PHP Session not holding variables

Question

Im attempting to log users into a website using their ID and a hashed password (Checks the database and passes).

However, when i successfully log in, the server is not holding all the $_SESSION Variables i have set.

PHP Login Code:

<?php
session_start();
include '../Main/dbh.php';

$ID=$_POST['ID'];
$pwd=$_POST['Password'];

$spwd=md5($pwd);



$sql = "SELECT * FROM account WHERE ID='$ID' AND pwd='$spwd'";
$result = $conn->query($sql);
if(!$row = $result->fetch_assoc()) {
    Header("Location: ../Index.php");
} else {
    $_SESSION['LoggedIn'] = 1;
    $_SESSION['ID'] = $row['ID'];
    $_SESSION['First Name'] = $row['First Name'];
    $_SESSION['Last Name'] = $row['Last Name'];
    $_SESSION['Email'] = $row['Email'];
    $_SESSION['pwd'] = $row['pwd'];
    $_SESSION['staff'] = $row['staff'];
    $_SESSION["Executive"] = $row['Executive'];
    $_SESSION['HR'] = $row['HR'];
    
    header("Location: Login.php");
}

DBH Connection:

    <?php
session_start();
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "AVA Screenshot Centre";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} else { echo "YA!"; }
?>

Header Code (Echo Function):

<?php
session_start();
include 'SiteURL.php';
echo $_SESSION['ID'];
$UserStaff="0";
?>

The Error comes when i am trying to echo the $_SESSION['ID'] variable, or any other set in the Login process. Sorry, been a while since i have coded, all help is appreciated.

Your script is at risk of [SQL Injection Attack](//stackoverflow.com/questions/60174) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](//stackoverflow.com/questions/5741187) Use [prepared parameterized statements](https://php.net/manual/en/mysqli.quickstart.prepared-statements.php). — John Conde, Mar 29 '18 at 01:47
`md5()`is obsolete for hashing passwords and should *not be used*. PHP provides [password_hash()](http://php.net/manual/en/function.password-hash.php) and [password_verify()](http://php.net/manual/en/function.password-verify.php), please use them. And here are some [good ideas about passwords](https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet). If you are using a PHP version prior to 5.5 [there is a compatibility pack available here](https://github.com/ircmaxell/password_compat). — John Conde, Mar 29 '18 at 01:47
@KarloKokkak the third block is on the header, it is where i am trying to echo the Session Variable — JoshuaMicallef, Mar 29 '18 at 02:07
Not exactly sure what you mean, it is not meant to be there, the only reason it is there is so i can see if the variable has been set or not — JoshuaMicallef, Mar 29 '18 at 02:09
It runs to Login.php, where the user inputs their ID and Password, then it runs to Login.inc.php to verify their data, if all is correct, they get redirected back to the Login Page. Otherwise, the Index page — JoshuaMicallef, Mar 29 '18 at 02:17
I tested your code, it works fine. What's the content of SiteURL.php ?? — Karlo Kokkak, Mar 29 '18 at 02:28
@KarloKokkak Fixed the issue, because i was returning to the same page once completed, the Server Values where not being set, thanks for your help :) — JoshuaMicallef, Mar 29 '18 at 02:28

PHP Session not holding variables

0 Answers0