when i try to refresh the page the session i echoed was lost. why??
thank you for those who will respond.
[RESOLVED] Session lost when clicking refresh
Why? Most likely due to the way it was coded.
Seriously, though, we probably need to see the script in question - at least the top where the session gets started through where the session value is set and where you expect to see evidence that it is set upon a page refresh.
im making a login and here it goes:
the index.php, it is the login page
here is the code for that...
<?php
error_reporting(E_ALL & ~E_NOTICE);
session_start();
$error = $_SESSION['error'];
?>
<html>
<head>
</head>
<body bgcolor="#E8EEEB">
<td width="316" class="font"><font color="#FF0000" ><?php echo ($error) ;?></font></td>
form action="userlogincheck.php" method="post" enctype="multipart/form-data" name="Login">
<td colspan="3"><font class="font-title">Welcome</font></td>
</tr>
<tr>
<td width="83"><font class="font-login">Username: </font></td>
<td width="165"><label>
<input class="login" type="text" name="username" />
</label></td>
<td> </td>
</tr>
<tr>
<td height="23"><font class="font-login">Password:</font></td>
<td><input class="login" type="password" name="password" /></td>
<td><input class="button-login" name="Submit" type="submit" id="Submit" value="Sign In" />
<input class="button-login" name="Cancel" onClick="action='index.php'" type="submit" id="Cancel" value="Cancel" />
and the userlogincheck.php code...
<?php
error_reporting(E_ALL & ~E_NOTICE);
include ('dbconnect.php');
$vusertype = $POST['usertype'];
$vusername = $POST['username'];
$submit = $POST['Submit'];
$vpassword = $POST['password'];
$verror = 'Login attempt was unsuccessful';
if (isset($vusername) and isset($vpassword) and isset($submit)) {
$sql="SELECT * FROM user WHERE username='$vusername' AND password='$vpassword'";
$result = mysqli_query($conn,$sql) or die ('error query');
$rows = mysqli_num_rows($result);
if ($rows == 1){
session_start();
session_register('username');
session_register('password');
$SESSION['id']= session_id();
$SESSION['username'] = $vusername;
$uname = $SESSION['username'];
$SESSION['password'] = $vpassword;
$SESSION['logged_in'] == true;
if (session_is_registered('username')){
die (header("Location: http://localhost/main.php?rand=$sessid"));
}}
else
{
session_start();
$SESSION['error'] = $verror;
session_unregister('username');
session_unregister('password');
header("Location: http://localhost/index.php");
mysqli_close($conn);
}
}
is it correct?? thank you for the reply.
session_register() (and its related functions) is deprecated now and should not be used any more. Just use the $_SESSION array to access your session variables.
Also, if you are going to do a header() redirect, you need to do a [man]session_write_close/man before it to ensure that your session data is saved.
can you show me how it is done in my code. PLEASE thank you very much! i dont know how to use $_SESSION array. aw! help!
where will i also put the session_write_close? thank you.
I'd rearrange it to something like the following (untested, of course):
<?php
error_reporting(E_ALL & ~ E_NOTICE);
session_start();
include ('dbconnect.php');
if(isset($_POST['username']) and isset($_POST['password']))
{
session_regenerate_id();
$vusertype = $_POST['usertype'];
$vusername = $_POST['username'];
$vpassword = $_POST['password'];
$verror = 'Login attempt was unsuccessful';
$sql = "SELECT * FROM user WHERE username='$vusername' AND password='$vpassword'";
$result = mysqli_query($conn, $sql) or die('error query');
$rows = mysqli_num_rows($result);
if($rows == 1)
{
$_SESSION['id'] = session_id();
$_SESSION['username'] = $vusername;
$uname = $_SESSION['username'];
$_SESSION['password'] = $vpassword;
$_SESSION['logged_in'] == true;
session_write_close();
header("Location: http://localhost/main.php?rand=$sessid");
exit;
}
else
{
$_SESSION = array();
$_SESSION['error'] = $verror;
session_write_close();
header("Location: http://localhost/index.php");
exit;
}
}
thank you for your effort of helping me out. but its still not working. but it already store a session but when i check the session file stored it is empty. why?? can yuo help me with these. any explanation with me much appreciated. thank You!
Have you tried a simple example of sessions to see if they work?
<? session_start();
echo "Testing sessions " . $_SESSION['test'] . " working";
$_SESSION['test'] = 'are';
?>
First load should show "Testing sessions working"
a refresh should show "Testing sessions are working"
halfabee session is working within the same page but in the case of redirecting to another page the session was lost. i tried to change the configuration in my php.ini and i the session file stored now is well and good. it has stored all the session but my problem right now is the session when i try to echo it on another page it doesnt show. why???
