Session values do not appear

Asked

Viewed 424 times

1

Each user has a login with email and senha.

I can log in and receive user session values such as username and the idade.

In other user accounts, after login success, I don’t receive any value from session variables, but if I do Print_r ($_SESSION); I can see that there are data in $_SESSION. Any hint?

In the database users are correct.

login.php

<?php 
include('init.php');
$em = $_POST['txtemail'];
$pw = $_POST['txtpassword'];


$pdo = new PDO('mysql:host=localhost;dbname=teste', 'teste', 'teste'); 
$stmt = $pdo->prepare('select * from user where email = :email and senha =    :senha'); 

$stmt->execute(array(
   ":email" => $em,
   ":senha" => $pw,
));
if ($stmt->rowCount() > 0){
$linha = $stmt->fetch(PDO::FETCH_ASSOC);

$_SESSION['email']=$linha['email'];
$_SESSION['username']=$linha['username'];
$_SESSION['id']=$linha['id'];
$_SESSION['last_login']=$linha['last_login'];
$_SESSION['nlog']=$linha['nlog'];

header("location: ../portal/index.php");
}
else //CASO NÃO COINCIDAM
{

header("location: ../index.php?erro=1");
}



?>

init.php

<?php 
session_start();

//CONN DB
include('conn.php');
if(!isset($_SESSION['start_login'])) { 
 $_SESSION['start_login'] = time(); 
 // adiciona 30 segundos ao tempo e grava em outra variável de sessão
 $_SESSION['logout_time'] = $_SESSION['start_login'] + 30*60; 

}
// se o tempo atual for maior que o tempo de logout
if(time() >= $_SESSION['logout_time']) { 
header("location:php/logout.php"); //vai para logout

} else {
 $red = $_SESSION['logout_time'] - time(); // tempo que falta
 //echo "Início de sessão: ".$_SESSION['start_login']."<br>";
 //echo "Redirecionando em ".$red." segundos.<br>";
}
?>

At the top of the reserved pages I have:

<?php 
include('php/init.php'); 

if (!isset($_SESSION['id'])) //SE n EXISTIR AUTENTICAÇÃO
{
header("location: ../index.php?erro=1");
}
//Print_r ($_SESSION);
?>
  • What var_dump($_SESSION) displays (after authenticating)?

  • 2

    Not related to the question, but there are a number of basic problems in your code that I would suggest tidying up first of all: first, use open password directly in DB, another is the fully open system for SQL Injection, anyone erases their entire DB easily the way it is. Another thing is that the die() are missing after all the Location header. Other than that, the Location header is malformed. It even works like this, but only because the browser makes an "effort" to interpret. They are small details, but not letting this kind of thing pass is one of the requirements of a professional.

  • For a good part of the problems mentioned have answers on the site, it would be nice to give a read, and any doubt, leave a comment or question.

  • @Guilhermebirth the session variables username, id, email

  • But var_dump displays exactly what?

  • With var_dump I can see all session values.

  • @Bacco Thanks for the tips, I was able to correct the connection to the database. Another time I will review the header location

  • @Davidconcha header is easy, just hit spaces, uppercase and lowercase, and use PHP variables to mount the full path: Location: //seusite.com/caminho/ - avoid relative paths. About Injection, there are solutions here on the site itself. Search for Injection or Prepared statements you will find some examples.

Show 3 more comments

1 answer

2


Whenever you are ordering some session data you should give one session_start() before. Ex:

session_start();
if(!isset($_SESSION['user'])){
   header("Location:index.php?error=denied");
} 

Whatever you are going to authenticate, recover a session data, change it or even destroy the session, before you should use the method session_start() on all pages you will use session data

  • Thanks for the answer, the init.php file already contains the session_start()

Browser other questions tagged

You are not signed in. Login or sign up in order to post.