newbie session question

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Ok I have a login page that forwards to a php page (loginCheck.php)
which connects to the db verifies the user blah blah. If the user is
not verified the function verifyUser($un, $pw)  returns -1, otherwise
0. Also if the user/pass is in the db (user is verified), then session
variables are set e.g. $_SESSION['username'], etc. I save the returned
value from verifyUser and have a check that redirects to the main page
or back to the login page, (success, failure respectively).

this is how I am doing this.

$verified = verifyUser($_POST['user'], $_POST['pass']);

if($verified == 0) {
    header("Location: ../index.php");
} else {
    header("Location: login.php");

pretty simple.......except if the user/pass is good and you are
redirected to the index page all the session variables are gone, as if
the session was destroyed. This sucks because I have a header at the
top of the page which tells you whether you are logged in or not, etc.
But instead I get an error "Undefined variable: _SESSION....". Any
help with this would be greatly appreciated.

Re: newbie session question

On Aug 19, 8:14 pm, wrote:
Quoted text here. Click to load it

Tough to say since you haven't shown us the code for verifyUser() or
the code on your index page.

Re: newbie session question

Quoted text here. Click to load it

I honestly don't think I need to paste all that code here or anywhere
else to really explain what I am trying to do.

login page posts to loginCheck.php

loginCheck connects to the database etc, performs query, gets result
set stored in $row, verifies that the user/pass is good. All that
works just fine. If the user/pass is good then I call the following

function setSession($user, $id) {
        $_SESSION['username'] = $user;
        $_SESSION['uid'] = $id;
        $_SESSION['logged'] = true;
 Once this is done the db connection is closed and 0 or -1 is

then the code I posted above is executed.

Re: newbie session question

This is the important code from the index page which is causing the

    if($_SESSION['logged']) { ?>
         <td class="welcome" ><b>You are logged in as <?php echo
$_SESSION['username']; ?>.&nbsp;
     <a href="" onclick="//used to have session_destroy() here">Logout</
      <?php } else { ?>
         <td class="welcome"><b>You are not logged in. &nbsp;<a
href="forms/login.php">Login here</a></b></td>
      <?php } ?>

Re: newbie session question

Quoted text here. Click to load it


Each page that you want to (re-)use session variables in need to start with:

if($_SESSION['logged']) { ?>


As a side note, also keep in mind that nothing should be outputted to the  
users browser before you call session_start(). Not even whitespace  
characters. This is often overlooked by people that have difficulty getting  
sessions to work.

The reason is, that sessions (usually) use cookies. Cookies get send to the  
browser using HTTP headers. Once PHP has started outputting content, headers  
can't be sent anymore.


Re: newbie session question

amygdala wrote:

Quoted text here. Click to load it

Actually, you *can* output stuff before calling session_start() *except

    1. You are using cookie-based sessions; *and*
    2. The user's session cookie hasn't been set yet.


    # This is
    $_SESSION['foo'] = 'bar';
    header("Location: ");

    # This is
    echo "I am going to the ";
    session_start(); # Note: after output!
    $_SESSION['quux'] = 'quuux';
    echo $_SESSION['foo'];
    echo ".\n";

Toby A Inkster BSc (Hons) ARCS
[Geek of HTML/SQL/Perl/PHP/Python/Apache/Linux]
[OS: Linux 2.6.12-12mdksmp, up 60 days, 12:44.]


Re: newbie session question wrote:
Quoted text here. Click to load it

Do you call session_start() at the start of your index.php page?  And  
are you sure you're calling session_start() only once, and before *any*  
output (even white space) on all other pages where you're using sessions?

Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.

Site Timeline