29

Here are the code of my login page where the login script checks for the authenticity of the user and then redirects to inbox page using header function.

<?php
session_start();

include_once('config.php');
$user=htmlentities(stripslashes($_POST['username']));
$password=htmlentities(stripslashes($_POST['password']));
// Some query processing on database    

if(($id_user_fetched<=$id_max_fetched) && ($id_user_fetched!=0)){
$_SESSION['loggedIn'] = 'yes';
    header("Location:http://xyz/inbox.php?u=$id_user_fetched");
    //echo 'Login Successful';
    }else{
        echo 'Invalid Login';
        echo'<br /> <a href="index.html">Click here to try again</a>';
        }
}else{
    echo mysqli_error("Login Credentials Incorrect!");
    }
?>

The inbox.php page looks like this:

<?php
session_start(); 
echo 'SESSION ='.$_SESSION['loggedIn'];
if($_SESSION['loggedIn'] != 'yes'){
echo $message = 'you must log in to see this page.';
//header('location:login.php');
}
 //REST OF THE CODE

?>

Now with the above code, the inbox.php always shows the output: SESSION=you must log in to see this page. Which means that either the session variable is not being setup or the inbox.php is unable to retrieve the session variable. Where am i going wrong?

Improve this question
17
  • 1
    It should be echo "Login Credentials Incorrect!" ; not echo mysqli_error("Login Credentials Incorrect!"); Commented Oct 30, 2013 at 19:31
  • Can you debug to confirm that the conditions of your if statement evaluates to true? (i.e echo a statement in the true and false block to see which one is firing) Commented Oct 30, 2013 at 19:32
  • 1. do you call both scripts from the same domain? 2. do you use any kind of session_name, session_id, session_set_cookie? 3. session_start returns value, do you check it? Commented Oct 30, 2013 at 19:32
  • 1
    @Crackertastic Yes i can assure you that they evaluate to true. checked several times Commented Oct 30, 2013 at 19:33
  • 3
    These are two else statements for one if Commented Oct 30, 2013 at 19:33

13 Answers 13

Reset to default
12

I had the same issue for a while and had a very hard time figuring it out. My problem was that I had the site working for a while with the sessions working right, and then all of the sudden everything broke.

Apparently, your session_save_path(), for me it was /var/lib/php5/, needs to have correct permissions (the user running php, eg www-data needs write access to the directory). I accidentally changed it, breaking sessions completely.

Run sudo chmod -R 700 /var/lib/php5/ and then sudo chown -R www-data /var/lib/php5/ so that the php user has access to the folder.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

777 is a bad set of permissions for the session save folder. You need to change the ownership of the folder to allow the web server to write to it and prevent all other access.
HOOOOLY SHIT man, all the best in your life, I was literally crying because I couldn't get session onto the next page.
8

If you use a connection script, dont forget to use session_start(); at the connection too, had some trouble before noticing that issue.

Improve this answer

1 Comment

Oh! I had one form where I input username and try to use that username on other page. Basically, my mistake was to not call session_start() on another page where I retrieve that username. Thanks. That really helped.
3

Maybe if your session path is not working properly you can try session.save_path(path/to/any folder); function as alternative path. If it works you can ask your hosting provider about default path issue.

Improve this answer

Comments

2

Just talked to the hosting service, it was an issue at their end. he said " your account session.save_path was not set as a result issue arise. I set it for you now."

And it works fine after that :)

Improve this answer

Comments

2

Maybe it helps others, myself I had

session_regenerate_id(false);

I removed it and all ok!

after login was ok... ouch!

Improve this answer

Comments

1

I had similar issue and with the cookie domain:

    ini_set('session.cookie_domain', '.domain.com');

the domain was setup wrong so all sessions were ignored because the user cookie was never set right hope this will help someone.

Improve this answer

Comments

1

The other important reason sessions can not work is playing with the session cookie settings, eg. setting session cookie lifetime to 0 or other low values because of simple mistake or by other developer for a reason. 

session_set_cookie_params(0)
Improve this answer

Comments

1

I was also facing the same problem i did the following steps to resolve the issue

  1. I edited the file /etc/php.ini and searched the path session.save_path = "/var/lib/php/session" you have to give your session info

2 After that just changed the permission given below *chown root.apache /var/lib/php/session * That's it. These above steps resolve my issue

Improve this answer

Comments

1

Ensure values you write to your session are simple types. Complex types can cause all session changes to be dropped from memory.

I made the mistake of accidentally setting a session variable with an object value. This prevented the session from serializing and saving. The session appeared to be valid until the page refreshed.

A good way to verify this is to do a var_dump() of $_SESSION and exit() to ensure you are writing exactly what you expect.

echo '<pre>Session: ';
var_dump($_SESSION);
echo '</pre>';
exit();

In my case I could fix the issue by casting my username to string as follows:

$_SESSION['Username'] = (string)$userData->Username;

Cost: 1 nights sleep.

Improve this answer

Comments

1

After hours of troubleshooting, I wanted to share that my php file was encoded using UTF-BOM and this is what was preventing my otherwise working php page from saving my session variables. I converted my php file from UTF-BOM to just plain UTF and everything started working.

The byte order mark (BOM) is a Unicode character that sometimes causes problems in PHP scripts (especially in includes), because it can cause HTTP headers to be sent to the browser prematurely.

Not sure how that happened, but was a quick solution to hours of struggling. The only way I caught it was viewing in Notepad++.

Improve this answer

Comments

0

I encountered this issue today. the issue has to do with the $config['base_url'] . I noticed htpp://www.domain.com and http://example.com was the issue. to fix , always set your base_url to http://www.example.com

Improve this answer

Comments

0

In my case none of above are working then I use ob_clean at the top and it worked like a charm.

ob_clean();
session_start();
Improve this answer

Comments

0

For me, PHP was writing session info to C:\WINDOWS\TEMP but somehow lost permissions to write to this folder so whenever you navigated (header call etc) it just lost all the session variables!

I'm guessing some recent Windows update tightened control over this folder because it was working just fine a few months ago.

I created a new folder with read/write permissions and set session.save_path in PHP.INI.

Then it worked fine!

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.