Why is session lost on redirect?

deko

I'm trying to create a very basic login page that will redirect a logged in
user to a secure page. I set the session_start variable at the top of the
login page, then redirect to securePage.php if the user enters the right
credentials.

The redirect works, but apparently $HTTP_SESSION_VARS['loggedin'] is not
getting set because I cannot view securePage.php.

Am I setting $HTTP_SESSION_VARS correctly? My guess is I'm missing
something elementary. How can I get the session to carry over to the
redirected page?

Thanks in advance.

<?php session_start ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
<html>
<head>
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
[java script, html...]
<h4>Login Form</h4>
<form action="" method="post" name="login">
User Name:
<input name="username" type="text" size="30" maxlength="100"/><br />
Password:
<input name="password" type="password" size="30" maxlength="10"><br />
<input name="Login" type="submit" value="Login">
</form>
<?php
if ($username == "Bob" && $password ="Smith")
{
$HTTP_SESSION_VARS['loggedin'] = 1;
$url="http://www.mysite.com/securePage.php";
?>
<script language="javascript">
window.location.href=("<?php echo $url; ?>");
</script>
<?
}
?>
[more html]
</body>
</html>
==============
[securePage.php]
<?php
session_start();
if (isset($HTTP_SESSION_VARS['loggedin']))
{
echo "You are logged in.";
}
else
{
echo "You are not logged in.";
}
?>

Jul 17 '05 #1

Subscribe Post Reply

26814

Tony Marston

You must use session_start() at the beginning of EVERY script that
reads/writes session data, not just those that write to it.

--
Tony Marston

http://www.tonymarston.net
"deko" <de**@hotmail.com> wrote in message
news:Rx******************@newssvr13.news.prodigy.c om...

I'm trying to create a very basic login page that will redirect a logged
in
user to a secure page. I set the session_start variable at the top of the
login page, then redirect to securePage.php if the user enters the right
credentials.

The redirect works, but apparently $HTTP_SESSION_VARS['loggedin'] is not
getting set because I cannot view securePage.php.

Am I setting $HTTP_SESSION_VARS correctly? My guess is I'm missing
something elementary. How can I get the session to carry over to the
redirected page?

Thanks in advance.

<?php session_start ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
<html>
<head>
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
[java script, html...]
<h4>Login Form</h4>
<form action="" method="post" name="login">
User Name:
<input name="username" type="text" size="30" maxlength="100"/><br />
Password:
<input name="password" type="password" size="30" maxlength="10"><br />
<input name="Login" type="submit" value="Login">
</form>
<?php
if ($username == "Bob" && $password ="Smith")
{
$HTTP_SESSION_VARS['loggedin'] = 1;
$url="http://www.mysite.com/securePage.php";
?>
<script language="javascript">
window.location.href=("<?php echo $url; ?>");
</script>
<?
}
?>
[more html]
</body>
</html>
==============
[securePage.php]
<?php
session_start();
if (isset($HTTP_SESSION_VARS['loggedin']))
{
echo "You are logged in.";
}
else
{
echo "You are not logged in.";
}
?>

Jul 17 '05 #2

deko

> You must use session_start() at the beginning of EVERY script that

reads/writes session data, not just those that write to it.

Thanks for the tip, but...
I tried adding session_start() (at line ****), but I get the same results.
I also tried using $_SESSION instead of $HTTP_SESSION_VARS, as shown below.
Still, when I arrive at securePage, $_SESSION is empty.

<?php session_start ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
<html>
<head>
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
[java script, html...]
<h4>Login Form</h4>
<form action="" method="post" name="login">
User Name:
<input name="username" type="text" size="30" maxlength="100"/><br />
Password:
<input name="password" type="password" size="30" maxlength="10"><br />
<input name="Login" type="submit" value="Login">
</form>
<?php
session_start() ****
if ($username == "Bob" && $password ="Smith")
{
$_SESSION['s'] = 1;
$url="http://www.mysite.com/securePage.php";
?>
<script language="javascript">
window.location.href=("<?php echo $url; ?>");
</script>
<?
}
?>
[more html]
</body>
</html>
==============
[securePage.php]
<?php
session_start();
if (isset($_SESSION['s']))
{
echo "You are logged in.";
}
else
{
echo "You are not logged in.";
}
?>

Jul 17 '05 #3

Brent Palmer

Hello.
This works fine for me.
The main difference is that I registered the var first.
Brent Palmer.

<?php
session_start();
session_register("loggedin");
$loggedin = false;
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
<html>
<head>
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
[java script, html...]
<h4>Login Form</h4>
<form action="" method="post" name="login">
User Name:
<input name="username" type="text" size="30" maxlength="100"/><br />
Password:
<input name="password" type="password" size="30" maxlength="10"><br />
<input name="Login" type="submit" value="Login">
</form>
<?php

if ($username == "Bob" && $password ="Smith")
{
$loggedin = true;
$url="http://www.mysite.com/securePage.php";
?>
<script language="javascript">
window.location.href=("<?php echo $url; ?>");
</script>
<?
}
?>
[more html]
</body>
</html>

"deko" <de**@hotmail.com> wrote in message
news:cX*****************@newssvr14.news.prodigy.co m...

You must use session_start() at the beginning of EVERY script that
reads/writes session data, not just those that write to it.

Thanks for the tip, but...
I tried adding session_start() (at line ****), but I get the same results.
I also tried using $_SESSION instead of $HTTP_SESSION_VARS, as shown
below.
Still, when I arrive at securePage, $_SESSION is empty.

