can't get session to work...

kark_1999

INDEX.PHP:

<body>

VALIDATESESSION.PHP:

<?php
if (!isset($_SESSION['sess_security_id']))
{
//header("location: login.php"); // send to authentication page ..
echo "<script>document.location.href='http://www.mysite.com/login.php'</script>";
}
?>

<?php
if(isset($_POST['Submit']) )
{

$conn=mysql_connect(ip,user,pass);
mysql_select_db("dbname");

if (!$conn)
{
	echo "Connection Failed";
}

$username = $_POST["username"];
$password = $_POST["password"];

$sql="SELECT security_id FROM usersecurity WHERE username='" . $username . "' AND password= '" . $password . "' ";

$rs=mysql_query($sql);

if (!$rs)
{
	exit("Error in SQL");
}

while ($i = mysql_fetch_row($rs))
{
    $security_id=mysql_result($rs, 0,"security_id");

session_start();
    $_SESSION["sess_security_id"] = $security_id;

    //echo "<script>document.location.href='http://www.mysite.com/index.php'</script>";
 	header("location: index.php");
 }

 echo "<script>document.location.href='http://www.yahoo.com'</script>";  //for testing

}

<div class="bodyClass">
<b>Login:</b>
<br><br>
<form name="form1" method="post" action="<? echo $PHP_SELF;?>">
<p>User Name:
<input type="text" name="username">
</p>
<p>Password:
<input type="password" name="password">
</p>
<p>
<input type="submit" name="Submit" value="Submit">
</p>
</form>

<p>
Click envelope to request username/password:
<a href="mailto:myaddress@domain.net"><img src="http://www.mysite.com/images/envelope.gif" width=16 height=10 border=0></a>
</p>
</div>

</body>
</html>

kark_1999

Forgot to descibe my problem....

I always get bumped back to the login.php, even though I authenticate. It appears that the validatesession.php "if (!isset($_SESSION['sess_security_id'])) " always thinks that there is no session variable set, so it redirects me to login.php.

Any suggestions?

Thanks.
</ripping my hair out>

drew010

session_start() seems to be missing in validatesession.php.

also, if you want to use header("Location: login.php");
you need to make sure no data is output before you call it, in this case you have <html>
<head>
above your include call. if you move the <html>... to go under your include, header will work.

...you must call session_start() on every page you want to use the sessions, not just when you create it.

kark_1999

Thanks Drew!