I have been trying to figure out this issue I am having with PHP and Session cookies. For some reason, when I go to a new page within the same server, the sesion variable is not populating, but the session_id() is. And then if I go back and log back in, it works?? I have tried a few links on here and googled around, but nothing seems to work.
class SessionRepository
{
public $errors;
public function StartSession()
{
session_start();
}
public function SetUserSession($userName,$fullName)
{
// Start session
$this->StartSession;
// Make sure there isn't something already set
/*if (isset($_SESSION['userName']))
unset($_SESSION['userName']);
*/
// Make sure there isn't something already set
/*if (isset($_SESSION['fullName']))
unset($_SESSION['fullName']);
*/
$_SESSION['userName'] = $userName;
$_SESSION['fullName'] = $fullName;
}
public function CheckLogin($userName)
{
$this->StartSession;
if(empty($_SESSION[$userName]))
{
return false;
}
return true;
}
public function DestroyUserSession()
{
$this->StartSession;
session_destroy();
}
}
include("useritemrepository.php");
include('UserItem.php');
include('sessionrepository.php');
include('login.php');
if(!isset($_POST['submitcreds']))
{
LoginPage($loginerror);
}
else
{
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
$userName = $_POST["userName"];
$password = md5($_POST["password"]);
$session = new SessionRepository();
$userRepository = new UserItemRepository();
$loggedin = $userRepository->LoginUser($userName,$password);
if($userRepository->errors !="")
echo $userRepository->errors;
if ($loggedin->UserName =="")
{
$loginerror = "Invald Credentials, Please try again";
LoginPage($loginerror);
}
else
{
$fullName = $loggedin->FirstName . " " . $loggedin->LastName;
// Build Session
$session->SetUserSession($userName,$fullName);
echo "Session:" . $_SESSION["fullName"] ." ". $_SESSION["userName"];
LoggedIn();
exit();
}
}
}
Then Here is the login page (login.php)
session_start();
function LoginPage($loginerror)
{
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>
Cold Calling Center
</title>
<link rel='stylesheet' href='site.css'/>
</head>
<body>
<br/>
<br/>
<br/>
<div id="wrapper" class="wrapper" width="600px" height="600px">
<form name="login" action="<? $_SERVER["PHP_SELF"];?>" method="post">
<span id="login-header" class="login-header"><? echo $loginerror;?></span>
<br/>
<br/>
<span id="header">Welcome to Cold Calling Central</span>
<table id="login-table">
<th id="table-header">Login Form</th>
<tr id="login-row">
<td id="login-cell">UserName:</td>
<td id="login-cell"><input type="text" name="userName"/></td>
</tr>
<tr id="login-row">
<td id="login-cell">Password:</td>
<td id="login-cell"><input type="password" name="password"/></td>
</tr>
<tr id="login-row">
<td id="login-cell"><input type="submit" name="submitcreds" value="Login"/></td>
</tr>
<tr id="login-table">
<td id="login-row"><a href="forgotPassword.php">Forgot Password</a></td>
</tr>
<tr id="login-table">
<td id="login-row"><a href="register.php">Not Registered?</a></td>
</tr>
</table>
<input type="hidden" name="PHP_AUTH_USER"/>
</form>
</div>
</body>
</html>
}
function RedirectToPage()
{
$url ="loggedin.php";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>
<META HTTP-EQUIV="Refresh"
CONTENT="1; URL=<?
/*Redirect user to their page upon update */
echo $url;?>">
<title>Thank you for logging in</title>
<link rel="stylesheet" type="text/css" media="screen" href="briefing.css"/>
</head>
<body>
<div id="shadow">
<div id="wrapper">
<div id="branding"></div>
<div id="content">
<h2></h2>
<table class="briefing" width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td colspan="2"><h4>Thank you for logging in <? echo $_SESSION['fullName'];?>.. you are now being redirected to your page!</h4></td>
<td> </td>
</tr>
</table>
</div>
</div>
</div>
</body>
</html>
<?
}
function LoggedIn()
{?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta name="generator" content="HTML Tclassy for Linux (vers 6 November 2007), see www.w3.org">
<title>Registration</title>
<link rel='stylesheet' href='site.css' type="text/css">
</head>
<body>
<div id="wrapper" class="wrapper">
<span id="login-header" class="login-header"><? echo "Welcome: " . $_SESSION['fullName']; ?></span>
<ul id="menu-List" class="menu-list">
<li class="list-item"><a class="menu-link" href="loggedin.php">Home</a></li>
<li class="list-item"><a class="menu-link" href="test.php">Home</a></li>
<li class="list-item"><a class="menu-link" href="index.php">Home</a></li>
<li class="list-item"><a class="menu-link" href="index.php">Home</a></li>
</ul>
</div>
</body>
</html>
}
And here is the page off of one of the links in the landing page. When I use the link to go to test.php, (the code below, it does not carry the Fullname session, but if I go back and login again, it works?
session_start();
echo session_id();
echo "Name: " . $_SESSION["fullName"];
put
session_start();
always at the very top of your page!
so here it will probably work:
because: if there is a single space outside of (or more) in the other files you include. Session_start will not work. This space will be written to the output and session_start can not modify the http header of the page. Usually you get an error/warning/notice when that happens. So enable your errors or look for the error-logfile. Since you are starting -> put the warnings and errors in the output and make shure you disable them when you deploy.
in essence 3 pieces of adivce: