469,360 Members | 1,807 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,360 developers. It's quick & easy.

Why is session lost on redirect?

I'm trying to create a very basic login page that will redirect a logged in
user to a secure page. I set the session_start variable at the top of the
login page, then redirect to securePage.php if the user enters the right
credentials.

The redirect works, but apparently $HTTP_SESSION_VARS['loggedin'] is not
getting set because I cannot view securePage.php.

Am I setting $HTTP_SESSION_VARS correctly? My guess is I'm missing
something elementary. How can I get the session to carry over to the
redirected page?

Thanks in advance.

<?php session_start ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
<html>
<head>
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
[java script, html...]
<h4>Login Form</h4>
<form action="" method="post" name="login">
User Name:
<input name="username" type="text" size="30" maxlength="100"/><br />
Password:
<input name="password" type="password" size="30" maxlength="10"><br />
<input name="Login" type="submit" value="Login">
</form>
<?php
if ($username == "Bob" && $password ="Smith")
{
$HTTP_SESSION_VARS['loggedin'] = 1;
$url="http://www.mysite.com/securePage.php";
?>
<script language="javascript">
window.location.href=("<?php echo $url; ?>");
</script>
<?
}
?>
[more html]
</body>
</html>
==============
[securePage.php]
<?php
session_start();
if (isset($HTTP_SESSION_VARS['loggedin']))
{
echo "You are logged in.";
}
else
{
echo "You are not logged in.";
}
?>
Jul 17 '05 #1
6 25486
You must use session_start() at the beginning of EVERY script that
reads/writes session data, not just those that write to it.

--
Tony Marston

http://www.tonymarston.net
"deko" <de**@hotmail.com> wrote in message
news:Rx******************@newssvr13.news.prodigy.c om...
I'm trying to create a very basic login page that will redirect a logged
in
user to a secure page. I set the session_start variable at the top of the
login page, then redirect to securePage.php if the user enters the right
credentials.

The redirect works, but apparently $HTTP_SESSION_VARS['loggedin'] is not
getting set because I cannot view securePage.php.

Am I setting $HTTP_SESSION_VARS correctly? My guess is I'm missing
something elementary. How can I get the session to carry over to the
redirected page?

Thanks in advance.

<?php session_start ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
<html>
<head>
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
[java script, html...]
<h4>Login Form</h4>
<form action="" method="post" name="login">
User Name:
<input name="username" type="text" size="30" maxlength="100"/><br />
Password:
<input name="password" type="password" size="30" maxlength="10"><br />
<input name="Login" type="submit" value="Login">
</form>
<?php
if ($username == "Bob" && $password ="Smith")
{
$HTTP_SESSION_VARS['loggedin'] = 1;
$url="http://www.mysite.com/securePage.php";
?>
<script language="javascript">
window.location.href=("<?php echo $url; ?>");
</script>
<?
}
?>
[more html]
</body>
</html>
==============
[securePage.php]
<?php
session_start();
if (isset($HTTP_SESSION_VARS['loggedin']))
{
echo "You are logged in.";
}
else
{
echo "You are not logged in.";
}
?>

Jul 17 '05 #2
> You must use session_start() at the beginning of EVERY script that
reads/writes session data, not just those that write to it.


Thanks for the tip, but...
I tried adding session_start() (at line ****), but I get the same results.
I also tried using $_SESSION instead of $HTTP_SESSION_VARS, as shown below.
Still, when I arrive at securePage, $_SESSION is empty.

<?php session_start ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
<html>
<head>
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
[java script, html...]
<h4>Login Form</h4>
<form action="" method="post" name="login">
User Name:
<input name="username" type="text" size="30" maxlength="100"/><br />
Password:
<input name="password" type="password" size="30" maxlength="10"><br />
<input name="Login" type="submit" value="Login">
</form>
<?php
session_start() ****
if ($username == "Bob" && $password ="Smith")
{
$_SESSION['s'] = 1;
$url="http://www.mysite.com/securePage.php";
?>
<script language="javascript">
window.location.href=("<?php echo $url; ?>");
</script>
<?
}
?>
[more html]
</body>
</html>
==============
[securePage.php]
<?php
session_start();
if (isset($_SESSION['s']))
{
echo "You are logged in.";
}
else
{
echo "You are not logged in.";
}
?>
Jul 17 '05 #3
Hello.
This works fine for me.
The main difference is that I registered the var first.
Brent Palmer.

