I'm writing a user login system, and I (like so many others) am having a problem with my sessions.
Here's the pointer from the login script when the inputs are validated:
session_start();
$_SESSION['id']=$id;
header('location: memberhome.php');
Here's the first thing on memberhome.php:
<?php
session_start();
$id=$_SESSION['id'];
?>
And later in memberhome.php:
You are logged in as: <?php echo $id; ?>
The problem is $_SESSION['id'] is apparently empty so the echo $id prints nothing.
An alternate that also does NOT work:
//removed session_start and $_SESSION bit from the top
You are logged in as: <?php session_start(); echo $_SESSION['id']; ?>
NOW, here's the weird part. This method DOES work:
You are logged in as: <?php echo session_start();$_SESSION['id']; ?>
You can see the session_start() is moved AFTER the echo. This works when the page loads from the login script. However, upon refresh, it does NOT work once again.
I've tried a bunch of alternatives and spent a few hours searching for answers in previous questions. I also looked at my phpinfo() for something fishy and found nothing. This is entirely what my progress is hinging on. Thanks!
First of all, please enable debugging:
error_reporting(E_ALL);
ini_set('display_errors', '1');
Second, session_start() needs to be at the top of the page. So the line you wrote;
You are logged in as: <?php echo session_start();$_SESSION['id']; ?>
will never work.
The following line needs to be on top of the page, before any HTML etc.
<?php
session_start();
$id=$_SESSION['id'];
?>
Have you tried:
print_r($_SESSION);
to examine the contents of the session?
Make sure you're calling session_start() before you output anything on the page. The standard cookie-based sessions require some header information to be exchanged, which must be done before you send any content.
You're most likely running into output buffering, which is why it sometimes works and other times it does not. Generally speaking, stick to starting the session before any output is generated, you'll find your code works better.
use
ob_start(); #session_start();
on the top of the both page
Related
I want to ensure that an HTML page only appears if the user has logged in. I'm trying to do it by setting a session variable from the login page then checking if that variable exists when the HTML page is loaded.
This is my code at the very top of the HTML page:-
<?php
session_start();
if (!isset($_SESSION['checks'])) {
header("location: http://localhost/project/fail.php");
}
?>
It doesn't redirect! Nothing happens at all except that the HTML page gets loaded.
Can anyone help please?
Thank you all for your helpful suggestions. The snippet I posted shows the very first lines: i.e. session_start(); is the very first line.
By moving the var check snippet from the session_start() segment and making a separate php check snippet immediately after the body tag, everything works as expected.
You can use header function : https://www.php.net/manual/en/function.header.php
Referring to it :
<?php
session_start();
if (!isset($_SESSION['checks'])) {
header("Location: http://localhost/project/fail.php");
}
?>
make sure that session_start() always come at the first line
if(!isset($_SESSION['checks'])){
header('location: fail.php');
}
I believe your problem is on the login page... Although, if I were to talk about this page, consider trying the following code instead of your snippet first. If it gives the desired outcome then you will know that the problem is with your header and not the session:
<?php
session_start();
if (!isset($_SESSION['checks'])) {
echo "not logged in";
}
?>
Do make sure you're referring to the correct session variable if this code doesn't work and feel free to share how you are starting this session on your login page.
Found the solution. Solution at the bottom of the post
I have some code in php using sessions (I'm just testing them out - I want to use them in a login system).
test1.php:
<?php
session_start();
$_SESSION["test"] = "works";
echo $_SESSION["test"];
?>
test2.php:
<?php
echo $_SESSION["test"];
?>
test1.php output the correct value (where I wrote echo $_SESSION["test"];), however when I switch to test2.php, there's nothing. I have checked the cookies (both websites have the same session cookie). Could the problem be a server error?
Found the solution. A simple error like that can create a big problem. At the time, I did not realize that I had to have a session_start() at the beginning of every php webpage that I used session variables in.
