Session variables not working php

php session session-variables
Arihant picture Arihant · Oct 30, 2013 · Viewed 140.1k times · Source

Here are the code of my login page where the login script checks for the authenticity of the user and then redirects to inbox page using header function.

<?php
session_start();

include_once('config.php');
$user=htmlentities(stripslashes($_POST['username']));
$password=htmlentities(stripslashes($_POST['password']));
// Some query processing on database    

if(($id_user_fetched<=$id_max_fetched) && ($id_user_fetched!=0)){
$_SESSION['loggedIn'] = 'yes';
    header("Location:http://xyz/inbox.php?u=$id_user_fetched");
    //echo 'Login Successful';
    }else{
        echo 'Invalid Login';
        echo'<br /> <a href="index.html">Click here to try again</a>';
        }
}else{
    echo mysqli_error("Login Credentials Incorrect!");
    }
?>

The inbox.php page looks like this:

<?php
session_start(); 
echo 'SESSION ='.$_SESSION['loggedIn'];
if($_SESSION['loggedIn'] != 'yes'){
echo $message = 'you must log in to see this page.';
//header('location:login.php');
}
 //REST OF THE CODE

?>

Now with the above code, the inbox.php always shows the output: SESSION=you must log in to see this page. Which means that either the session variable is not being setup or the inbox.php is unable to retrieve the session variable. Where am i going wrong?

Answer

revo picture revo · Oct 30, 2013
  1. Make sure session_start(); is called before any sessions are being called. So a safe bet would be to put it at the beginning of your page, immediately after the opening <?php tag before anything else. Also ensure there are no whitespaces/tabs before the opening <?php tag.
  2. After the header redirect, end the current script using exit(); (Others have also suggested session_write_close(); and session_regenerate_id(true), you can try those as well, but I'd use exit();).
  3. Make sure cookies are enabled in the browser you are using to test it on.
  4. Ensure register_globals is off, you can check this on the php.ini file and also using phpinfo(). Refer to this as to how to turn it off.
  5. Make sure you didn't delete or empty the session.
  6. Make sure the key in your $_SESSION superglobal array is not overwritten anywhere.
  7. Make sure you redirect to the same domain. So redirecting from a www.yourdomain.com to yourdomain.com doesn't carry the session forward.
  8. Make sure your file extension is .php (it happens!).

PHP session lost after redirect

Related questions

Check if PHP session has already started

I have a PHP file that is sometimes called from a page that has started a session and sometimes from a page that doesn't have session started. Therefore when I have session_start() on this script I sometimes get the …

Read More
How to use store and use session variables across pages?

When one page is accessed, I would like to start a session and store a session variable: <?php session_start(); $_SESSION['myvar']='myvalue'; ?> Then from another page, I would like to check if that session variable has been …

Read More
Codeigniter - get all users session data

I need to get all sessions data and take some actions upon them, is there any possible way to get them, I found how to solve it in php but codeigniter use's it own custom sessions library. Native php $_SESSION …

Read More