I am trying to create a simple log in system that uses ajax but the problem I am having it wont set the $_SESSION.
login.js:
$('#bt-login').click(function(){
var login = $('#login').serialize();
$.ajax({
type: "POST",
url: 'widgets/Login/loginFunction.php',
data: login,
cache: false,
success: function(msg){alert(msg)}
});
});
loginFunction.php:
<?php
include_once '../../dbConfig.php';
include_once '../../config.php';
session_start();
$usr = mysql_escape_string($_POST['username']);
$pass = mysql_escape_string($_POST['password']);
$remember = intval($_POST['rememberMe']);
$row = mysql_fetch_assoc(mysql_query("SELECT usr, id FROM members WHERE usr='".$usr."' AND pass='".md5($pass)."'"));
if($row['usr']){
$_SESSION['usr'] = $row['usr'];
$_SESSION['id'] = $row['id'];
$_SESSION['rememberMe'] = $remember;
setcookie('DirtPileGames',$remember);
}
?>
Now for some reason loginFunction.php is not setting the $_SESSION. I do a refresh and $_SESSION is blank.
Does anyone have any ideas why this wont work.
Don’t know the specific problem, because the session should be valid assuming you’re not accidentally calling session_destroy() somewhere. Some advice for debugging – make sure the session_id() matches on the pages; if it doesn’t something funny is going on. Could try explicitly calling session_write_close(). In addition set something in $_SESSION for the error case (when the user doesn’t exist) to make sure its not a simple logic error. Also, don’t use an md5 pretty please. Use some variant of sha, and salt it.
Edit: you mention session_name()
This call fixes the name of the session so you can refer to it on other pages. If you do a session_start() on another page without naming the session identically, it will spawn a new session with a new id.
Note from the php documentation: The session name is reset to the default value stored in session.name at request startup time. Thus, you need to call session_name() for every request (and before session_start() or session_register() are called).