PHP session variables blank after page refresh

Question

I wrote a post about this earlier and got good responses that corrected a mistake I had, which I thought fixed the problem. Unfortunately it didn't, and my old post is messy enough that I'm going to repost the problem, but with the added perspective I have gained struggling with this for another good while.

Code (simplified):

<?php
session_start();

if (!$_SESSION["companyid"]) {

header("location: http://www.somepage.com");

}

mysql_connect("localhost", "name", "password") or die(mysql_error());
mysql_select_db("database") or die(mysql_error());

$companyid = $_SESSION["companyid"];

$_SESSION["youtubeurl"] = mysql_real_escape_string($_POST["youtubeurl"]);
$_SESSION["logourl"] = mysql_real_escape_string($_POST["logourl"]);

$_SESSION["plan1head"] = mysql_real_escape_string($_POST["plan1head"]);
$_SESSION["plan1description"] = mysql_real_escape_string($_POST["plan1description"]);
$_SESSION["plan1headline1"] = mysql_real_escape_string($_POST["plan1headline1"]);
$_SESSION["plan1price1"] = mysql_real_escape_string($_POST["plan1price1"]);
$_SESSION["plan1headline2"] = mysql_real_escape_string($_POST["plan1headline2"]);
$_SESSION["plan1price2"] = mysql_real_escape_string($_POST["plan1price2"]);
$_SESSION["plan1price1type"] = mysql_real_escape_string($_POST["plan1price1type"]);
$_SESSION["plan1price2type"] = mysql_real_escape_string($_POST["plan1price2type"]);

if(isset($_POST["submitpreview"])) {

$companyid = $_SESSION["companyid"];

$youtubeurl = $_SESSION["youtubeurl"];
$logourl = $_SESSION["logourl"];
$plan1head = $_SESSION["plan1head"];
$plan1description = $_SESSION["plan1description"];
$plan1headline1 = $_SESSION["plan1headline1"];
$plan1price1 = $_SESSION["plan1price1"];
$plan1headline2 = $_SESSION["plan1headline2"];
$plan1price2 = $_SESSION["plan1price2"];
$plan1price1type = $_SESSION["plan1price1type"];
$plan1price2type = $_SESSION["plan1price2type"];

}

?>

Now, there are three pages/instances involved with this:

Page with forms that pass variables to a preview page
Preview page
Submitted preview page (meaning page is refreshed)

A person has their own page filled with various text fields and drop-down menus (page 1). They can update this page, and when they fill out the form to do that and submit it, those variables are passed onto the preview page. If they like the preview page, that confirm it (submitting a form that executes "submitpreview").

Here is my problem: All the session variables that are being filled by the form (everything but company id, which is stored in a session when they first log in) are immediately dumped into a session variable. I have echoed out those session variables at the bottom of the preview page (just to confirm they are not empty at this point in time), and their contents are echoed out appropriately when I get to the preview page. However, when the user confirms the changes and submitpreview is set, suddenly those session variables are empty. That is, all the session variables that were filled by the form variables are empty. The session variables that echoed out just fine before the page was refreshed are gone except for the companyid variable. Since the companyid session variable is still just fine, so I know that (1) sessions on my server must be working right and (2) the problem lies with the code that is either dumping the form variables into the sessions or retrieving those variables. Any theories as to why this may be occurring?

This has me pretty frustrated. I appreciate your patience with me on this issue and appreciate any help that is given.

Welcome to Stack Overflow! Please, don't use `mysql_*` functions to write new code. They are no longer maintained and the community has begun the [deprecation process](http://news.php.net/php.internals/53799). See the [red box](http://uk.php.net/manual/en/function.mysql-connect.php)? Instead you should learn about [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement) and use either [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli). If you pick PDO [here is a good tutorial](http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers). — War10ck, Feb 11 '13 at 20:07
are session_start(); exist on all pages? do you tried to print_r($_SESSION) when the sessions disappear? — , Feb 11 '13 at 20:08
When I do that, it gives me this: (I have this printed after the previewsubmit is set). Array ( [youtubeurl] => [logourl] => [plan1head] => [plan1description] => [plan1headline1] => [plan1price1] => [plan1headline2] => [plan1price2] => [companyid] => 7. And yes, session_start() is at the beginning of all my pages. — Pete_1, Feb 11 '13 at 20:12

score 1 · Answer 1 · answered Feb 11 '13 at 20:31

Figured it out, thought I would share.

In instances such as this when your have session variables equal to post variables on a page that refreshes, you to have be careful. When my preview page would refresh, the post variables (since they no longer existed) became empty, which overwrote the information for the session variables I had previously saved and in turn made those session variables empty as well. I had to adjust my code accordingly to fix that problem.

Yes you need to check how and where session [company id] gets value in order to use else where — Shridhar, Feb 11 '13 at 21:36

score 0 · Answer 2 · answered Jan 09 '15 at 09:30

The problem, as described in Pete_1s answer, is caused by register_globals. This results in the mixing of different variables with equal names . This:

foreach ($_SESSION AS $name -> $value) {
  unset ($_GLOBALS[$name]);
}
foreach ($_POST AS $name -> $value) {
  unset ($_GLOBALS[$name]);
}
foreach ($_GET AS $name -> $value) {
  unset ($_GLOBALS[$name]);
}

will solve the problem, if you have no means of deactivating register_globals.

PHP session variables blank after page refresh

2 Answers2

Linked