I have a site hosted on GoDaddy (maybe this is part of the problem?) and I am trying to make a login system with $_SESSION. However, the variables do not stay after the page redirects. On the login page the code is:
session_set_cookie_params(0, "/");
session_start();
include 'hidden/config.php';
require 'hidden/password.php';
$error = "";
if($_SERVER["REQUEST_METHOD"] == "POST") {
$myusername = mysql_real_escape_string($_POST['username']);
$mypassword = mysql_real_escape_string($_POST['password']);
$sql = "SELECT password FROM ns_users WHERE username = '$myusername'";
$storedpw = mysql_query($sql);
$row = mysql_fetch_array($storedpw);
$count = mysql_num_rows($storedpw);
if($count == 1) {
if (password_verify($mypassword, $row['password'])) {
$_SESSION["loginuser"] = $myusername;
echo "<script type='text/javascript'>window.top.location='account.php';</script>"; exit();
} else {
$error = "Invalid username or password";
}
}else{
$error = "Invalid username or password";
}
}
config.php has the database connections. And the session.php code that is included at the account.php page:
session_set_cookie_params(0, "/");
include 'hidden/config.php';
session_start();
if(!isset($_SESSION["loginuser"])){
echo "<script type='text/javascript'>window.top.location='login.php';</script>"; exit();
}else{
$username = $_SESSION["loginuser"];
$sql = "SELECT * FROM ns_users WHERE username='$username';";
$userinfo = mysql_query($sql);
$row = mysql_fetch_array($userinfo);
$user_id = $row['id'];
$user_firstname = $row['firstname'];
$user_lastname = $row['lastname'];
$user_email = $row['email'];
$user_signupdate = $row['signup_date'];
}
After I submit the login, it redirects to account.php but then sends me back to login, meaning the $_SESSION variables are not staying after the redirects. However, I know they are being set because I can retrieve their values if I take out the redirect and add an echo $_SESSION["loginuser']; on login.php.
