A quick overview:

After the login form is submitted, it is handled by a seperate file, which checks the form and sets session variables if the login was successful.

The script works fine...it will log me in, and redirect me to the proper page as well as set the session variables.

Now here is where things get weird

If the login is successful, you are redirected to the home page.
If I print any of the following on the home page:

$_SESSION['username'],  $_SESSION['my_email'] and $_SESSION['my_location']

it works, no problems.

HOWEVER, once I leave the home page (say I click the link to check my messages), $_SESSION['username'] mysteriously disappears!! Even if I simply refresh the page as soon as I am logged in, the variable becomes unset.
I can still use $_SESSION['my_email'] and $_SESSION['my_location'] with no problems, it is only the $_SESSION['username'] that disappears.

Has anyone ever had this issue or have any ideas on how to resolve this?

Additional details (not sure if any of this matters or not)

a) All site urls are rewritten with mod_rewrite

b) At the beginning of each page, a settings.php file is included, with the first line of settings.php containing session_start() as the very first statement.

c) I tried displaying errors by using ini_set('display_errors', '1'), but not getting any errors

Try hard coding session_start() as the first thing on each page, and not as part of the include.

If you are redirecting, you may have to session_write_close() before the header change.

It may be something to do with the way you are accessing variables, as well.

As a last bit, it may be a setting within php.ini, and how it handles sessions/cookies. The particular setting in mind escapes me, at the moment, but I will try to look it up if the other two options fail.

Thank you for the response, ryantroop.

I have already tried hard coding session_start() to each page, but no dice there.

I have never used session_write_* ... could you show me where I would place it in the following code? This is from the script that validates the login:

if($count == 1)
    header("location: http://fling-finder.com/site/home");
    $q2 = mysql_query("** query goes here **");
    $user = mysql_fetch_assoc($q2);

    $_SESSION['username'] = $user['username'];
    $_SESSION['firstname'] = $user['firstname'];
    $_SESSION['lastname'] = $user['lastname'];
    $_SESSION['fullname'] = $user['firstname'] . " " . $user['lastname'];
    $_SESSION['city'] = $user['city'];
    $_SESSION['state'] = $user['state'];
    $_SESSION['zip'] = $user['zip'];
    $_SESSION['dob'] = $user['birth_date'];
    $_SESSION['lookgender'] = $user['lookgender'];
    $_SESSION['level'] = $user['level'];
    $_SESSION['smoker'] = $user['smoker'];
    $_SESSION['marital_status'] = $user['marital_status'];
    $_SESSION['kids'] = $user['kids'];
    $_SESSION['email'] = $user['email'];        
    $_SESSION['id'] = $user['id'];
    if($user['gender'] = 'M'){ $user['gender'] = 'Male';}else{ $user['gender'] = 'Female'; }
    $_SESSION['gender'] = $user['gender'];

    $query = mysql_query("****** query goes here *******");
    $credits = mysql_fetch_assoc($query);
    $_SESSION['tokens'] = $credits['credits'];  

    header("location: " . URL . "site/login?error=30");

While it's true that if you do not specifically exit() the script it will (should) continue to run, you may want to consider moving line 3 to line 28, and see if that solves your problem. This will make your session variables get set, THEN redirect.

You may also wish to add exit(); after each header redirect. This will stop all processes other than the redirect, and not confuse the server as to what you want to do.

That should solve your problem.

If not, I will read the code more closely.

Please note: I know I am not answering your most recent question, but seeing your code led me to a different answer. Normally, you would use session_write_close() after all session variables are set, but before a header redirect. It is rather uncommon to need to use session_write_close(), and the above should solve your problem.

I tried switching line 3 to the end after all the session variables, still no luck.

I'll try the session_write_close as you suggested (I believe the correct order would be to set the session variables, then session_write_close() and finally redirect?) and report back the results here ... knock on wood.

  • What confuses me is that as I mentioned in the OP, all the other session variables are set properly and carried over from page to page, it is only the $_SESSION['username'] that is giving me this problem

Ahh I misread.

There may be something in another part of you script that states any of the following:

$_SESSION['username'] = '';

if($_SESSION['username'] = ''){}; //notice the missing ==, in this case it will set the variable instead of checking to see if something is there

Im sorry. When I read the initial post, I read it that all of your session variables were being lost.

I still encourage you to exit after a redirect, and doing the redirect after all session variables are in place.

ryantroop, wish I could high five you!

We are probably both going to smack ourselves in the head --

I took your suggestion regarding == instead of a single =

In the login validation form, instead of
$_SESSION['username'] = $user['username']

I changed that to
$_SESSION['username'] == $user['username']

and now the problem is solved.

Thank you so much for your time and patience!