There must be a sesssion_start(); at the beginning of EVERY php webpage that you are using session variables in
My session does fails to resume when opening another file
I have 2 pages, test.php and test2.php. Each of my files are listed below.
test.php:
<?php
session_save_path('sessBin');
session_id('mySessionID');
session_start();
$_SESSION[1]="yo";
echo $_SESSION[1];
?>
go to test 2
test2.php:
<?php
session_save_path('sessBin');
session_id('mySessionID');
session_start();
echo $_SESSION[1];
echo "bleh";
?>
The first page returns:
"yo" go to test 2
however, when clicking on the link to go to test2.php, only this returns:
"bleh"
I did some research to find that cookies must be enabled. Well, they are... So what is wrong?
NOTE: (A discovery from afterwards)
I did notice that there were several files(including sess_mySessionID) in sessBin so the session is stored. However, the files are empty and the session does not seem to resume
test1.php
// session_save_path('sessBin');
// session_id('mySessionID');
session_start();
$_SESSION['test'] ="yo";
echo $_SESSION['test'];
go to test 2
test2.php
// session_save_path('sessBin');
// session_id('mySessionID');
session_start();
echo $_SESSION['test'];
echo "bleh";
Worked for me !
session_start needs to be defined at the top of every page, right after the opening php tag, on every page where the session data is expected to exist. You must do this before addressing any other session function or variable.
** Update to Answer Based On Your Comments **
check for white space before the opening php tag in test2.php. Also, enable error reporting. You might be sending something out before the session call that is causing session_start() to fail.
Try this:
config.php
<?php
session_start();
?>
In all your other files at the top add this:
include'config.php';
That way you will always have a file where you can put important stuff you might need on other pages as well, so you don't have to retype it every time.
This seems really simple, and I see a lot of documentation about it, but I can't get it to work. Basically, I have a page "download-software.php" that we want only to be accessed from "download-registration.php" On the second page "download-registration.php" I have this:
<?php
session_start();
$_SESSION['authenticated'] = 'yes';
?>
and on the first page "download-software.php" I have this:
<?php
session_start();
if($_SESSION['authenticated'] != 'yes') {
header("Location: http://kinetick.com/V3/download-free.php");
};
?>
I need to kick the browser to the "download-free.php" page if they dont come from the first page. Can anyone help me out pls?
**Edit**
added session_start(); still doesn't work.
You need to add another session_start() to the beginning of download-software.php to resume the session you started from download-registration.php.
You forgot session_start() on download-software.php
You must always call session_start() before any html data to be able to use $_SESSION in your script
I have the following php code:
<?php session_start();
....
$result=$db->query($query);
$row=$result->fetch_assoc();
$_SESSION['id']=$row['id'];
header('Location: http://www.blabla.com/successLoginPage.php');
php code on: successLoginPage.php
<?php session_start();
echo $_SESSION['id'];
Here is problem. When i do all things, i see nothing in successLoginPage.php, after approximately 10 minutes i refresh the page and see correct variable. I tried to clear the cache, ctrl+f5, shutdown the browser and computer, but nothing changes - still need to wait 10 minutes. This problem is exists in chrome and ie8.
How can i solve this problem?
Thanks in advance.
*Edit 1:
I add logout.php page with the following code: session_start();session_destroy();unset($_SESSION); When i log in successfully and receive the proper echo, i push logout link and then log in using another account - all great.
1st question - can i log in via 1st account for the 1st time and via 2nd account for the 2nd time? Is this ok?
2nd question - when i failed to log in, there again i see freeze. If i try to log in with proper account after this, i will see old information about fail login. What i need to do?
It may be somewhat obvious but... is $row['id'] actually a number/string, not NULL? :p You could try
var_dump($_SESSION['id']);
instead of
echo $_SESSION['id'];
Have you tried
session_write_close();
after setting your session variable?
First of all, you are not showing the entire code and in this case it is very important.
<?php session_start();
....
$result=$db->query($query);
$row=$result->fetch_assoc();
$_SESSION['id']=$row['id'];
header('Location: http://www.blabla.com/successLoginPage.php');
// Mystery ???
When you are calling header('Location: xxx'), it doesn't stop the script, so everything after your header is executed.
You could add the function die to prevent any other code to execute after the redirection.
<?php session_start();
....
$result=$db->query($query);
$row=$result->fetch_assoc();
$_SESSION['id']=$row['id'];
header('Location: http://www.blabla.com/successLoginPage.php');
die(); // No more code executed after this //
Solved the problem.
I deleted all login files and rewrite it from scratch and all seems to work now. Don't know where bug was.