Session not "sticking"

[shamwowy]

Hi all, hoping the mods can delete my other thread on this. I'm attempting to clarify using latest code trials. I have a site with a login form contained on every page (inside the header.php include file). If a user enters login information, the form processes it in auth.php, starts and sets session variables, and the header displays "Welcome Firstname" message instead of the login form. I'm trying to only set session_start() if the user logs in, otherwise there is no need for it, which is why I put it where it currently is.

 

Here is auth.php, which sits on the root of my public_html directory:

<?php

session_start();

//PROD
$dbc = mysql_connect('localhost', user, pw);
mysql_select_db(db);

$email=$_POST['email'];
$mypassword=$_POST['password'];

$email = stripslashes($email);
$mypassword = stripslashes($mypassword);
$email = mysql_real_escape_string($email);
$mypassword = mysql_real_escape_string($mypassword);
$mypassword = md5($mypassword);

$sql="SELECT jcustomer_id, jcustomer_fname FROM jcustomer WHERE jcustomer_email='$email' and jcustomer_password='$mypassword'";
$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count>=1){
	$jcustomer_id=mysql_result($result,0,"jcustomer_id");
	$jcustomer_fname=mysql_result($result,0,"jcustomer_fname");
	$_SESSION['jcustomer_id'] = $jcustomer_id;
	$_SESSION['jcustomer_fname'] = $jcustomer_fname;
	$_SESSION['login'] = 1;
}
else {
	$_SESSION['login'] = 0;
	echo "Wrong Username or Password";
}

?>


<html> //I INCLUDE A MODIFIED HOME PAGE HERE. THE SCRIPT ABOVE IS THE TOP OF THE FILE

//Include here of header.php, which displays session variables correctly

//LOTS OF HTML AND ATTEMPTS TO ACCESS $_SESSION['jcustomer_fname'] which fails here, session variables seem dead after header.php include
</html>

 

Then my header.php, which is in public_html/includes (if that makes a difference...I'm still setting session_start() from the root level page)

<div class="header-container">
  <a href="index.php"><img border=0 src="img/logo_black.jpg" alt="alt" /></a>
<?php
if (!isset($_SESSION['login']))
{
	//BUILD A FORM IF NOT LOGGED IN
print "<span class='header-login'>".$_SESSION['login'];
	print "<input name='email' type='email' value='Email Address' length='20'>  ";
	print "<input name='password' type='password' value='password' length='20'>";
	print "<input name='submit' type='submit' value='Login'><br/>";
	print "</span>";
	print "<span class='header-login2'>";
	print "<a href='register.php'>Register</a><font color='white'> | </font><a href='reset.php'>Forgot Password</a>";
	print "</span>";
}
else //SAY HI TO LOGGED IN CUSTOMER
{
	print "<span class='header-login'>".$_SESSION['login'];
	print "<font color=white>Welcome ".$_SESSION['jcustomer_fname'].". Thanks for Visiting! </font>";
	print "</span>";
}
?>
</div>

 

The header.php file is included in every page on the site. In theory, if a user decides to login and is valid, then the session variables should kick in.

 

However, when I log in once, the header displays correctly (i.e. Welcome Chris,....) but somehow it seems the session is getting destroyed during the first run of header.php. Even if I try to use $_SESSION['jcustomer_firstname'] in the html block in auth.php (immediately following the include call to header.php), it doesn't show up. In other words, I can see the session variable once in the header, but not in the code later on even inside the same file.

 

So as you can guess, if session isn't carrying through the same file it's being set in, it's definitely not working if I click a link to another page on the site.

 

It's important to note, that when I say "it works when I first login", that means auth.php correctly gets my user info and displays the session vars in the header include for auth.php, so only this file works for itself. The header include on any other page on the site does not recognize a session. Also, even trying to access session vars within the html block lower down the auth.php page doesn't work. (I hope this all makes sense)

 

Thanks for any help! Also open to the possibility that this might be php.ini but it's more likely me setting something wrong somewhere. I'm used to ColdFusion where these things are generally set in a .application file (globals) which make them accessible everywhere, which is what I thought session_start() did but perhaps I'm reading that wrong.

[AyKay47]

you will need to put session_start on the top of every page that you are planning on using sessions

[shamwowy]

you will need to put session_start on the top of every page that you are planning on using sessions

 

Thanks for that! So I gather using session_start() on every page will not reset my session variables each time it's called? It sounds like it makes sense then to put this in my header.php file instead, since it is included at the top of every page on the site. Is that about right?

 

Again, many thanks!

[wildteen88]

session_start will either resume an existing valid session yes. It will not overwrite your existing $_SESSION vars.

 

It will however clear your session variables when your browser is closed or when the session times out.

[the182guy]

If possible put session_start() somewhere like a header file which applies to all pages. This way if you want to change the session handler in future (such as the database stored sessions) it will be easier.

[shamwowy]

Thanks everyone! This helped me finally figure this out.

 

My problem was that when I tried to put it in my header include I wasn't realizing there was output above the include, so I got the dreaded headers error. Your suggestions, in tandem with the stickied post on the header error problem got me straightened out.

 

Answer, put <?php start_session(); ?> as the very first line in each of my site pages. Works like a charm. I suppose I could create an include file for the very top line of each page should I require more such directives.

 

Again, SUPER thanks everyone !!!