When a user logs in, it redirects them to a page that prints their account name, thus showing that they are logged in. But if they leave the page and come back they get logged out, and if they refresh the page they get logged out. I don't know why the session keeps clearing, how do I make it stay? Please help, desperate D:

Recommended Answers

All 8 Replies

There have been problems with losing sessions after a redirect but some of them are specific to the browser and other variables in the environment. In most cases, the session is lost as a result of the redirect but you seem to be saying that it is working initially because the secure page is correctly printing their account name. You may need to put in some debug code and print the session id just to know where it is being lost.

A couple of the problems that others have had resulted from not closing the session before redirecting (session_write_close() ) or in going from a non-secure page to a secure page (making them both secure solved it). Again, since you say that the login page works the first time, neither of those possible problems would seem to affect you. If you land on the login page and immediately refresh and the session is then lost, that would be pretty strange. You didn't post any code but I would check that carefully before assuming that it is something else. If you aren't doing a session_start in every situation (for example) then that might explain your inconsistent results.

Well, you can test it at blokmates.com/login.php with the username and password of test.

Login.php Code

<html>
<head> <title> Blokmates Account Login </title> </head>
<body>
<link rel="stylesheet" type="text/css" href="css/login.css"/> 
<center>
<?php include_once "header.php" // Adds the header. ?>
<br>
<div id="form">
<?php
session_start();

if ($_SESSION['uid']) {
    echo "You are already logged in. If you want to log out, please <a href=\"./logout.php\">click here</a>!\n";
} else {

    if (!$_POST['submit']) {
        echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\">\n";
        echo "<form method=\"post\" action=\"./login.php\">\n";
        echo "<tr><td>Username</td><td><input type=\"text\" name=\"username\"></td></tr>\n";
        echo "<tr><td>Password</td><td><input type=\"password\" name=\"password\"></td></tr>\n";
        echo "<tr><td colspan=\"2\" align=\"right\"><input type=\"submit\" name=\"submit\" value=\"Login\"></td></tr>\n";
        echo "<tr><td colspan=\"2\" align=\"center\">Don't have an account? <a href=\"register.php\">Make one</a>. </td></tr>\n";
        echo "</form></table>\n";
    }else {
        $user = mss($_POST['username']);
        $pass = $_POST['password'];
        
            if($user && $pass){
                $sql = "SELECT id FROM `users` WHERE `username`='".$user."'";
                $res = mysql_query($sql) or die(mysql_error());
                if(mysql_num_rows($res) > 0){
                    $sql2 = "SELECT id FROM `users` WHERE `username`='".$user."' AND `password`='".md5($pass)."'";
                    $res2 = mysql_query($sql2) or die(mysql_error());
                    if(mysql_num_rows($res2) > 0){
                        $row = mysql_fetch_assoc($res2);
                        $_SESSION['uid'] = $row['id'];
                        
                        echo "<br>";
                        echo "Thank you for logging in, " . $user . "<br><br><a href=\"/account.php\">Proceed.</a>\n";
                    }else {
                        echo "Your username or password is incorrect.\n";
                    }
                }else {
                    echo "That account doesn't exist!\n";
                }
            }else {
                echo "You need a username AND a password, believe it or not.\n";
            }
    }

}

?>
</div> 


<?php include_once "footer.php" // Adds footer. ?>
</center>
</body>
</html>

Account.php Code (Page they get redirected too)

<html>
<head> <title> Blokmates Account Login </title>
<link rel="stylesheet" type="text/css" href="css/login.css"/> </head>
<body>
<center>
<?php include_once "header.php" // Adds the header. ?>


<?php
session_start();

$sql = "SELECT * FROM `users` WHERE `id`='".$_SESSION['uid']."'";
$res = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_assoc($res);

if ($_SESSION['uid']) {
    session_destroy();
    echo "Hey " . $row['username'] . "!";
} else {
header("Location: login.php");
}
?>


<?php include_once "footer.php" // Adds footer. ?>
</center>
</body>
</html>

There is a bug in your code which is making sessions not initialize. The session_start() function should be placed on the first line of the page before any browser/html output. For example.

