0

I made a simple login application that gets the user's email and password. No matter what their credentials are, the application is just echoing the credentials in the homepage. Now, I've encountered a problem regarding the session when it comes to mobile. This is the code from the login page:

<?php

    $username = 'rb';
    $password = 'password';

    if(isset($_POST['enter'])){
        
        session_start();
        $_SESSION['username'] = $_POST['username'];
        $_SESSION['password'] = $_POST['password'];
        header('Location: home.php');

    }

?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Document</title>
</head>
<body>
    
    <form action="#" method="POST">

        <input type="text" name="username" />
        <input type="password" name="password" />
        <input type="submit" name="enter" />

    </form>

</body>
</html>

And this is the home page:

<?php

    echo 'Home';
    session_start();
    
    if(isset($_SESSION['username'])){
        echo $_SESSION['username'];
        echo $_SESSION['password'];
    }else{
        echo 'Error';
    }
    

    if(isset($_POST['logout'])){
        session_destroy();
        header('Location: login.php');
        die();
    }

?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Document</title>
</head>
<body>
    <form action="#" method="POST">
        <input type="submit" name="logout" value="Logout"/>
    </form>
</body>
</html>

The problem is that session variables don't persist when redirected to the homepage. In desktop, it works fine but in mobile, it shows Undefined index error which means the session variable doesn't exist. What might be the problem? As I've tested, this code works and session persists:

<?php

    echo 'Home';
    session_start();

    if(isset($_SESSION['username'])){
        echo $_SESSION['username'];
        echo $_SESSION['password'];
    }else{
        $_SESSION['username'] = 'This is the username';
        $_SESSION['password'] = 'This is the password';
        echo $_SESSION['username'];
        echo $_SESSION['password'];
        echo 'Error';
    }


    if(isset($_POST['logout'])){
        session_destroy();
        header('Location: login.php');
        die();
    }

?>

Edit: I've tried session_start() at the beginning of each php file and it also didn't work.

Edit 2: I've already solved it. The problem is that my connection is too secure that my session id is changing on mobile every instance of a webpage. I managed to get a unique and static session id for a certain period of time. Thanks to those people who participated to answer.

Rb Onairam
  • 5
  • 2

3 Answers3

0

First, session_start() should be at the first line of each code. Don't echo anything before session_start()

Therefore, remove the session_start() inside the if() {...} block and put them at the very top of the page

Bhad Guy
  • 80
  • 7
  • The `session_start()` inside the `if`-block isn't an issue since it doesn't actually output anything before that. – M. Eriksson Jul 25 '21 at 09:15
  • Header functions must come before any outputs. What are you saying? – Bhad Guy Jul 25 '21 at 09:18
  • Yes, and if you look at their code where they have their `session_start()` inside the `if`-block (login.php), they don't have any output before it so moving that one won't have any effect. – M. Eriksson Jul 25 '21 at 09:20
  • It also didn't work. I've also tried putting it on its own php file and import it on those pages, it also didn't work. – Rb Onairam Jul 25 '21 at 09:34
0
<?php
session_start();

//Verify post variables
if(isset($_POST['username') && isset($_POST['password')) {
   $username = trim(addslashes($_POST['username']));
   $password = $_POST['password'];


   //You don't want empty fields
   if(empty($username) || empty($password)) die('Some info is empty');

   //After working with variables
   //set session
   $_SESSION['username'] = $username;
   $_SESSION['password'] = $password;
   

   //Session is set and live
}
?>

On the home page You can retrieve the sessions like this

<?php
session_start();

//Check previous session data
if(!isset($_SESSION['username']) || empty($_SESSION['username'])) die('Error');
if(!isset($_SESSION['password']) || empty($_SESSION['password'])) die('Error');

//Get sessions values
$username = trim($_SESSION['username']);
$password = $_SESSION['username'];

?>
Bhad Guy
  • 80
  • 7
  • It errors. The session variables can't make it to the home page. I've noticed that when I initialize a session variable in the home page, I can only use that variable on that current page. I've tried making another page and it really didn't pass the variable which must be a global one right? – Rb Onairam Jul 25 '21 at 10:29
0

I've already solved it. The problem is that my connection is too secure that my session id is changing on mobile every instance of a webpage. I managed to get a unique and static session id for a certain period of time by manipulating session_id() function. Thanks to those people who participated to answer.

Rb Onairam
  • 5
  • 2