php: session variable not available in header file

Question

I'm creating a website with a login. Here is my login.php:

<?php
include 'connect.php';
include 'header.php';

echo '<h3>Sign up</h3>';
$username="";
$finished = false;

if($_SERVER['REQUEST_METHOD'] == 'POST')
{
    /* so, the form has been posted, we'll process the data in three steps:
        1.  Check the data
        2.  Let the user refill the wrong fields (if necessary)
        3.  Save the data 
    */
    $errors = array(); /* declare the array for later use */

    if(!isset($_POST['user_name']))
    {
        $errors[] = 'The username field must not be empty.';
    }


    if(!isset($_POST['user_pass']))
    {
        $errors[] = 'The password field cannot be empty.';
    }


    if(!empty($errors)) /*check for an empty array, if there are errors, they're in this array (note the ! operator)*/
    {
        echo '<p class="error">login failed';
        echo '<ul>';
        foreach($errors as $key => $value) /* walk through the array so all the errors get displayed */
        {
            echo '<li>' . $value . '</li>'; /* this generates a nice error list */
        }
        echo '</ul></p>';
    }
    else
    {
        //the form has been posted without errors, so save it
        //notice the use of mysql_real_escape_string, keep everything safe!
        //also notice the sha1 function which hashes the password
         $sql = "SELECT 
                        user_id,
                        user_name,
                        user_level
                    FROM
                        users
                    WHERE
                        user_name = '" . mysql_real_escape_string($_POST['user_name']) . "'
                    AND
                        user_pass = '" . sha1($_POST['user_pass']) . "'";



        $result = mysql_query($sql);
        if(!$result)
        {
            //something went wrong, display the error
            echo '<p class="error">Something went wrong while registering. Please try again later.</p>';
            //echo mysql_error(); //debugging purposes, uncomment when needed
        }
        else
        {
            if(mysql_num_rows($result) == 0)
            {
                echo '<p class="error">You have supplied a wrong user/password combination. Please try again.</p>';
            }
            else
            {
                $_SESSION['signed_in'] = true;
                while($row = mysql_fetch_assoc($result))
                {
                    $_SESSION['user_id']    = $row['user_id'];
                    $_SESSION['user_name']  = $row['user_name'];
                    $_SESSION['user_level'] = $row['user_level'];
                }

                echo 'Successfully logged in as ' . $_SESSION['user_name'];
                $finished=true;
            }
        }
    }
}
if(!$finished) {
echo '<form method="post" action="">
        <table>
            <tr>
                <td>Username:</td><td> <input type="text" name="user_name" value="' . $username . '"/></td>
            </tr>
            <tr>
                <td>Password:</td><td> <input type="password" name="user_pass"/></td>
            </tr>
        </table>
        <input type="submit" value="login" />

     </form>';
}

include 'footer.php';
?>  

my header.php:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
        <meta name="description" content="A short description." />
        <meta name="keywords" content="put, keywords, here" />
        <title>PHP-MySQL forum</title>
        <link rel="stylesheet" href="style.css" type="text/css">
    </head>
    <body>
        <h1>My forum</h1>
        <div id="wrapper">
            <div id="menu">
                <a class="item" href="index.php">Home</a> -
                <a class="item" href="/forum/create_topic.php">Create a topic</a> -
                <a class="item" href="/forum/create_cat.php">Create a category</a>



                    <div id="userbar">
                                    <?php
                        if($_SESSION['signed_in'])
                        {
                            echo 'Hello' . $_SESSION['user_name'] . '. Not you? <a href="signout.php">Sign out</a>';
                        }
                        else
                        {
                            echo '<a href="login.php">Log in</a> or <a href="sign up">create an account</a>.';
                        }
                                    ?>
                    </div>

            </div>
            <div id="content">

and the footer:

            </div><!-- content -->
        </div><!-- wrapper -->
    </body>
</html>

Now when i login succesfully, and i try to access the $_SESSION['signed_in'] in the header it is not set(i tried an output with echo and it didnt show anything). 'user_name' etc. is also not set, but in the login.php it has the correct content. What am i doing wrong?

Answer 1

For sessions to work in PHP, you must start them first using session_start(). You can do that in your script by either adding that at top of login.php or connect.php, Like below:

<?php
session_start();
include 'connect.php';

Better add it in connect.php to make it available on all other pages as well.

WARNING

mysql_* is DEPRECATED as of php-5.5 and was REMOVED in php-7.0. So instead use mysqli_* or PDO.
Why shouldn't I use mysql_* functions in PHP?

Answer 2

on the first line, the first thing to do is to create the session.

  <?php
   session_start();
  ?>

remember to write this line as the first thing on every file which uses the session variables