Session *Help*

Session Help

prslou

I'm sure you're all tired of session problems, but here I go.

This is the first time I've worked with sessions. I first wrote my sessions using cookies, and it worked great, now I decided that if I can figure it out, I would rather not use cookies. Here's the code I've got so far. Register_globals is OFF.

<?
mysql_connect ('localhost', 'login', 'password');
mysql_select_db ('tamr_active');

if (!isset($_SESSION['member']) || !isset($_SESSION['pass'])) { 
if (!isset($_GET['subpage'])) { 
include '../includes/head.php'; ?>
If you are a T.A.M.R. member, please login here to access the member-only content.<br><br>
<form name="members" method="post" action="members.php?subpage=login">
Login:<br>
<input type="text" name="login"><br><br>
Password:<br>
<input type="password" name="pass"><br><br>
  <input type="image" src="../graphics/submit.gif" name="Submit" value="Submit" width="66" height="26" border="0">
</form>
<? }
if (isset($_GET['subpage']) && $_GET['subpage'] == 'login' && isset($_POST['login']) && isset($_POST['pass'])) {
$pass = md5($_POST['pass']);
$login = $_POST['login'];
$query = mysql_query("SELECT * FROM members WHERE login='$login' AND pass='$pass'");
if (mysql_num_rows($query) >= '1') {
session_start();
$_SESSION['member'] = $login;
$_SESSION['pass'] = $pass;
}
else if (mysql_num_rows($query) == '0') { 
include '../includes/head.php'; ?>
Sorry, your login does not match up with our database.  If you want to try again, use the form below.<br><br>
<form name="login" method="post" action="members.php?subpage=login">
Login:<br>
<input type="text" name="login"><br><br>
Password:<br>
<input type="password" name="pass"><br><br>
  <input type="image" src="../graphics/submit.gif" name="Submit" value="Submit" width="66" height="26" border="0">
</form>
<? }
}
}

if (isset($_SESSION['member']) && isset($_SESSION['pass'])) { 
include '../includes/head.php';
print 'You are logged in.'; 
}

include '../includes/foot.php';
?>

This works right after you click submit, i.e. it displays you are logged in. However, if I refresh or click the link to the page again (the PHPSESSID is in the URL), it just tells me to login in again. Basically it appears that the session only remains registered for that page.

(The script is not completed yet so please don't tell me how unsecure it is, etc. -- I just want to get the sessions working first).

Thanks in advance for your help -- it is appreciated.

prslou

DUH I wasn't putting in the session_start(); on every page.