Hi Friends Please help me about a session problem, i am unable to find the reson of this issue.

I am Developing a matrimonial site for a client : bit.ly/19mFQ8x

Problem : users are automatically logout when they click on any page after login, but it is not happning in my windows 7 Laptop and my other 5 windows 7 PC, It is happening on my client windows XP PC and in my one windows xp PC, i never face this type of issue, i have used same login code in my another projects and it is runing ok, i am useing HostGator hosting

My code are

session_start();
    function logged_in() {
        return isset($_SESSION['username']);
    }
    function confirm_logged_in() {
        if (!logged_in()) {
            redirect_to("http://myclientsiet.com/index.php");
        }
    }

To Conform User is login

To Check User Is Login

confirm_logged_in();

Login Code

    $unh=$_POST['unh'];
    $psh=$_POST['psh'];
    $sr=mysql_query("select * from registration where username='$unh' AND password='$psh'");
    $res=mysql_fetch_array($sr);
    if($res!=NULL)
    {
        $_SESSION['username']=$res['username'];
        $_SESSION['email']=$res['email'];
        header("location:member/index.php");
    }

Please Help Me to fix this issue

One basic rules with sessions is that you will need session_start(); on all pages so that you session will be active on every page

Maybe this is you problem?

first code is in the top of my function page it is included in all page

i can not understand why it is happning in only some PC with windows XP installed

Try to create your code first in a procedural way and then convert it to a oop way or maybe a framework.

Hope this can solve your issue

Member Avatar

diafol

Erk! Sorry nothing to do with your issue, but I noticed a very big security hole:

$unh=$_POST['unh'];
$psh=$_POST['psh'];
$sr=mysql_query("select * from registration where username='$unh' AND password='$psh'");

You're using mysql_* functions, which you should consider changing to mysqli or PDO, but in the meantime, you must use mysql_real_escape_string or you'll suffer data exposure from SQL injection.