473,543 Members | 2,093 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Why is session lost on redirect?

I'm trying to create a very basic login page that will redirect a logged in
user to a secure page. I set the session_start variable at the top of the
login page, then redirect to securePage.php if the user enters the right
credentials.

The redirect works, but apparently $HTTP_SESSION_V ARS['loggedin'] is not
getting set because I cannot view securePage.php.

Am I setting $HTTP_SESSION_V ARS correctly? My guess is I'm missing
something elementary. How can I get the session to carry over to the
redirected page?

Thanks in advance.

<?php session_start ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
<html>
<head>
<META NAME="ROBOTS" CONTENT="NOINDE X, NOFOLLOW">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
[java script, html...]
<h4>Login Form</h4>
<form action="" method="post" name="login">
User Name:
<input name="username" type="text" size="30" maxlength="100"/><br />
Password:
<input name="password" type="password" size="30" maxlength="10"> <br />
<input name="Login" type="submit" value="Login">
</form>
<?php
if ($username == "Bob" && $password ="Smith")
{
$HTTP_SESSION_V ARS['loggedin'] = 1;
$url="http://www.mysite.com/securePage.php" ;
?>
<script language="javas cript">
window.location .href=("<?php echo $url; ?>");
</script>
<?
}
?>
[more html]
</body>
</html>
==============
[securePage.php]
<?php
session_start() ;
if (isset($HTTP_SE SSION_VARS['loggedin']))
{
echo "You are logged in.";
}
else
{
echo "You are not logged in.";
}
?>
Jul 17 '05 #1
6 26845
You must use session_start() at the beginning of EVERY script that
reads/writes session data, not just those that write to it.

--
Tony Marston

http://www.tonymarston.net
"deko" <de**@hotmail.c om> wrote in message
news:Rx******** **********@news svr13.news.prod igy.com...
I'm trying to create a very basic login page that will redirect a logged
in
user to a secure page. I set the session_start variable at the top of the
login page, then redirect to securePage.php if the user enters the right
credentials.

The redirect works, but apparently $HTTP_SESSION_V ARS['loggedin'] is not
getting set because I cannot view securePage.php.

Am I setting $HTTP_SESSION_V ARS correctly? My guess is I'm missing
something elementary. How can I get the session to carry over to the
redirected page?

Thanks in advance.

<?php session_start ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
<html>
<head>
<META NAME="ROBOTS" CONTENT="NOINDE X, NOFOLLOW">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
[java script, html...]
<h4>Login Form</h4>
<form action="" method="post" name="login">
User Name:
<input name="username" type="text" size="30" maxlength="100"/><br />
Password:
<input name="password" type="password" size="30" maxlength="10"> <br />
<input name="Login" type="submit" value="Login">
</form>
<?php
if ($username == "Bob" && $password ="Smith")
{
$HTTP_SESSION_V ARS['loggedin'] = 1;
$url="http://www.mysite.com/securePage.php" ;
?>
<script language="javas cript">
window.location .href=("<?php echo $url; ?>");
</script>
<?
}
?>
[more html]
</body>
</html>
==============
[securePage.php]
<?php
session_start() ;
if (isset($HTTP_SE SSION_VARS['loggedin']))
{
echo "You are logged in.";
}
else
{
echo "You are not logged in.";
}
?>

Jul 17 '05 #2
> You must use session_start() at the beginning of EVERY script that
reads/writes session data, not just those that write to it.


Thanks for the tip, but...
I tried adding session_start() (at line ****), but I get the same results.
I also tried using $_SESSION instead of $HTTP_SESSION_V ARS, as shown below.
Still, when I arrive at securePage, $_SESSION is empty.

<?php session_start ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
<html>
<head>
<META NAME="ROBOTS" CONTENT="NOINDE X, NOFOLLOW">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
[java script, html...]
<h4>Login Form</h4>
<form action="" method="post" name="login">
User Name:
<input name="username" type="text" size="30" maxlength="100"/><br />
Password:
<input name="password" type="password" size="30" maxlength="10"> <br />
<input name="Login" type="submit" value="Login">
</form>
<?php
session_start() ****
if ($username == "Bob" && $password ="Smith")
{
$_SESSION['s'] = 1;
$url="http://www.mysite.com/securePage.php" ;
?>
<script language="javas cript">
window.location .href=("<?php echo $url; ?>");
</script>
<?
}
?>
[more html]
</body>
</html>
==============
[securePage.php]
<?php
session_start() ;
if (isset($_SESSIO N['s']))
{
echo "You are logged in.";
}
else
{
echo "You are not logged in.";
}
?>
Jul 17 '05 #3
Hello.
This works fine for me.
The main difference is that I registered the var first.
Brent Palmer.

<?php
session_start() ;
session_registe r("loggedin") ;
$loggedin = false;
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
<html>
<head>
<META NAME="ROBOTS" CONTENT="NOINDE X, NOFOLLOW">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
[java script, html...]
<h4>Login Form</h4>
<form action="" method="post" name="login">
User Name:
<input name="username" type="text" size="30" maxlength="100"/><br />
Password:
<input name="password" type="password" size="30" maxlength="10"> <br />
<input name="Login" type="submit" value="Login">
</form>
<?php

if ($username == "Bob" && $password ="Smith")
{
$loggedin = true;
$url="http://www.mysite.com/securePage.php" ;
?>
<script language="javas cript">
window.location .href=("<?php echo $url; ?>");
</script>
<?
}
?>
[more html]
</body>
</html>

"deko" <de**@hotmail.c om> wrote in message
news:cX******** *********@newss vr14.news.prodi gy.com...
You must use session_start() at the beginning of EVERY script that
reads/writes session data, not just those that write to it.


