Session missing after redirect (live server only)

Question

I have been created a login page for user to login. The code is working properly in localhost but not in live server. User can't login on live server and I found out that everytime redirect to index.php, the session will lost, so that user can't login due to lost of session. You have any idea on this?

<?php 
session_start();
include "header.php";
if (!empty($_POST)){
 include 'database_connect.php';
 $username = $_POST['username'];
 $password = $_POST['password']; 
 $username = stripslashes($username);
 $password = stripslashes($password);
 $username = mysql_real_escape_string($username);
 $password = mysql_real_escape_string($password);
 
 $sql = "SELECT * FROM users where username='$username' and password='$password'";
 $result = mysql_query($sql, $con);
 $rows = mysql_num_rows($result);
 if ($rows == 1){
  $_SESSION['username'] = $username;
  echo "<script>window.location = \"index.php\";</script>";
  //header("Location: index.php?" . SID);
 }else{
  echo "<div class='col-md-12 col-xs-8 alert alert-danger' align='center'>Invalid username and password. Please try again</div>";
 }
 mysql_close($con);
}

?>

Index.php

<? session_start();?>
<script>alert ('<?php echo $_SESSION['username']; ?>');</script>

ini_set('session.gc_maxlifetime', 84600); write at top of your page the after session_start(); — Saty, May 14 '15 at 12:26
@saty has been add after the seesion_start(); but still can't login. It's weird as localhost can work properly but when come to server it can't work already... — Howard, May 14 '15 at 12:32
Take a look at these answers: http://stackoverflow.com/questions/17242346/php-session-lost-after-redirect — davidgiga1993, May 14 '15 at 13:03

score 0 · Answer 1 · answered May 14 '15 at 13:15

0

Check session in your index.php page.just start session and echo user session. if you get then try if condition.

<?php  session_start(); 
echo $_SESSION["username"];

if($_SESSION["username"]){


echo "bla bla";


}?>

answered May 14 '15 at 13:15

smart developer

49
1
8

score -1 · Answer 2 · answered May 14 '15 at 12:47

<?php 
session_start();
include "header.php";
if (!empty($_POST)){
 include 'database_connect.php';
 $username1 = $_POST['username']; // change it
 $password1 = $_POST['password'];    // change it
 $username = stripslashes($username1); // change it
 $password = stripslashes($password1); // change it
 $username = mysql_real_escape_string($username);
 $password = mysql_real_escape_string($password);
 
 $sql = "SELECT * FROM users where username='$username' and password='$password'";
 $result = mysql_query($sql, $con);
 $rows = mysql_num_rows($result);
 if ($rows == 1){
  $_SESSION['username'] = $username;
  echo "<script>window.location = \"index.php\";</script>";
  //header("Location: index.php?" . SID);
 }else{
  echo "<div class='col-md-12 col-xs-8 alert alert-danger' align='center'>Invalid username and password. Please try again</div>";
 }
 mysql_close($con);
}

?>

You write same name username /password before strip the username/password as well as after , so change the name and try once

has been change, the issue still exist. – Howard May 14 '15 at 14:54 — Howard, May 14 '15 at 14:54

Sourabh Kumar Sharma · Answer 3 · 2015-05-14T12:53:55.047

-2

In the below code,

<?php session_start(); // your header.php file should not have a session start in that file
include "header.php";
if (!empty($_POST)){
    include 'database_connect.php';

    $username = $_POST['username'];
    $password = $_POST['password']; 
    $username = stripslashes($username);
    $password = stripslashes($password);
    $username = mysql_real_escape_string($username);
    $password = mysql_real_escape_string($password);

    $sql = "SELECT * FROM users where username='$username' and password='$password'";
    $result = mysql_query($sql, $con);
    $rows = mysql_num_rows($result);
    if ($rows == 1){
        $_SESSION['username'] = $username;

        ?><script>alert ('<?php echo $_SESSION['username']; ?>');</script><?
        echo "<script>window.location = \"index.php\";</script>";
        exit();
        //header("Location: index.php?" . SID);
    }else{
        echo "<div class='col-md-12 col-xs-8 alert alert-danger' align='center'>Invalid username and password. Please try again</div>";
    }
    mysql_close($con);
}

?>

You need to use session_start() function at the first line of the page after the php script starts

edited May 14 '15 at 12:53

answered May 14 '15 at 12:04

Sourabh Kumar Sharma

2,864
3
25
33

2

but in your code you write session_start() in 5th line why? – Saty May 14 '15 at 12:05
@saty read my suggestion first, i copied his own code and told him to write it the first line after the php tag. – Sourabh Kumar Sharma May 14 '15 at 12:09
the header.php has been added the session_start(); – Howard May 14 '15 at 12:11
@Howard If header.php has already started the session then please remove this session_start() function from here. It is an errror. – Sourabh Kumar Sharma May 14 '15 at 12:15
@Sourabh ok noted, has been remove the session_start() that in the header and 5th line, and also add session_start() at first line after the php tag, but still can't login.. – Howard May 14 '15 at 12:19
@Howard, then please check if you have that record in your database with the same username and password that you are trying to login with, and check if you are using any type of encoding for the password field like md5 or sha1 or if you are using simple varchar datatype for the password field. – Sourabh Kumar Sharma May 14 '15 at 12:25
@Sourabh hmm.. has been checked and it is ok. Actually the login work properly in localhost but not server live. I found out that it is because of missing session when redirect to other page. – Howard May 14 '15 at 14:57
@howard the Problem still exists? – etalon11 Dec 30 '15 at 19:07

Session missing after redirect (live server only)

3 Answers3