Session variables lost after redirecting

Question

I searched about this and I found some articles but my problem didn't solve. I have login system that uses Session variables to check is user logged in or not. When user logs in I do :

$_SESSION['logged'] = true;

and then redirect to a user page.
It works perfect on some devices but on some deviced when the page redirects, the variables are lost and user is not logged in.

I use this to redirect :

die("<script>window.location = \"..\userpage\"</script>");

`$_SESSION` are server-side script, this shouldn't impact whether you try on desktop or mobile. Do you have any `client-side` code that'd impact your code? — D4V1D, Mar 29 '15 at 08:45
Would have said the same as http://stackoverflow.com/a/12091117/4382892 — Marc, Mar 29 '15 at 08:45
@D4V1D No, I don't. It's a form on wordpress. I forgot something to tell, After logging in and setting sessions, The browser redirect to a page on same domain using die(); — ARKhoshghalb, Mar 29 '15 at 08:48
Can you check if the specific devices do get the cookie (assuming you're using cookies) and accept it? E.g. chrome/safari/firefox developer tools -> network panel + cookie listing in browser settings should show those two things — griffin, Mar 29 '15 at 09:56
Write an answer, don't edit the question. Though that is the most obvious cause and should have been the first thing to check. — AD7six, Mar 29 '15 at 11:52
@AD7six Well, I didn't know that! It would be great if someone like you wrote me that. — ARKhoshghalb, Mar 29 '15 at 13:35
@SAKT Answering every permutation of that question does not help you/readers. 1) [check your error logs](http://stackoverflow.com/q/5127838/761202) 2) [Look for questions matching the error message](http://stackoverflow.com/search?q=headers+already+sent). _Always_ check for/read/find the error message. — AD7six, Mar 29 '15 at 15:40

score 1 · Accepted Answer · answered Mar 29 '15 at 13:33

1

session_start() should be called before any HTML tag.

answered Mar 29 '15 at 13:33

ARKhoshghalb

85
1
13

score 0 · Answer 2 · edited May 23 '17 at 12:29

0

The session problems for login page might occur because the URL you are opening in the browser are not unique. For example, If say you are creating a login page for your website, and you have created sessions successfully. Now, if you are logging in from URL say http://example.com then your session is limited to this URL only. If you again open the above URL like http://www.example.com (note www. in both urls), then you will see that you are not logged in. So please be sure that your webpage is opening always in single type of URL. Though both URL's will redirect to the same destination, use URL either with www. or without www. For more check this post

edited May 23 '17 at 12:29

Community

1
1

answered Mar 29 '15 at 09:31

Choxx

945
1
24
46

I'm using relative links. I redirect to "/user/index.php". It shouldn't change the www. – ARKhoshghalb Mar 29 '15 at 09:40
well that's in inside of the scripting. You have to make sure that in the browser's address bar the URL's must be same. – Choxx Mar 29 '15 at 09:42
Not the exact URL, i means the prefixes. i.e. **with www. or without www.** – Choxx Mar 29 '15 at 09:44

score 0 · Answer 3 · answered Mar 29 '15 at 09:42

Sessions are server side, but they also need info about user who created them. For this, usually, cookies are used.

session_name('ID'); 
ini_set('session.use_cookies', 1);
session_start();

But if your browser does not suppoert cookies or user disables them, your session wont work. That you have to pass session manually as a part of the URL query string (for example see this)

griffin · Answer 4 · 2015-03-29T09:53:50.140

Try using

session_write_close()

Before redirecting. It could potentially be a race condition. Other than that, you might want to check the cookie store on a device where it's not working - the browser might not set the cookie for some reason (that is, if you're using cookies and not url query parameters, which is also possible with php). You might also want to check cookie options on

setcookie(...)

especially $secure and $httponly in case you're setting the cookie yourself. Also make sure $expire is set to a future date and in the correct format (timestamp) if you're using that parameter. For more info see

http://php.net/manual/en/function.setcookie.php

Another reason might be that it's not the device/browser, but where they are connected to the internet. A proxy might cache responses (there are some really strange proxy configurations out there, some of which ignore setcookie headers and just pass the cached page without those) which might be the reason it's not working.

Another thing I could think of is that your session store doesn't save the session sometimes. By default most php installations save sessions to files and then they are regularly deleted. If the partition / mount point / ... is full, the session will not be saved. You should be able to check this if you have a look at server error logs (that is, if you have error logging enabled and configured on your server)

Yet another reason might be that the specific browsers send the do-not-track header information and for some reason this makes your server not send the cookie (this would be an extreme edge case, as normally most servers just ignore do-not-track information, but who knows ...)

Session variables lost after redirecting

4 Answers4