Jump to content

$_SESSION not setting?


Go to solution Solved by tycoonbob,

Recommended Posts

Hi everyone.

I'm working on a simple app for internal use for a small company.  I am having difficulties getting the account logins working correctly, and I believe it has something to do with $_SESSION not being set like I expected it to.  Now I am fairly new to PHP, and have been learning as I go.

 

index.php contains this:

<?php
session_start();


require_once('includes/config.inc.php');
require_once('includes/functions.inc.php');


// Check login status -- if not logged in, redirect to login screen
if (check_login_status() == false) {
  redirect('login.php');
}

So when I load the app, I'm redirected to login.php:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">


<head>
  <meta http-equiv="Content-type" content="text/html;charset=utf-8" />
  <title>Login Page</title>
  <link rel="stylesheet" type="text/css" href="css/login.css" />
</head>
<body>
  <form id="login-form" method="post" action="includes/login.inc.php">
    <fieldset>
      <legend>Login to Inventory System</legend>
      <p>Please enter your username and password to access the Inventory system</p>
      <label for="username">
        <input type="text" name="username" id="username" />Username:
      </label>
      <label for="password">
        <input type="password" name="password" id="password" />Password:
      </label>
      <label>
        <input type="submit" name="submit" id="submit" value="Login" />
      </label>
    </fieldset>
  </form>
</body>


</html>

When I hit submit on the login page, includes/login.inc.php is called:

<?php
session_start();


require_once('config.inc.php');
require_once('functions.inc.php');


// Escape any unsafe characters before querying database
$username = $con->real_escape_string($_POST['username']);
$password = $con->real_escape_string($_POST['password']);


// Construct SQL statement for query & execute
$query = "SELECT * FROM users WHERE username = '" . $username . "' AND password = '" . MD5($password) . "'";
$result = mysqli_query($con,$query) or die(mysqli_error($con));


// If one row is returned, username and password are valid
if (is_object($result) && $result->num_rows == 1) {
  $_SESSION['logged_in'] = true;
  redirect('../index.php');
} else {
  redirect('../login.php');
}
?>

Now I've been able to determine that the login is being processed successfully, because if I disable the check_login_status function in index.php, I'm redirected to index.php if I login with a valid account.  Under the same conditions, an incorrect password will reload login.php.  With the function disabled, I've also tried adding "print_r($_SESSION)" at the top of index.php, but nothing ever loads, which makes me think something is wrong with my function.

 

functions.inc.php:

<?php
function redirect($page) {
  header('Location: ' . $page);
  exit();
}


function check_login_status() {
  // IF $_SESSION['logged_in'] is set, return the status
  if (isset($_SESSION['logged_in'])) {
    return $_SESSION['logged_in'];
  }
  return false;
}
?>

config.inc.php:

<?php
$con=mysqli_connect("server_name","user","pass","db_name");
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }
  ?>

I'm really at a loss, and I don't know where the problem is.  I've checked for syntax errors with "php -l file.php" and found no syntax errors.  I'm not sure how to do any other debugging with this, or what I'm missing.  Help is truly appreciated!

 

EDIT: Yes, I know MD5 passwords are not recommended, and that will be changed to use salt once I can get functionality in my app.  I will also be escaping/preparing all MySQL queries once I get the login piece working.

Edited by tycoonbob
Link to comment
https://forums.phpfreaks.com/topic/284990-_session-not-setting/
Share on other sites

1. Find your php.ini, open it up, set

error_reporting = -1
display_errors = on
and restart your web server. Any error messages?

 

2. If there aren't any errors, try modifying your redirect() to be

function redirect($page) {
  session_id() && session_write_close();
  header('Location: ' . $page);
  exit();
}

Thanks for the replies.

 

The web server is a VM running CentOS 6.x, using Nginx, PHP-fpm, and MySQL.  php.ini had "session.save_path" disabled, so I enabled it (uncommented it), set it = to "/tmp/phpsess", created /tmp/phpsess/, and set the owner to nginx:nginx, which is what my web server is using.

 

I've also added the { } around the check_login_status function, and also added the "session_id() && session_write_close();" line to the redirect function.

 

I also added the two debug lines to my php.ini, restarted Nginx and PHP-fpm, but am seeing no error messages at all.

 

Any other ideas?

Check your cookies (as in within the browser), or add

echo SID;
to your code to output it. Is the session ID ever changing?

 

 

I see a cookie being created called PHPSESSID, which expires when the session ends.  

 

Now what's really bothering me is I've installed WAMP on my local PC, copied over the scripts, imported a copy of the database, and everything works like it's supposed to.  I've compared each setting in php.ini, and I am out of ideas.  I have spent two days trying to figure this out and I feel like I'm getting nowhere.

  • Solution

Figured out my issue.

 

I'm using PHP-fpm instead of just PHP, and the www.conf file (/etc/php-fpm.d/www.conf) has a setting for session.save_path which was set to a non-existent directory.  Once I changed that to the directory that I had set for that variable in php.ini, it started working.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.