473,396 Members | 2,129 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > session variable is not getting saved.

Join Bytes to post your question to a community of 473,396 software developers and data experts.

Session variable is not getting saved.

So I have done sessions before and never had problems with them. For some reason the session variable 'login' is not being passed to the next page. Any suggestions?

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. session_start();
  3. if (isset($_GET['user'])) {
  4.     include 'yyy.php';
  5.     if ($_GET['user'] == $username && $_GET['password'] == $password) {
  6.         $_SESSION['login'] = 'a';
  7.     } else {
  8.         echo 'ERROR: Username/Password combination incorrect.<br><br>';
  9.     }
  10. }
  11. if (!isset($_SESSION['login'])) {
  12. print '<form name="input" action="#" method="get">
  13.     Username: 
  14.     <input type="text" name="user">
  15.     <br>
  16.     Password: 
  17.     <input type="password" name="password">
  18.     <input type="submit" value="Submit">
  19.     </form>
  20.     ';
  21. } elseif ($_SESSION['login'] == 'a') {
  22.     if ($_GET['page'] == 'logout') {
  23.         unset($_SESSION['login']);
  24.         include 'main.php';
  25.     } else {
  26.         $file = $_GET['page'] . ".php";
  27.         if ($file == ".php") { $file = "main.php"; }
  28.         include $file;
  29.     }
  30. }
  31. ?>
  32.  
Jul 21 '07 #1
3 1769
pbmods
5,821 Expert 4TB
Changed thread title to better describe the problem.
Jul 21 '07 #2
Is the code you've put there the code of just the first page, or it that both pages one after the other? If it's just the first page, can we see the second one?
Jul 21 '07 #3
kovik
1,044 Expert 1GB
So I have done sessions before and never had problems with them. For some reason the session variable 'login' is not being passed to the next page.
Are you sure the variable is being created? On the second page, print_r($_SESSION);

Any suggestions?
Yes, a HUGE one. Do NOT -- I repeat, DO NOT -- send a password through the GET method! The POST method is vulnerable enough, but to use the GET method not only leaves the password as vulnerable server-side as POST, but displays the user's password *to their screen*! Browsers don't hide password fields for fun. What if you were at an ATM machine, inputted your PIN, and then the screen had your PIN printed up top the entire time, as people are behind you in line? That's basically what you are doing to your users.

Also, don't blindly include files from the URL like that. I could set the page variable in the URI to whatever page on the entire internet that I want to, and your page would accept it as it's own. Sound safe?
Jul 21 '07 #4

Sign in to post your reply or Sign up for a free account.

Similar topics

8
Session storage vs. frequent DB calls
by: Rune | last post by:
Hi, I'm developing web surveys where users logon to a web survey and answer up to about 50 questions, one after the other, shown only one question at a time. The answers are saved in a database....
ASP / Active Server Pages
3
Changing session cookie via javascript?
by: M Wells | last post by:
Hi All, Just wondering how you go about changing the value of a session cookie via javascript? I have a PHP page that sets a session cookie when it first loads. I'd like to be able to change...
Javascript
1
Why is Session working for all users except one?
by: Scott Wickham | last post by:
I'm having a problem saving session information on one form and retrieving it on a subsequent form...for only one out of a number of users. Actually, I'm not absolutely certain it's a session...
.NET Framework
1
SESSION puzzle
by: Tom | last post by:
I've been researching this for a while now -- perhaps someone here knows the explanation. I uploaded to my remote host (system info: PHP Version 4.3.11, FreeBSD metis.cleverdot.com...
PHP
13
Using the Session object
by: | last post by:
Simple question, I think... I'm storing an object in the Session object. In the code behind I read that object: trx = CType(Session("Transaction"), BOCSTransaction) If I change any...
ASP.NET
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!