PHP session variables wont work

Question

I am a PHP learner, and I have got some problems with PHP sessions.

I am trying to do a simple login test, but it seems as session variables wont follow when I direct to another page. The two important files:

Check login:

 <html>
<head>
    <title>
        <?php
            session_start();
        ?>
    </title>
</head>
<body>
    <?php

        $connection = mysql_connect("localhost", "root", "root");
        if(!connection)
        {
            die("could not connect to the database");
        }
        mysql_selectdb("phplogin", $connection) or die ("MySQL error i valg af database: " .mysql_error());
        $query = "Select * from users where username='".$_POST['username']."' AND password = '".$_POST['userpass']."'";
        $result = mysql_query($query);
        $count = mysql_num_rows($result);
        if($count==1){
            $_SESSION['loggedIn'] = "true";
            echo "The variable: ".$_SESSION['loggedIn'];
            header("Location: loggedinPage.php");
            exit;
        }
        if(!$count == 1){
            header("Location:Login.php");
            exit;
        }
    ?>
</body>

and the acces page:

 <html>
<head>
    <title>
        <?php
            session_start();
        ?>
    </title>
</head>
<body>
    <?php
        if($_SESSION['loggedIn'] != "true"){
            echo "You are NOT logged in";
            echo $_SESSION['loggedIn'];
            exit;
        }
            echo $_SESSION['loggedIn'];
            echo "You are logged in";
    ?>
</body>

Even though you give correct user and password, it still says that you are NOT logged in when directed to the new page. Another thing is the "header(Location: etc. etc)", this wont work, I have to redirect manually.

Any help :)? - David

Thanks, I got the logging in to work now, but the redirection still wont work? my file looks like this now:

 <?php
    session_start();
    ?>
    <?php

        $connection = mysql_connect("localhost", "root", "root");
        if(!connection)
        {
            die();
        }
        mysql_selectdb("phplogin", $connection) or die ("MySQL error i valg af database: " .mysql_error());
        $query = "Select * from users where username='".$_POST['username']."' AND password = '".$_POST['userpass']."'";
        $result = mysql_query($query);
        $count = mysql_num_rows($result);
        if($count==1){
            $_SESSION['loggedIn'] = "true";
            header("Location: loggedinPage.php");
        }
        if(!$count == 1){
            header("Location:Login.php");
        }
    ?>

<head>
    <title>

    </title>
</head>
<body>

</body>

im pretty sure your `if(!$count == 1)` is wrong. Not to mention it looks awkward . Are you trying to check if `$count` does equal 1? Or are you trying to check if `$count` is greater than 1? Furthermore, that is error prone because you should check if the value is equal to 1. Right now, your statement will be true if the value is greater than 1. What if you have 2 users with the same username / email address. — Ryan, Aug 21 '12 at 22:03
possible duplicate of [Headers already sent by PHP](http://stackoverflow.com/questions/8028957/headers-already-sent-by-php) — mario, Aug 21 '12 at 22:34

score 3 · Accepted Answer · answered Aug 21 '12 at 21:59

3

session_start() should be at the very top of your document and header() should only be executed before any output has taken place on the website.

answered Aug 21 '12 at 21:59

Wroclai

26,835
7
76
67

They're the same issue, by the way. `session_start` needs to send headers and headers need to come before output. – Ry- Aug 21 '12 at 22:25

score 0 · Answer 2 · answered Aug 21 '12 at 22:03

you should only open session or change its content before outputting data. session_start should be called before any output and

<html>
...

is output.

same goes with

$_SESSION['loggedIn'] = "true";

put all of the login related checks and initiations above any html

with header('Location... ') it's the same - should be before output

btw, i wouldn't go directly for

if($_SESSION['loggedIn'] != "true"){ ...

instead i'd check if it's set

if(!isset($_SESSION['loggedIn']) || $_SESSION['loggedIn'] != "true"){ ...

PHP session variables wont work

2 Answers2

Linked