<?php session_start ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
<html>
<head>
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
[java script, html...]
<h4>Login Form</h4>
<form action="" method="post" name="login">
User Name:
<input name="username" type="text" size="30" maxlength="100"/><br />
Password:
<input name="password" type="password" size="30" maxlength="10"><br />
<input name="Login" type="submit" value="Login">
</form>
<?php
session_start() ****
if ($username == "Bob" && $password ="Smith")
{
$_SESSION['s'] = 1;
$url="http://www.mysite.com/securePage.php";
?>
<script language="javascript">
window.location.href=("<?php echo $url; ?>");
</script>
<?
}
?>
[more html]
</body>
</html>
==============
[securePage.php]
<?php
session_start();
if (isset($_SESSION['s']))
{
echo "You are logged in.";
}
else
{
echo "You are not logged in.";
}
?>

Jul 17 '05 #4

R. Rajesh Jeba Anbiah

Brent Palmer wrote:

Hello.
This works fine for me.
The main difference is that I registered the var first.

http://in.php.net/session_register

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

Jul 17 '05 #5

R. Rajesh Jeba Anbiah

deko wrote:

You must use session_start() at the beginning of EVERY script that
reads/writes session data, not just those that write to it.
Thanks for the tip, but...
I tried adding session_start() (at line ****), but I get the same

results. I also tried using $_SESSION instead of $HTTP_SESSION_VARS, as shown below. Still, when I arrive at securePage, $_SESSION is empty.

It seems that the session cookie is not set--IOW, session id is not
passed to that page. If you're using trans sid, it won't append SID in
headers (header('Location:..'))--which you may have to do manually.

Also, add the following two lines in the beginning of your script:
<?php
ini_set('display_errors', 1);
error_reporting(E_ALL|E_STRICT);
?>

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

Jul 17 '05 #6

deko

> Also, add the following two lines in the beginning of your script:

<?php
ini_set('display_errors', 1);
error_reporting(E_ALL|E_STRICT);
?>

Thanks, that helps. As for losing the session on redirect, the problem was
that the login page was SSL-encrypted and the redirect page was not. Now
that both pages are SSL-encrypted, it works fine.

I have another question about timing out the session - will repost.

Jul 17 '05 #7

by: Alex | last post by:

Thank you in advance. My ASP page 1 redirect user to third party's website, after the process at third party is finished, in 3rd party's page, there is one link to route user back to my...

ASP / Active Server Pages

Logged in - Session timeout

by: Targa | last post by:

I use a database to authenticate users. Thier logon info is stored in a session. When the session times out it redirects the user back to the login page, which, when logged in sends them to the...

ASP / Active Server Pages

Trouble with using Session state

by: Greg Linwood | last post by:

I'm having difficulty understanding Session state in ASP.Net. It's almost embarrassing asking this as I've been using ASP since it was first released & it really shouldn't be this hard to use -...

ASP.NET

Session state lost after accessing database

by: William | last post by:

Hi I have an ASP.NET application that connects to an Access database. Everything works fine except for the Session object. Data in the session object is lost after I've made a call to the...

ASP.NET

by: GreggTB | last post by:

I've got an page (LOGIN.ASPX) that receives the user's login information. During the page load, it checks the credentials against a database and, if validation is successful, creates an instance of...

ASP.NET

Forms authentication and session expiration

by: Rippo | last post by:

Hi I am using role base forms authentication in asp.net and have come across a problem that I would like advice on. On a successful login a session variable is set to identify a user. This is...

ASP.NET

session value lost

by: catweezle2010 | last post by:

Hello NG, I have three files (default.aspx, search.aspx and work.aspx). The way is: login on default (if session is newsession). The loginname I write into as sessionvariable (username). So I...

ASP.NET

Session Data Lost on Response.Redirect with IIS 6.0

by: deisner | last post by:

All- I have a Framework 2.0 application running under Windows 2003 Server and IIS utilizing the default application pool. On my development machine (XP w/ IIS 5.1) the code runs perfectly. But...

ASP.NET

Session variables was lost using response.redirect

by: Dornel | last post by:

Hi all, My session variables are lost when I using response.redirect at first time... In the second time, the problem not exists. example in page 1(create session and redirect): ...

ASP / Active Server Pages

Session variable becomes null

by: Sam | last post by:

Hi All, I have a very weird issue with my session variable and I'm hoping that someone can help me out. The issue is my session variable dissappears after a request is redirected to a new page....

ASP.NET

How to turn on java script in a villaon keypad mobile phone

by: Charles Arthur | last post by:

How do i turn on java script on a villaon, callus and itel keypad mobile phone

Java

Migrating Website to Cloud - Emmanuel Katto

by: emmanuelkatto | last post by:

Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel

General

Navigating the Data Structures and Algorithms (DSA)

by: BarryA | last post by:

What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...

Algorithms / Advanced Math

Looking to do Android software development, any suggestions? Is flutter better?

by: nemocccc | last post by:

hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?

General

Is that possible of reading the .csv file in column wise and the column have different lengths ?

by: Sonnysonu | last post by:

This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...

C / C++

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...

General

Changing the language in Windows 10

by: Hystou | last post by:

Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...

Windows Server

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...

Online Marketing

Discussion: How does Zigbee compare with other wireless protocols in smart home applications?

by: tracyyun | last post by:

Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...

General

Why is session lost on redirect?

Similar topics