Session is set, but not working after going to another page just at first time

Question

I have a login.php and a few pages for userarea. After login, it works and it goes to user.php and I use some $_SESSION variables to show the name and username. It works, also my $_SESSION variables are set at first time too and it will stay on the user.php.

But when I go to another page of userarea, it returned me to login.php, but if I login again, then it is OK and no problem and I can go to different pages without problem. Why?

I tried these things:

I changed $_SESSION['log_in'] from boolean to string or use another session like $_SESSION['username'] for !isset($_SESSION['username']) (top of each pages). This username session will be show in the user.php but after that I go to another page doesn't work.

I have session_start() top of every page.

<?php
session_start();
if(!isset($_SESSION['log_in'])){
   header("Location: login.php");
}
// I have this code top of every page.
?>

This is login.php:

<?php
   session_start();
   if(isset($_SESSION['log_in'])){
   header("Location:user.php");
}
    if( password_verify($_POST['password'],$user['password'])) {
        $_SESSION['name'] = $user['name'];
        $_SESSION['email'] = $user['email'];
        $_SESSION['username'] = $user['username'];

        //to know is user login or not
        $_SESSION['log_in'] = TRUE;
        echo "<meta http-equiv=Refresh content=2;url=user.php>";
        //if I user header("Location: user.php") it doesn't go to user, but with meta it goes to user.php
?>

This is user.php:

<?php
session_start();
if(!isset($_SESSION['log_in'])){
   header("Location: login.php");
}
// this is top of my user.php and top of another pages too.
?>

This is logout:

<?php
session_start();
if(isset($_SESSION['log_in'])) {
    session_unset();
    session_destroy();
    header('location: login.php');
} else {
    session_unset();
    session_destroy();
    header('location: http://www.mywebsite.com');
}
// this is my logout.php
?>

I don't get any error, and I have another session part too for admins, but I wrote totally different session, for example $_SESSION['admin_log_in'] it has just one page and it works good.

Please identify the names of the script files you are showing us? — RiggsFolly, Jun 01 '19 at 19:21
(Meta-note: I have repaired around 50 errors in this post. If you can double-check prior to posting, that will improve the chance of a better reception here, as well as reducing the workload on volunteer editors. Use the built-in spell-checker in your browser. Note that questions here are forever, and not just answered for their original author.) — halfer, Jun 01 '19 at 19:37
You've mentioned `$_session` several times, but this superglobal array is upper case. You seem to have written it correctly in your code - it would be best to correct this in your paragraph copy too. — halfer, Jun 01 '19 at 19:39
Weird question: Why do you have circular header calls? Not familiar enough `header()` to know if that's causing the problem for sure, but that doesn't feel right to me. — , Jun 01 '19 at 20:02
i should write header("Location: login.php")in each page of userarea,if he is not logged in,he should be redirected to login. — Navidms, Jun 01 '19 at 20:19

halfer · Answer 1 · 2019-06-05T21:22:10.817

I just spotted the problem - this is an enormously tricky issue to debug.

This is one of your code snippets, with an extra line of code - the exit:

<?php
session_start();
if(!isset($_SESSION['log_in'])){
   header("Location: login.php");
   exit();
}
// this is top of my user.php and top of another pages too.
?>

So, what is happening here?

The header() call queues up an HTTP header to be sent to the browser - it may be sent immediately or it may be sent once HTML input is emitted by your program (since you are not explicitly flushing this information, we don't know exactly when it will be sent).

The important thing to note is that when you call header(), your PHP script carries on executing. You have not told it to stop. So, it will do a bunch of things you did not expect.

At some point, the browser will receive the Location header, and will terminate the connection, and in most web server configurations, PHP will stop executing, since your web server is in control of the PHP interpreter. Thus, you have a race condition between the browser terminating the connection and your script getting to the end; what gets executed in the script will probably vary from one run to another. This will depend partly on network latency - a slower network connection will allow the script to get further before it is terminated.

Ensuring that you stop the script immediately after the header call, or at least exiting deliberately and gracefully, will resolve this.

score 0 · Accepted Answer · answered Jun 01 '19 at 21:59

0

(Posted on behalf of the question author).

I should open my website "www.".

answered Jun 01 '19 at 21:59

halfer

19,824
17
99
186

Navidms, I have added your answer in the answer space - we do not edit solutions into questions here. I would recommend that you expand upon your solution (either by editing this answer or posting your own); currently it is not particularly understandable and it may be deleted. – halfer Jun 01 '19 at 22:01
The advice I have given in my own answer still stands, and needs to be taken for your Location redirects, even if you believe you have solved the problem. – halfer Jun 01 '19 at 22:02
you mean,that i should write exit() after header in top of each pages? – Navidms Jun 02 '19 at 09:57
Yes @Navidms, that is what my answer says `:-)` – halfer Jun 02 '19 at 09:59

Session is set, but not working after going to another page just at first time

2 Answers2