Repost the code you have.
what is the correct session.cookie_path in php.ini? is it / or \ ? and the session.save_path c:/ or c:\? thank you very much!
here is the logincheck page which is modified according to what nogdog says:
<?php
error_reporting(E_ALL & ~ E_NOTICE);
session_start();
include ('dbconnect.php');
if(isset($POST['username']) and isset($POST['password']))
{
session_regenerate_id();
$vusertype = $POST['usertype'];
$vusername = $POST['username'];
$vpassword = $POST['password'];
$verror = 'Login attempt was unsuccessful';
$sql = "SELECT * FROM user WHERE username='$vusername' AND password='$vpassword'";
$result = mysqli_query($conn, $sql) or die('error query');
$rows = mysqli_num_rows($result);
if($rows == 1)
{
$SESSION['id'] = session_id();
$sessid = $SESSION['id'];
$SESSION['username'] = $vusername;
$SESSION['password'] = $vpassword;
$SESSION['logged_in'] == true;
session_write_close();
header("Location: http://localhost/main.php?rand=$sessid");
exit;
}
else
{
$SESSION = array();
$SESSION['error'] = $verror;
session_write_close();
header("Location: http://localhost/index.php");
exit;
}
}
the seperate login page which is in the diffirent folder:
?php
error_reporting(E_ALL & ~E_NOTICE);
session_start();
$error = $_SESSION['error'];
?>
<html>
<head>
</head>
<body bgcolor="#E8EEEB">
<td width="316" class="font"><font color="#FF0000" ><?php echo ($error) ;?></font></td>
form action="userlogincheck.php" method="post" enctype="multipart/form-data" name="Login">
<td colspan="3"><font class="font-title">Welcome</font></td>
</tr>
<tr>
<td width="83"><font class="font-login">Username: </font></td>
<td width="165"><label>
<input class="login" type="text" name="username" />
</label></td>
<td> </td>
</tr>
<tr>
<td height="23"><font class="font-login">Password:</font></td>
<td><input class="login" type="password" name="password" /></td>
<td><input class="button-login" name="Submit" type="submit" id="Submit" value="Sign In" />
<input class="button-login" name="Cancel" onClick="action='index.php'" type="submit" id="Cancel" value="Cancel" />
?>
and the main.php page which is also in the different folder:
<?php
error_reporting(E_ALL & ~E_NOTICE);
session_start();
$sessid = $GET['rand'];
$username = $SESSION['username'];
?>
<html>
<head>
</head>
<body style="overflow:hidden" bgcolor="#E8EEEB">
<table width="1000" border="0" cellpadding="0" cellspacing="4"><tr><td></td></tr></table>
<table background="../images/background.jpg"align="center" width="1000" border="0" cellpadding="0" cellspacing="0">
<tr>
<td colspan="2" height="74"><p> </p>
<p>
<font color="#FFFFFF" size="-1"><?php echo 'Welcome '. $username; ?> </font></p>
</td>
</tr>
</table>
thank you for your reply.
when the php.ini session.cookie_path = /, the session is echoing the content of the saved session but the session file stored is empty. while when session.cookie_path = \ , the session file stored has the value of the saved session but it is not displaying when echoed. why??? can please somebody tell me. thank you very much!
by the way halfabee the test session you suggested was working well but i dont know why my code above wasnt. thank you.
does session_regenerate_id() work for php5??? why when i echoed it, it displays 1?? is it the real value of that function?? thank you! it seems that my prob is the session_regenerate_id(), cause when i try to omit it on my logincheck.php page the page displays the session fine. but session file was not stored the temp folder is empty. why is this happening??
thank you for those who will reply!
seisei wrote:halfabee session is working within the same page but in the case of redirecting to another page the session was lost. i tried to change the configuration in my php.ini and i the session file stored now is well and good. it has stored all the session but my problem right now is the session when i try to echo it on another page it doesnt show. why???
[DISCLAIMER] I have never had the need to use header redirects in a script, so I might have no clue what I'm talking about here.[/DISCLAIMER]
Just a thought, I may or may not be reading too much into this . . . Are you redirecting to another page using header("Location: http://www.whatever.com/page.php") statements? if so, this is from the PHP documentation:
PHP Manual wrote:Note: Session ID is not passed with Location header even if session.use_trans_sid is enabled. It must by[sic] passed manually using SID constant.
thank you for all those who replied to my post and try to answer my question. somehow i get to have an idea and manage to make my project work. ill share my working code as a sign of my gratitude so that someone may benefit on it in case.
here is the working userlogincheck:
session_start();
include ('dbconnect.php');
if(!get_magic_quotes_gpc()) {
$login=mysqli_real_escape_string($conn,$POST['login']);
$password=mysqli_real_escape_string($conn,$POST['password']);
}else {
$login=$_POST['login'];
}
//Create query
$qry="SELECT member_id,firstname FROM members WHERE login='$login' AND passwd='$password'";
$result=mysqli_query($conn,$qry);
//Check whether the query was successful or not
if($result) {
if(mysqli_num_rows($result)>0) {
//Login Successful
session_regenerate_id();
$member=mysqli_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID']=$member['member_id'];
$_SESSION['FIRSTNAME']=$member['firstname'];
session_write_close();
header("location: member-index.php");
exit();
}else {
//Login failed
header("location: login-failed.php");
exit();
}
}else {
die("Query failed");
}
i just try to omit the session_id() and left the session_regenerate_id() alone. thank you!