Session Variables get lost

[iNterfector]

Hello all, I just wrote a php website to communicate with a database and it has a login based on the users email and password, they login on the first page and then the php checks for every page they visit if they indeed logged in before and not just found out what php file to open to get where they want to be. For this I used session variables to store both e-mail and password. The login info gets posted from the 1st(login) site to the 2nd site where it is checked for the first time, after that the login info isn't posted to the next page anymore, but just checked, this works for the 3rd page but when the user hits for the 4th page the variables are lost(I can't echo them either). However if I'd go from the 2nd page directly to the 4th page the page will load, however the 5th will then get my security-msg. So offcourse, I am wondering how this might have happened and how to fix this problem, here's some of the code I wrote:

 

This is the check for the logininfo:

 

<?php

include('SessionStart.php');

include('logindata.php');

 

$db = mysql_connect($host, $user, $pw);

 

if (!$db)

{

echo "<br />Helaas, u heeft geen verbinding met de database.";

exit();

} else

{

mysql_select_db("teammanagementtool", $db);

 

$sql24 = "SELECT * FROM leidinggevenden";

$allesarray = mysql_query($sql24);

 

$i = 0;

while ($mails = mysql_fetch_array($allesarray)) {

$mailtjes[$i] = $mails['lg_mailadres'];

$i = $i+1;

}

 

echo "...".$_SESSION['sessie']['email']."...".$_SESSION['sessie']['password']."...".$session_name."...";

 

if (in_array($_SESSION['sessie']['email'],$mailtjes)) {

 

$sql25 = "SELECT lg_wachtwoord FROM leidinggevenden WHERE lg_mailadres = '".$_SESSION['sessie']['email']."'";

$pass = mysql_query($sql25);

$pasje = mysql_fetch_array($pass);

if ($_SESSION['sessie']['password'] != $pasje['lg_wachtwoord']) {

echo "<script>alert('U bent hier op incorrecte manier terecht gekomen!');</script>";

echo "<meta http-equiv='refresh' content='0;URL=index.php' />";

exit();

} else if ($_SESSION['sessie']['password'] = "" || $_SESSION['sessie']['email'] = ""){

echo "<script>alert('U bent hier op incorrecte manier terecht gekomen!');</script>";

echo "<meta http-equiv='refresh' content='0;URL=index.php' />";

exit();

} else {

}

} else {

echo "<script>alert('U bent hier op incorrecte manier terechtgekomen!');</script>";

echo "<meta http-equiv='refresh' content='0;URL=index.php' />";

exit();

}

 

?>

 

And this is the code in my SessionStart.php:

 

<?php

$session_name = 'sessie';

$session_exp_time = 10000 ;

 

$previous_name = session_name($session_name);

 

ini_set('session.gc_maxlifetime',  $session_exp_time);

ini_set('session.gc_probability', '1');

ini_set('session.gc_divisor', '1000');

ini_set('session.name', $session_name);

ini_set('session.cookie_domain', '');

ini_set('session.cookie_lifetime', 0 );

 

session_set_cookie_params($session_exp_time, '/', '');

session_start();

 

if (isset($_COOKIE[$session_name]))

setcookie($session_name, $_COOKIE[$session_name], 2147483647 , '');

?>

 

the includes are at the start of all of my pages, I only do a session_unset() at my index.php(the login page).

and my 2nd page gets:

$_SESSION['sessie']['email'] = $_POST['email'];

$_SESSION['sessie']['password'] = $_POST['password'];

from the login.

 

I could really use some help here, thanks in advance.

[Winstons]

Maybe need set 'session_start();' at beginning of 'Session Start.php' file ?

And try remove 'session_unset' from index.php

[iNterfector]

Nope, thanks for the reply, but that didn't fix my problem

[PFMaBiSmAd]

Your setcookie() statement is clearing the 4th parameter, the path the cookie matches. That is/should be causing two different session id cookies to exist, one with a '/' path setting and one with a '' path setting. As you navigate around your site, that is likely causing the symptom.

 

Why do you even have that setcookie() statement? I recommend removing it. You should also delete any existing session id cookies/completely close your browser after you make any changes to that code so that it will start with a fresh session id cookie that has the correct parameters set in it.

[iNterfector]

Thanks for the reply.

I did what you said and removed the setcookie() statement and removed the cookies from my browser and took away the temporary files from my server, unfortunately, still no succes. Also earlier I tried to run a simple page initializing a session variable on page 1 and echoing it on pages 2,3,4,5, simply linking them with <a href> using the same SessionStart.php file and that did work. To give some more info, I run this on XAMPP on a localhost. Maybe someone has another possibility why this construction might fail.

[PFMaBiSmAd]

You are likely getting a header error on specific page(s) that is preventing the session_start() from working.

 

Do you have php's error_reporting set to E_ALL and display_errors set to ON in your master php.ini so that all the errors that php detects will be reported and displayed? Stop and start your web server to get any changes made to the php.ini to take effect. Also check using a phpinfo() statement that the two settings have actually changed in case the php.ini that you are changing is not the one that php is using.

[iNterfector]

I found it

it was a stupid mistake and it was in the line:

} else if ($_SESSION['sessie']['password'] = "" || $_SESSION['sessie']['email'] = ""){

which offcourse should have been:

} else if ($_SESSION['sessie']['password'] == "" || $_SESSION['sessie']['email'] == ""){

this first version cleared my variables causing the next page to give me my error.

 

Thanks for your time y'all.