Maintain a PHP session_start() with cookies

Question

I have a PHP code which starts a session using session_start(). Well, after a user is logged in, is brought to profile.php, which shows that user info. But when the user reloads the page, the session is gone. Is there any way I can maintain it an hour for example? I've tried cookies but I don't know how to tell PHP that the session is started already. Thanks!

Profile.php code for cookies and session start:

if(isset($HTTP_COOKIE_VARS['session'])){ 
     session_start();
} else {
    header('Location: index.php');
}

Login code:

session_start();

$_SESSION['pass']  = $password;
header('Location: ../profile.php');
setcookie("session","1",time()+3600,"/");

Code which checks the session:

if($_SESSION['pass'] == $tableArray[0]['password']) {
    $username = $tableArray[0]['name'];
    $avatar = $tableArray[0]['avatar'];
} else {
    header('Location: index.php');
}

I was calling session_destroy() on here:

<li><a href=<?php session_destroy(); echo "index.php"?>>Logout</a></li>

And forgot PHP runs before HTML :P that was the problem!

Is your session name 'session'? You didn't set its name to 'session' using `session_name('session')` in your login code. By default the session name (and cookie name) is `PHPSESSID` — Michael Berkowski, Jul 19 '11 at 13:19

score 3 · Accepted Answer · answered Jul 19 '11 at 13:13

3

you're not calling session_start() again or
you're calling session_destroy(); anywhere in file

answered Jul 19 '11 at 13:13

genesis

50,477
20
96
125

I only call `session_destroy();` on `
>Logout

pmerino

Jul 19 '11 at 13:16

1

then you call it ALWAYS. PHP is executed on the server, befor the user even see the link :-) – Rufinus Jul 19 '11 at 13:18

score 1 · Answer 2 · edited May 28 '12 at 16:42

1

Technically speaking I found the solution for this.

One thing is already specified change save path string else change the permission of the directory where your session is being stored.

I did this it worked for me.

If your session is stored in session dir then do this:

chmod 777 session/

edited May 28 '12 at 16:42

j0k

22,600
28
79
90

answered May 28 '12 at 10:44

Harish

21
9

Michael Berkowski · Answer 3 · 2011-07-19T13:18:08.387

0

I suspect you are not calling session_start() again on profile.php.

You must call session_start() on every script that will access the session data.

UPDATE after code posted

Instead of checking for the presence of the session cookie, instead do something like:

// Start the session first
session_start();
if (isset($_SESSION['username'])) {
  // user is already logged in
} else {
    header('Location: index.php');
}

edited Jul 19 '11 at 13:18

answered Jul 19 '11 at 13:12

Michael Berkowski

267,341
46
444
390

that wasn't the problem, it was I was calling session_destroy(); and forgot PHP code runs before HTML – pmerino Jul 19 '11 at 13:25

score 0 · Answer 4 · answered Jul 19 '11 at 13:13

0

Try to set session.use_cookies to be on (in php.ini/.htaccess)

answered Jul 19 '11 at 13:13

RiaD

46,822
11
79
123

score 0 · Answer 5 · answered Jul 19 '11 at 13:13

0

You have to say session_start() at the top of every script that needs to know the session data.

The session cookie is really none of your concern, you should consider that an "implementation detail". (The cookie will usually live in the user's browser until the browser exits.)

answered Jul 19 '11 at 13:13

Kerrek SB

464,522
92
875
1,084

I just tried it, but every time the page is reloaded it doesn't works. Edited with the code to check the session – pmerino Jul 19 '11 at 13:18
No no, don't say `isset($HTTP_COOKIE_VARS['session']))` -- you have no idea what the session cookie is called! Stop thinking about cookies, just think in terms of sessions. Forget that there are cookies altogether. – Kerrek SB Jul 19 '11 at 13:23

Maintain a PHP session_start() with cookies

5 Answers5

Linked