0

I am developing a web application using PHP in which a user initially has to sign in and view his content. I am using PHP sessions to maintain state. I encountered following problems:

  1. Although I started the session on each page and after relevent session variables are set, the session is destroyed each time the page is refreshed or when I browse the same URL on a different tab.
  2. I need the user to be redirected to his content page when the user browsed login page with he has already logged in.

I'm really new to PHP, So I have no idea how to solve these problems. I referred several questions in the stackoverflow, but they all say that sessions are not destroyed on page refresh. I could not understand what's wrong with my page. Any solution with explaination is greatly appreciated.

Login page

<?php

session_start();

class Sessions{
        public static function setSessionState($userdata){
            unset($userdata['password']);
            unset($userdata['timestamp']);
            $_SESSION['user']=$userdata;
        }
    }

if(isset($_POST['username']) && isset($_POST['password'])){
        $dbcon = new DBConnection();
        $dbcon->connect();
        $username= strip_tags(stripslashes(trim($_POST['username'])));
        $password = strip_tags(stripcslashes($_POST['password']));
        echo "<script>alert($username);</script>";
        $result = $dbcon->getUser($username,$password);
        if(mysqli_num_rows($result)==1){
            $user = $dbcon->getUserData($result);     #getUserData function accepts mysqli result as an input and returns a row(array) of user details.
            if(isset($user)){
                Sessions::setSessionState($user);
                header("location:index.php");
            }
            else{
                echo "user variable is not set!!!";
            }
        }
        else if(mysqli_num_rows($result)==0){
            echo "Login error! Username or Password incorrect!";
        }
        else{
            die("Unknown Error occured!");
        }
    }
............

Index page(in which user's private content is visible)

<?php 

    session_start();

    if(isset($_SESSION['user'])){
        print_r($_SESSION['user']);
    }
    else{
        echo "session variable not set";
    }
?>

Thank you.

Deepal
  • 1,729
  • 5
  • 24
  • 34
  • Logg down the every page's SESSION ID and make sure they stay same – Risto Novik Jan 02 '14 at 08:46
  • You mean PHPSESSID cookie value? It is same all the time even though I refresh the page. – Deepal Jan 02 '14 at 08:49
  • Also I looked at the session id using session_id(). Trivially it shows the same. – Deepal Jan 02 '14 at 14:41
  • are you sure you are not recreating session over and over again, put some logging ? – Risto Novik Jan 02 '14 at 14:49
  • Sorry I don't understand what you mean. I have put start_session() on start of every page. And passing session variables among pages works fine as well. Even if session variables vanishes when refresh, PHPSESSID value (session id) remains same. Session ID does not change when page is refreshed. Only variables set with $_SESSION variable are unset. Sorry, I don't understand what you mean by logging. – Deepal Jan 02 '14 at 16:28
  • Well some more things you can look, how to log messages http://stackoverflow.com/questions/3531703/how-to-log-errors-and-warnings-into-a-file. First log down the content of $userData, and also the content of $_SESSION array. The command should be error_log(var_export($_SESSION)), error_log(var_export($userData)) – Risto Novik Jan 02 '14 at 16:59
  • Thanks @jurka. I'll have a look. – Deepal Jan 02 '14 at 17:01
  • Make sure that code below redirection to index does not get executed after you redirect. `exit;` Also can you add the rest of your code – PoX Jan 02 '14 at 20:20
  • 1
    Side note latest versions of chrome _might_ cache a redirect! so worth a try to check in incognito. This might not really be the case and I am just speculating. – Prasanth Jan 02 '14 at 20:43
  • Did you call `session_start()` on the login page? I don't see it. (Before attempting to set/use anything in `$_SESSION`) – meiamsome Jan 02 '14 at 21:36
  • @meiamsome, Yes I have called it at the top of the PHP script. – Deepal Jan 03 '14 at 02:49

2 Answers2

2

I finally found the answer which is actually my bad. I didn't mention the last part of the index.php file as I though that part is irrelevant.In that part I have a part,

<form action="<?php session_destroy(); ?>">

After commenting that session_destroy() method call, I could solve my problem and keep session alive.

Sorry for incomplete code.

Deepal
  • 1,729
  • 5
  • 24
  • 34
  • In my case, I wrote session_destroy() inside a javascript method thinking it would be executed only if this JS method is called. I was wrong. It executed each time the page loaded. – Rasshu Mar 26 '14 at 17:45
0

try this

class Sessions{
  public static function setSessionState($userdata){
     if ( !isset($_SESSION['user']) ) {
        $_SESSION['user'] = $userdata;
     }
  }
}
tonoslfx
  • 3,422
  • 15
  • 65
  • 107