Header Not Working With Sessions

Question

I have made a login system using sessions and cookies in php.

After logging in, I want users to go through pages in order, preventing them to go back to previous page or any page by using back button or typing url(Even when they are logged in). Except for the first information page, every page has a question and only the correct answer can get you to next page, sort of like a treasure hunt. For that I am using session variables for every page.

First page after login (users-area.php):

<?php
session_start();
require_once("user.cookies.php");

$firstname_user = $_SESSION["SESS_USERFIRSTNAME"];
?>

/*html part*/
<a href="q1.php">Question 1</a><br><br>
<?php
    $_SESSION["from_start"] = "true";
?>

<a href="logout.php">Logout</a>

Second Page after that (q1.php):

<?php
session_start();
require_once("user.cookies.php");

$firstname_user = $_SESSION["SESS_USERFIRSTNAME"];

if (isset($_POST["ans1"])) {         //if answer is submitted
    if ($_POST["ans1"]=="correct") {          //if answer is correct
        $_SESSION["from_q1"] = "true";    //for verifying in next page, q2.php
        header('Location: q2.php');       //heading to next page
    }
    else{                                 //if answer is not correct
        $_SESSION["from_start"] = "true";   //same page loads   
    }

}

if($_SESSION['from_start'] == "false"){    //to check that it came from users-area.php
   //if not, logout
   header("Location: logout.php");
}
else{             
   //if yes,reset the variable so that they can't access from anywhere else anymore
   $_SESSION['from_start'] = "false";
}
?>

//html part
<form method="POST">   //sending input to same page
    <input type="text" name="ans1">
    <input name="submit" type="submit" value="Sumbit">
</form>
<a href="logout.php">Logout</a>

The Page After That (q2.php):

<?php
session_start();
require_once("user.cookies.php");

$firstname_user = $_SESSION["SESS_USERFIRSTNAME"];

 if($_SESSION['from_q1'] == "false"){
   header("Location: logout.php");
 }
 else{
   $_SESSION['from_q1'] = "false";
 }

}
?>

The login system works great. But after adding all these restrictions, in q1.php, submitting the right answer leads to logging out. Even though I have put header('Location: q2.php'); before anything related to logout. Submitting the right answer should lead to q2.php.

Everything else works. Wrong answer in q1.php only reloads the page as expected. And trying to go to any page by back button or typing url leads to logout.

If it helps, here is user.cookies.php :

<?php
  //redirect function
  function returnheader($location){
    $returnheader = header("location: $location");
    return $returnheader;
  }

  if(!strlen($_SESSION["SESS_USERNAME"]) ){
    //redirect
    returnheader("index.php");
  }
?>

Why isn't q1.php working correctly with the right answer? Is it that header cannot be used one after the other?

put `exit;` after your `header` function.... – Nishant Solanki Feb 25 '14 at 13:39 — Nishant Solanki, Feb 25 '14 at 13:39

score 1 · Accepted Answer · answered Feb 25 '14 at 13:38

After header('Location: q2.php'); you must exit the script or the execution will continue on the next line.

if (isset($_POST["ans1"])) {         //if answer is submitted
    if ($_POST["ans1"]=="correct") {          //if answer is correct
        $_SESSION["from_q1"] = "true";    //for verifying in next page, q2.php
        header('Location: q2.php');       //heading to next page
        exit;
    }
    else{                                 //if answer is not correct
        $_SESSION["from_start"] = "true";   //same page loads   
    }

}

Header Not Working With Sessions

1 Answers1

Linked