<?php session_start(); ?>
<html>
<head> <title> Blokmates Account Login </title> </head>
<body>
<link rel="stylesheet" type="text/css" href="css/login.css"/> 
<center>
<?php include_once "header.php" // Adds the header. ?>
<br>
<div id="form">
<?php
if ($_SESSION['uid']) {
    echo "You are already logged in. If you want to log out, please <a href=\"./logout.php\">click here</a>!\n";
} else {

    if (!$_POST['submit']) {
        echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\">\n";
        echo "<form method=\"post\" action=\"./login.php\">\n";
        echo "<tr><td>Username</td><td><input type=\"text\" name=\"username\"></td></tr>\n";
        echo "<tr><td>Password</td><td><input type=\"password\" name=\"password\"></td></tr>\n";
        echo "<tr><td colspan=\"2\" align=\"right\"><input type=\"submit\" name=\"submit\" value=\"Login\"></td></tr>\n";
        echo "<tr><td colspan=\"2\" align=\"center\">Don't have an account? <a href=\"register.php\">Make one</a>. </td></tr>\n";
        echo "</form></table>\n";
    }else {
        $user = mss($_POST['username']);
        $pass = $_POST['password'];
        
            if($user && $pass){
                $sql = "SELECT id FROM `users` WHERE `username`='".$user."'";
                $res = mysql_query($sql) or die(mysql_error());
                if(mysql_num_rows($res) > 0){
                    $sql2 = "SELECT id FROM `users` WHERE `username`='".$user."' AND `password`='".md5($pass)."'";
                    $res2 = mysql_query($sql2) or die(mysql_error());
                    if(mysql_num_rows($res2) > 0){
                        $row = mysql_fetch_assoc($res2);
                        $_SESSION['uid'] = $row['id'];
                        
                        echo "<br>";
                        echo "Thank you for logging in, " . $user . "<br><br><a href=\"/account.php\">Proceed.</a>\n";
                    }else {
                        echo "Your username or password is incorrect.\n";
                    }
                }else {
                    echo "That account doesn't exist!\n";
                }
            }else {
                echo "You need a username AND a password, believe it or not.\n";
            }
    }

}

?>
</div> 


<?php include_once "footer.php" // Adds footer. ?>
</center>
</body>
</html>

and

<?php session_start(); ?>
<html>
<head> <title> Blokmates Account Login </title>
<link rel="stylesheet" type="text/css" href="css/login.css"/> </head>
<body>
<center>
<?php include_once "header.php" // Adds the header. ?>


<?php

$sql = "SELECT * FROM `users` WHERE `id`='".$_SESSION['uid']."'";
$res = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_assoc($res);

if ($_SESSION['uid']) {
    session_destroy();
    echo "Hey " . $row['username'] . "!";
} else {
header("Location: login.php");
}
?>


<?php include_once "footer.php" // Adds footer. ?>
</center>
</body>
</html>

Also if you have cookies disabled then sessions may also not work.

Well, I replaced the code and that didn't work =|
I'm using Safari (accept all cookies is ON), i'm gonna go try it with Firefox and IE, but i don't think it'll make a difference.

OK, it won't work with firefox or ie either. :|

I just noticed in your second script you have programmed it in a weird way which may be your problem. Here is the new code.

<?php session_start(); ?>
<html>
<head> <title> Blokmates Account Login </title>
<link rel="stylesheet" type="text/css" href="css/login.css"/> </head>
<body>
<center>
<?php include_once "header.php" // Adds the header. ?>


<?php

$sql = "SELECT * FROM `users` WHERE `id`='".$_SESSION['uid']."'";
$res = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_assoc($res);

if ($_SESSION['uid']) { //fix this if statement
    echo "Hey " . $row['username'] . "!";
} else {
header("Location: login.php");
}
?>


<?php include_once "footer.php" // Adds footer. ?>
</center>
</body>
</html>

Hope that helps.

OMG it worked, thank you sooo muuchh!!!!! ====))))))))))

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.