Page 1 of 1

$_SESSION[] not getting value

Posted: Sat Dec 05, 2009 12:17 pm
by mianmajidali
hi to all
i m using session in login and want to display database only members, i m using session id for this, but my database page cant get the session value.
i m giving code behind, please check and help
-------------------------------------------------------------------
this is check_login.php file
---------------------------------------------------
<?php
session_start();
$con = mysql_connect("localhost","username","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("oscobizz_os", $con);
$chk = mysql_query("select * from members where name='".$_POST['name']."' and pass='".$_POST['pass']."'");
if(mysql_num_rows($chk)>0)
{
$_SESSION['s_id']="1122";
header("Location: http://www.os-co.biz/data_final.php/");
}
else
echo "Wrong Username or Password:";
?>
----------------------------------------------------------------
this is database file named as data_final.php
-----------------------------------------------------------------
<?php
session_start();
echo $_SESSION['s_id'];
if($_SESSION['s_id']!=1122)
echo "Sorry: You are not logged in";
else
{
$con = mysql_connect("localhost","username","password");
if (!$con)
die('Could not connect: ' . mysql_error());
else
{
mysql_select_db("oscobizz_os", $con);
$result = mysql_query("SELECT * FROM query");
while($row = mysql_fetch_array($result))
{
echo "<html>";
echo "<body>";
echo "<table>";
echo "<tr>";
echo "<td>" . $row['date'] . "</td>";
echo "<td>" . $row['name'] . "</td>";
echo "<td>" . $row['email'] . "</td>";
echo "<td>" . $row['company'] . "</td>";
echo "<td>" . $row['country'] . "</td>";
echo "<td>" . $row['tel'] . "</td>";
echo "<td>" . $row['fax'] . "</td>";
echo "<td>" . $row['mob'] . "</td>";
echo "<td>" . $row['box'] . "</td>";
echo "<td>" . $row['query']."</td>";
echo "</tr>";
echo "</table>";
echo "</body>";
echo "</html>";
}//end of while
} //end of inner else
}//end of main else
?>
------------------------------------------------------------
when i provide the correct login info, and header calls the data_final.php file, it does not show the result, and display the msg "Sorry: You are not logged in" and also does not show the $_SESSION value by echo.

Re: $_SESSION[] not getting value

Posted: Sat Dec 05, 2009 1:08 pm
by AbraCadaver
Try:

Code: Select all

header("Location: http://www.os-co.biz/data_final.php/");
exit;
-Shawn

Re: $_SESSION[] not getting value

Posted: Sat Dec 05, 2009 3:57 pm
by daedalus__
dont use header to redirect.

use meta tags

Re: $_SESSION[] not getting value

Posted: Sat Dec 05, 2009 4:29 pm
by Katsu Webs
I dont know how helpful this is, but this is a snippet from one of my projects;


This code is from the login script, it takes $username2 from $_POST. Its been cleaned and varified before being check in the database and put in the session.

Code: Select all

$finddata = "SELECT * FROM users WHERE username='$username2' AND password='$password2'";
    $sendquery = MYSQLI_QUERY($cxn,$finddata) or die ('Database Unavailable');
    if(MYSQLI_NUM_ROWS($sendquery) > 0)
        {
        $_SESSION['user'] = $username2;
        echo "<html><head><meta http-equiv='REFRESH' content='0;url=http://localhost/Members.php'></head><body></body></html>";
        }
        else
            {
            echo "<html><head><meta http-equiv='REFRESH' content='0;url=http://localhost/loginfail.php'></head><body></body></html>";
            exit();
            }
Note the meta tags to redirect, which stops you from getting a parse error due to using header() after outputing values. Also note I start the session as soon as they go to the login page, before any other code,but only set the session to $_SESSION['user'] if username and password match their database entries.

This is the session authorisation code from the members page it redirects to.

Code: Select all

session_start();    
    if(!isset($_SESSION['user']))
        {
        echo"<html><head><meta http-equiv='REFRESH' content='0;url=http://localhost/loginfail2.php'></head><body></body></html>";
        }
I check the named session is set, this goes above all the html in the page. I had this same issue, the above code now works.

Re: $_SESSION[] not getting value

Posted: Sat Dec 05, 2009 6:51 pm
by AbraCadaver
daedalus__ wrote:dont use header to redirect.

use meta tags
Not if you want predictable results in all browsers. Also, use of meta refresh is discouraged by the W3C.

-Shawn