a new app using the same session logic. I've been trying to debug this for hours looking online to no avail. The session.php keeps redirecting me to the login page. I feel stupid.
login.php
session_start();
$_SESSION['user_id'] = 'superUser';
header("Location: dashboard.php");
exit();
session.php
<?php
session_start();
if ( isset( $_SESSION['user_id'] ) ) {
// do something here
} else {
// Redirect them to the login page
header("Location: login.php");
exit();
}
?>
dahsboard.php
<?php
include_once 'session.php';
echo 'dashboard';
My problem may seem pretty elementary, but I dont know whats wrong with my code. I have a very simple login system that looks like this:
login.php:
<?php
session_start();
if ($_SESSION['loggedin'] = 1) {
header("Location: admin.php");
}
if ($_GET['login']) {
// Only load the code below if the GET
// variable 'login' is set. You will
// set this when you submit the form
if ($_POST['username'] == 'thenemis'
&& $_POST['password'] == 'slustice') {
// Load code below if both username
// and password submitted are correct
$_SESSION['loggedin'] = 1;
// Set session variable
header("Location: admin.php");
exit;
// Redirect to a protected page
} else echo "Wrong details";
// Otherwise, echo the error message
}
?>
<form action="?login=1" method="post" accept-charset="utf-8">
<fieldset>
<label for="username">Usermame:</label>
<input type="text" name="username" placeholder="username" required>
<label for="password">Password:</label>
<input type="password" name="password" placeholder="password" required>
<input type="submit" value="Login"> </td>
</fieldset>
</form>
This works fine.
admin.php:
<?php
session_start();
// Call this function so your page
// can access session variables
if ($_SESSION['loggedin'] != 1) {
// If the 'loggedin' session variable
// is not equal to 1, then you must
// not let the user see the page.
// So, we'll redirect them to the
// login page (login.php).
header("Location: login.php");
exit;
}
?>
<p>Log out</p>
Now my problem is, that the system keeps me logged even though i clicked the logout URL, which looks like this:
logout.php:
<?php
session_start();
session_destroy();
header("Location: login.php");
?>
There is obviously some elementary mistake with my logout procedure, but I cant seem to find it... Thanks for any help in advance!
You are making assignment here:
if ($_SESSION['loggedin'] = 1) {
header("Location: admin.php");
}
and you should make comparisment
if ($_SESSION['loggedin'] == 1) {
header("Location: admin.php");
}
Try this
<?php
session_destroy();
header('Location: index.php');
exit();
?>
change your admin.php file
<?php
session_start();
if (!isset($_SESSION['loggedin'])) {
header("Location: login.php");
exit;
}
?>
<p>Log out</p>
In login.php you didn't started session_start after user details verified...
try to add session_start(); before $_SESSION['loggedin'] = 1;
This may work for you...
in logout.php
before estroying unset the session variable
using this line
unset($_SESSION['loggedin']);
From the php.net Manual:
In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.
Use this code (copied from php.net) to logout securely:
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();
// Unset all of the session variables.
$_SESSION = array();
// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Finally, destroy the session.
session_destroy();
?>
Just try with the following changes :
In login.php :
if ($_SESSION['loggedin'] == 1) {
header("Location: admin.php");
}
In logout.php :
<?php
session_start();
ob_start();
session_destroy();
$_SESSION['loggedin']=""; //Just empty that session variable
header("Location: login.php");
?>
I think this may help you to resolve your problem.
I am trying to set a session variable but it's not working. Here is what I am doing in Code. Please suggest what's wrong:
Login-Validator.php
<?php
session_start();
$userName = "test";
$_SESSION['iUsername'] = $userName;
header("Location: http://www.XXXXXXXXXXXX.com/LoginSuccess.php");
?>
LoginSuccess.php
<?php
session_start();
$User = $_SESSION['iUsername'];
echo $User;
?>
Try this (put a 'exit' after the redirect)
session_start();
$_SESSION['session'] = 'this is a session';
header('location: apage.php');
exit;
read more at # PHP: session isn't saving before header redirect
If this doesnt work..comment out the redirect and open each page in a different browser tab. Then open Login-Validator.php and then open LoginSuccess.php and check if the session was set. I think it cause by the cookie not setting before the redirect.
Also is Login-Validator.php and LoginSuccess.php on the same domain?
header("Location: /LoginSuccess.php");
i created a login page in php and used session in it... after checking the condition i am setting the session as
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
and in the login_succes.php i have the code as
<?
session_start();
if(!session_is_registered(myusername)){
header("location:main_login.php");
}
?>
<html>
<body>
<h2><?php session_start(); echo $_SESSION['myusername']; ?>
Welcome to hell</a>
</body>
</html>
and in logout.php the code is
<?
session_start();
session_destroy();
?>
the issue i am facing is on login 2nd time i am getting 1st user name itself in the output.
To destroy a session with one of the following:
$_SESSION = array();
unset($_SESSION);
Instead of session_is_registered, use standard $_SESSION super global. Like:
if(isset($_SESSION['myusername']))...
To register a session variable use:
$_SESSION['myusername'] = $myusername;
Also, PHP version, environment, could help us to find out.
I like to know how to use a condition on php sessions
in this code if the user is not loged in page will redirect to login.php.
<?
session_start();
if(!session_is_registered(username)){
header("location: login.php");
}
?>
what i want is to redirect user to another php if the user is loged in. if not stay on the same page. like if user is not loged in keep the user in index page and if user is loged in redirect the user to user.php
for the login script im using a code fount in this site :http://www.phpeasystep.com/phptu/6.html
thanks in advance.
Set a variable in $_SESSION when you have logged in.
i.e. in login.php:
if ( $passWordCorrect ) {
session_start();
$_SESSION['loggedIn'] = true;
}
in index.php:
session_start();
if ( !empty( $_SESSION['loggedIn'] ) ) {
// User logged in; do magic.
} else {
header('Location: user.php');
}
<?
session_start();
if(!$_SESSION['username]){
header("location: login.php");
}
?>
And in login page you asign the variable like this:
<?php
session_start();
$_SESSION['username']='JohnDoe';
?>
The code is on the same page as the tutorial you linked to:
<?php
session_start();
if(!session_is_registered(myusername)){
header("location:main_login.php");
}
?>
But really you should be using the $_SESSION variable. On the login page:
<?php
session_start()
$_SESSION['username'] = $username;
?>
And then on the other pages:
<?php
session_start()
if (!isset($_SESSION['username'])) {
header('location: login.php')
}
?>
UPDATE
It is better to not use short tags (i.e. <?php instead of ?>)