[RESOLVED] Session not being kept alive

glima

Hey guys. I have a problem on my website.
I have 2 header files.... 1 that requires login to access the page that uses it, and the other that doesnt require login for the pages that are open to the public.

When navigating you can be logged on and still search thru the non-secured area... but since it uses the header2.php that doesnt require you to be logged on it's like if the session is not bein kept alive.

I'm trying to check if the session is started to alow some controls for the user, but it simply cant find the $_SESSION.

any light? :S

This is basically the script I use, only if the user signs in then the session start... but if you login and try to go to this page again... at this point you already have access to the secured area. Still when the user comes to these pages that are not secured. It cant detect the session. Though if you go to any other area that require login, your session is still alive.

I must be missing somthing to transfer session information accross these 2 header files.. but I dont'know what.

if(isset($_POST['login']) && (!empty($_POST['user_email']) || !empty($_POST['user_password']))){
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['user_email'])) {
  $loginUsername=$_POST['user_email'];
  $password=$_POST['user_password'];
  $MM_fldUserAuthorization = "";
  if(!array_key_exists('accesscheck', $_GET)){
  	$MM_redirectLoginSuccess = './main.php?page=Home';
  }elseif(array_key_exists('wizard', $_POST)){
  	$MM_redirectLoginSuccess = './main.php?page=Home';
  }else{
  	$MM_redirectLoginSuccess = $_GET['accesscheck'];
  }
  $MM_redirectLoginFailed = "index.php?&LoginError";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_dbConnect, $dbConnect);

  $LoginRS__query=sprintf("SELECT user_email, user_password FROM user_registered WHERE user_email=%s AND user_password=%s", GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); 

  $LoginRS = mysql_query($LoginRS__query, $dbConnect) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";

//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;	      

if (isset($_SESSION['PrevUrl']) && false) {
  $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
}
header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
	header("Location: ". $MM_redirectLoginFailed );
  }
}
}

Thanks in advance

Gill

glima

By the way... this is the way I'm checking if there is a session

if(isset($_SESSION)){
     code
}

foyer

I don't understand the problem..?!

file1.php
session_start();
$_SESSION['var'] = 'FILE1';

file2.php
echo $_SESSION['var'];
//echos FILE1

That's how easy it is.

paulnaj

I think it's that you are checking for a session variable BEFORE you are 'turning on' session variables.

So, call session_start(); at the top of the script, regardless of whether you need to 'use' the session variables or not.

glima

Man! Some times I just wanna slap myself 😛
Thank you guys... It is really simple! Don't worry I already gave myself a slap on the back of my head >_<

I just started the session (session_start()) and on the area that has to be secured I gave the condition if(isset($_SESSION['userID'])){then show!}
😃
Thank you guys for your kind replies.

Gill