By default the page after login.php is authorize.php which just checks the information then sends it off to index.php. From index.php I cannot get to my page 'volunForm.php', it just redirects me back to the login page. This is my first ever login system and my first time using sessions. Am I doing it all wrong? Is there a way I can make my sessions expire after certain time automatically and more importantly getting them to work across pages.


You have the following if statment in your volunForm.php page:

if(!isset($_SESSION['sess_user_id']) || (trim($_SESSION['sess_user_id']) == '')) {
        header("location: login.php");

This is redirecting anyone who doesn't have the session cookie sess_user_id set. Make sure this is being set when the user logs in.

Don't I have it being set correctly in the authorize.php page?

if ($bcrypt->verify($_POST['password'], $row['password'])){
    $_SESSION['sess_user_id'] = $row['uid'];
    $_SESSION['sess_email'] = $row['email'];
        $_SESSION['sess_name'] = $row['fname'] . " " . $row['lname'];
        header("Location: index.php");


I got cookies working but I am unsure if that is a good thing to keep or if I should focus getting sessions to work.

You code looks okay, so check that you have session_start();'s on all pages and that $row['uid'] value is actually being set.

Sessions are needed to maintain security, thats for sure.

I had session_start(); at the top of all the pages I Was testing with but it still didn't work. After setting the sessions information in the authorize.php page, I call header("Location: index.php"); which works, they have to be logged in to get there, but upon getting there I was unable to use my navagation list to navigate to volunForm.php, it requested I log in.