<?php
session_start();
session_register("loggedin");
$loggedin = false;
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
<html>
<head>
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
[java script, html...]
<h4>Login Form</h4>
<form action="" method="post" name="login">
User Name:
<input name="username" type="text" size="30" maxlength="100"/><br />
Password:
<input name="password" type="password" size="30" maxlength="10"><br />
<input name="Login" type="submit" value="Login">
</form>
<?php

if ($username == "Bob" && $password ="Smith")
{
$loggedin = true;
$url="http://www.mysite.com/securePage.php";
?>
<script language="javascript">
window.location.href=("<?php echo $url; ?>");
</script>
<?
}
?>
[more html]
</body>
</html>

"deko" <de**@hotmail.com> wrote in message
news:cX*****************@newssvr14.news.prodigy.co m...
You must use session_start() at the beginning of EVERY script that
reads/writes session data, not just those that write to it.


Thanks for the tip, but...
I tried adding session_start() (at line ****), but I get the same results.
I also tried using $_SESSION instead of $HTTP_SESSION_VARS, as shown
below.
Still, when I arrive at securePage, $_SESSION is empty.

<?php session_start ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
<html>
<head>
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
[java script, html...]
<h4>Login Form</h4>
<form action="" method="post" name="login">
User Name:
<input name="username" type="text" size="30" maxlength="100"/><br />
Password:
<input name="password" type="password" size="30" maxlength="10"><br />
<input name="Login" type="submit" value="Login">
</form>
<?php
session_start() ****
if ($username == "Bob" && $password ="Smith")
{
$_SESSION['s'] = 1;
$url="http://www.mysite.com/securePage.php";
?>
<script language="javascript">
window.location.href=("<?php echo $url; ?>");
</script>
<?
}
?>
[more html]
</body>
</html>
==============
[securePage.php]
<?php
session_start();
if (isset($_SESSION['s']))
{
echo "You are logged in.";
}
else
{
echo "You are not logged in.";
}
?>

Jul 17 '05 #4
Brent Palmer wrote:
Hello.
This works fine for me.
The main difference is that I registered the var first.


http://in.php.net/session_register

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

Jul 17 '05 #5
deko wrote:
You must use session_start() at the beginning of EVERY script that
reads/writes session data, not just those that write to it.
Thanks for the tip, but...
I tried adding session_start() (at line ****), but I get the same

results. I also tried using $_SESSION instead of $HTTP_SESSION_VARS, as shown below. Still, when I arrive at securePage, $_SESSION is empty.


It seems that the session cookie is not set--IOW, session id is not
passed to that page. If you're using trans sid, it won't append SID in
headers (header('Location:..'))--which you may have to do manually.

Also, add the following two lines in the beginning of your script:
<?php
ini_set('display_errors', 1);
error_reporting(E_ALL|E_STRICT);
?>

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

Jul 17 '05 #6
> Also, add the following two lines in the beginning of your script:
<?php
ini_set('display_errors', 1);
error_reporting(E_ALL|E_STRICT);
?>


Thanks, that helps. As for losing the session on redirect, the problem was
that the login page was SSL-encrypted and the redirect page was not. Now
that both pages are SSL-encrypted, it works fine.

I have another question about timing out the session - will repost.
Jul 17 '05 #7

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

9 posts views Thread by Greg Linwood | last post: by
3 posts views Thread by William | last post: by
18 posts views Thread by Rippo | last post: by
3 posts views Thread by catweezle2010 | last post: by
5 posts views Thread by Sam | last post: by
1 post views Thread by CARIGAR | last post: by
reply views Thread by zhoujie | last post: by
reply views Thread by suresh191 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.