Session lost after page refresh

Question

So i know that session_start() should be on top of every script. Like this:

logins.php

<?php
session_start();
$_SESSION['user_level_id'] = $user_level_id;
header('Location: ' . base_url('views/index.php')); 
exit();

and to try the session:

index.php

<?php
session_start();
var_dump($_SESSION['user_level_id']);

which results to:

string(1) "6"

and after refresh:

Undefined index: user_level_id in C:\xampp\htdocs\Framework\views\index.php on line

NULL

I have seen many posts about losing the session on page refresh and answers are to put session_start() on the first line of the script. But seems like it does not work in my code.

Update:

I tried creating a file without anything included, in my previous logins.php, I have included multiple files. So my new file is like:

<?php
session_start();

$_SESSION['user_level_id'] = 'asdf';
session_write_close();
header('Location: /Framework/views/index.php'); 
die();

And somehow, in the index.php, the session is not killed. I wish to post my whole code on login to see if there are anything wrong with it. Here it is:

if(isset($_POST['btn_login'])){
$username = $init->post('login_username');
$password = $init->post('login_password');

$_SESSION['logged_in'] = false;

if(!validate([$username, $password])){
    header('Location: ' . base_views('index.php?e=1'));
    exit();
} else{

    $check_username = "SELECT accounts.user_level_id , user_levels.user_level, accounts.account_id
        FROM accounts 
        JOIN user_levels 
        ON accounts.user_level_id = user_levels.user_level_id 
        WHERE username = '$username'";

    $count = $init->count($check_username);

    if($count > 1){
        header('Location: ' . base_views('index','e=2'));
        exit();
    } elseif($count === 0){
        header('Location: ' . base_views('index', 'e=3'));
        exit();
    } else{

        $sql = $init->getData($check_username);

        $user_level_id = $sql[0]->user_level_id;
        $user_level = $sql[0]->user_level;
        $account_id = $sql[0]->account_id;

        if($user_level_id === '5' || $user_level_id === '6'){
            $query = "SELECT accounts.password, students.student_id, names.fname, names.mname, names.lname, positions.position, positions.position_id
                FROM accounts 
                JOIN students ON accounts.account_id = students.account_id 
                JOIN names ON students.name_id = names.name_id 
                LEFT JOIN ssc ON ssc.students_id = students.students_id
                LEFT JOIN positions ON positions.position_id = ssc.position_id
                WHERE accounts.account_id = '$account_id'";

            $sql = $init->getData($query);

            $student_id = $sql[0]->student_id;

        } else{
            $query = "SELECT accounts.password, employees.employee_id, names.fname, names.mname, names.lname, positions.position, positions.position_id, positions.office_id, offices.office
            FROM accounts 
            JOIN employees ON employees.account_id = accounts.account_id 
            JOIN names ON employees.name_id = names.name_id 
            JOIN positions ON employees.position_id = positions.position_id 
            JOIN offices ON positions.office_id = offices.office_id
            WHERE accounts.account_id = '$account_id'";

            $sql = $init->getData($query);

            $employee_id = $sql[0]->employee_id;
            $office_id = $sql[0]->office_id;
            $office = $sql[0]->office;
        }

        $fname = $sql[0]->fname;
        $mname = $sql[0]->mname;
        $lname = $sql[0]->lname;
        $hash = $sql[0]->password;
        $position = $sql[0]->position;
        $position_id = $sql[0]->position_id;

        if(!password_verify($password, $hash)){
            header('Location: ' . base_views('index', 'e=4'));
            exit();
        } else{
            $_SESSION['user_level_id'] = $user_level_id;
            $_SESSION['user_level'] = $user_level;
            $_SESSION['account_id'] = $account_id;
            $_SESSION['full_name'] = "$fname $lname";
            $_SESSION['position'] = $position;
            $_SESSION['logged_in'] = true;
            
            if($user_level_id === '5'){ // Student
                header('Location: ' . base_views('student/index'));
                exit();

            } elseif($user_level_id === '6'){ // ssc
                if($position_id === '14'){
                    echo "administrator";
                } else{
                    // header('Location: ' . base_views('ssc/index'));
                    $_SESSION['user_level_id'] = 'asdf';
                    session_write_close();
                    header('Location: ' . base_url('views/loader.php'));    
                    die();
                }
            } elseif($user_level_id === '7'){ // Building Coordinator
                header('Location: ' . base_views('bldg_coordinator/index'));
                exit();

            } elseif($user_level_id === '2'){ //  Administration
                $_SESSION['office_id'] = $office_id;
                $_SESSION['office'] = $office;

                switch ($office_id) {
                    case '11': // Management Information System
                        header('Location: ' . base_views('mis/index'));
                        exit();
                        break;

                    case '12': // Plant and Facilities
                        header('Location: ' . base_views('plant_and_facilities/index'));
                        exit();
                        break;

                    case '6': // Office of Student Affairs
                        header('Location: ' . base_views('student_affairs/index'));
                        exit();
                        break;

                    case '13': // Supreme Student Council Administration
                        header('Location: ' . base_views('adviser/index'));
                        exit();
                        break;
                    
                    default:
                        header('Location: ' . base_views('index', 'e=5'));
                        session_destroy();
                        exit();
                        break;
                }
            } else{
                session_destroy();
                header('Location: ' . base_views('index', 'e=6'));
                exit();
            }
        }
    }
}

}

S. Imp · Answer 1 · 2018-12-15T18:31:03.000

1

If it works the first time, that suggests that it's mostly working -- i.e., the necessary cookies are getting propagated, etc. If you refresh index.php and the session value is gone, this suggests that somewhere in that file the value got unset or changed. This could happen if you accidentally tried to check the value but used one equal sign = instead of two == like so:

if ($_SESSION["user_level_id"] = NULL) { // this actually sets the value to null
    // BLAH BLAH BLAH
}

Or you might have done this:

unset($_SESSION["user_level_id"]);

If you don't have any code that might have made this change, that suggests that perhaps the session got lost. This can happen when the session cookie gets lost (or changed somehow). Would you feel comfortable sharing more of your code?

EDIT: other possibilities:

a redirect from http to https can result in a session getting lost
the session may have expired. this could happen if you either have a very short session expiration time or if you left the browser open and came back after a long time to resume work
if you are using codeigniter, consider auto-loading (or explicitly loading) the session library instead of calling session_start because it relies on some customized session handling

edited Dec 15 '18 at 18:31

answered Dec 15 '18 at 18:25

S. Imp

2,833
11
24

my index.php sir only have three lines which include the php open tags and I am not using CodeIgniter however i think the problem is in the redirect – Karma Blackshaw Dec 15 '18 at 18:40
I tried creating a new file, which redirects to the index.php with the session. It works, maybe the problem is in the LoginsController.php – Karma Blackshaw Dec 15 '18 at 18:45
So far you've posted 2 lines. Perhaps you could edit your post to clarify what the third line is and clearly indicate that is the *entire file*? Your paths/urls suggest that you are using a Framework, and we don't know anything about how that might be interfering. – S. Imp Dec 15 '18 at 18:46
my index.php contains only these lines codes sir, – Karma Blackshaw Dec 15 '18 at 18:49
` – Karma Blackshaw Dec 15 '18 at 18:50
and as to the paths/urls, i only created helpers do deal with the functions which I included that in my previous LoginsController – Karma Blackshaw Dec 15 '18 at 18:51

Session lost after page refresh

1 Answers1