Thanks for the tip, but...
I tried adding session_start() (at line ****), but I get the same results.
I also tried using $_SESSION instead of $HTTP_SESSION_V ARS, as shown
below.
Still, when I arrive at securePage, $_SESSION is empty.

<?php session_start ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
<html>
<head>
<META NAME="ROBOTS" CONTENT="NOINDE X, NOFOLLOW">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
[java script, html...]
<h4>Login Form</h4>
<form action="" method="post" name="login">
User Name:
<input name="username" type="text" size="30" maxlength="100"/><br />
Password:
<input name="password" type="password" size="30" maxlength="10"> <br />
<input name="Login" type="submit" value="Login">
</form>
<?php
session_start() ****
if ($username == "Bob" && $password ="Smith")
{
$_SESSION['s'] = 1;
$url="http://www.mysite.com/securePage.php" ;
?>
<script language="javas cript">
window.location .href=("<?php echo $url; ?>");
</script>
<?
}
?>
[more html]
</body>
</html>
==============
[securePage.php]
<?php
session_start() ;
if (isset($_SESSIO N['s']))
{
echo "You are logged in.";
}
else
{
echo "You are not logged in.";
}
?>

Jul 17 '05 #4
Brent Palmer wrote:
Hello.
This works fine for me.
The main difference is that I registered the var first.


http://in.php.net/session_register

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

Jul 17 '05 #5
deko wrote:
You must use session_start() at the beginning of EVERY script that
reads/writes session data, not just those that write to it.
Thanks for the tip, but...
I tried adding session_start() (at line ****), but I get the same

results. I also tried using $_SESSION instead of $HTTP_SESSION_V ARS, as shown below. Still, when I arrive at securePage, $_SESSION is empty.


It seems that the session cookie is not set--IOW, session id is not
passed to that page. If you're using trans sid, it won't append SID in
headers (header('Locati on:..'))--which you may have to do manually.

Also, add the following two lines in the beginning of your script:
<?php
ini_set('displa y_errors', 1);
error_reporting (E_ALL|E_STRICT );
?>

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

Jul 17 '05 #6
> Also, add the following two lines in the beginning of your script:
<?php
ini_set('displa y_errors', 1);
error_reporting (E_ALL|E_STRICT );
?>


Thanks, that helps. As for losing the session on redirect, the problem was
that the login page was SSL-encrypted and the redirect page was not. Now
that both pages are SSL-encrypted, it works fine.

I have another question about timing out the session - will repost.
Jul 17 '05 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
4265
by: Alex | last post by:
Thank you in advance. My ASP page 1 redirect user to third party's website, after the process at third party is finished, in 3rd party's page, there is one link to route user back to my website: ASP page2. As the user do all of these actions in the same browser, I
3
1738
by: Targa | last post by:
I use a database to authenticate users. Thier logon info is stored in a session. When the session times out it redirects the user back to the login page, which, when logged in sends them to the secured homepage. How can I return them to the page they were on when the session timed out, rather than starting over on the homepage? Thanks!
9
2368
by: Greg Linwood | last post by:
I'm having difficulty understanding Session state in ASP.Net. It's almost embarrassing asking this as I've been using ASP since it was first released & it really shouldn't be this hard to use - perhaps I'm just not very smart or perhaps MS is making this too hard for us sql bunnies to understand - I dunno, but I'd really appreciate someone...
3
2595
by: William | last post by:
Hi I have an ASP.NET application that connects to an Access database. Everything works fine except for the Session object. Data in the session object is lost after I've made a call to the database. To test, I've created two test aspx pages. Test1.aspx contains two buttons. The first button sets values in the session object and then...
10
12169
by: GreggTB | last post by:
I've got an page (LOGIN.ASPX) that receives the user's login information. During the page load, it checks the credentials against a database and, if validation is successful, creates an instance of an object that stores the user's basic profile data (username, user type, associated sales region, etc.). I've been taking this user info and...
18
6858
by: Rippo | last post by:
Hi I am using role base forms authentication in asp.net and have come across a problem that I would like advice on. On a successful login a session variable is set to identify a user. This is all good as this session variable is used to retrieve data for that user etc. However if I restart the webserver then the users session is lost but...
3
2515
by: catweezle2010 | last post by:
Hello NG, I have three files (default.aspx, search.aspx and work.aspx). The way is: login on default (if session is newsession). The loginname I write into as sessionvariable (username). So I redirect to my search.aspx. Here I have a form which allows fill in some fields (place, street, name etc.). With this informations i build a sqlquerey...
2
2669
by: deisner | last post by:
All- I have a Framework 2.0 application running under Windows 2003 Server and IIS utilizing the default application pool. On my development machine (XP w/ IIS 5.1) the code runs perfectly. But when deployed recompiled under 2003/6.0, every time the application gets to a Response.Redirect (happens right away when a user logs in), the...
0
2833
by: Dornel | last post by:
Hi all, My session variables are lost when I using response.redirect at first time... In the second time, the problem not exists. example in page 1(create session and redirect): session("nome") = "teste" response.redirect = "page2.asp" page 2(show content of session):
5
4093
by: Sam | last post by:
Hi All, I have a very weird issue with my session variable and I'm hoping that someone can help me out. The issue is my session variable dissappears after a request is redirected to a new page. What I have in this new page is streamwriter which writes user's data to a log file. Now if I comment out the line that calls the write method of...
0
7408
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
0
7349
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language...
0
7590
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
1
7347
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
0
5885
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
1
5271
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes...
0
4895
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
1
1817
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
1
968
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.