Variables $_SESSION reset after reloading PHP page

Question

Variables $_SESSION reset after reloading PHP page

Asked 7 years, 9 months ago

Viewed 2,837 times

1

Hello. I’m trying to perform a very simple login system with Session and I’m not able to keep the $_SESSION variables saved, because they get lost every time you have Reload on the page.

My index.php

 <?php
    session_start();
    if(isset($_POST["login"])){
        $_SESSION["autenticado"] = true;
    }
?>  
<html>
    <head>
        <?php include("header.php"); ?>
    </head>
    <body>
        <?php 
        include("cabecalho.php");
        include("corpo.php");
        include("rodape.php");
        ?>
    </body>
</html>

Inside the.php header there is the function that checks login and etc. When I use the login function, Session works normally, but when I reload the page, or use some function that sends me back to index.php (that gives include everything again) the variables $_SESSION["authenticated"] is void.

Why is this happening? What should I do for variables to continue with their values even if reloading the page?

PS: only has session_start() in index.php because it gives include on all other pages and every time you load a new page, it goes through index.php, so there will always be session_start before anything else.

What is the rest of the code? Can you post it? Maybe you have something in the login function that is affecting the operation.

– Woss

2017/02/03 at 12:36

1 answer

Browser other questions tagged php session

You are not signed in. Login or sign up in order to post.

by Antonio Alexandre • **3,281** points · Answer 1 · 2017-02-03T14:36:11+00:00

You will need to give session_start() on all protected pages, with a fragment of the type:

<?php
    session_start();
    if(!isset($_SESSION["autenticado"]))
    {
         header("Location: login.html")
    }
?>

If no variable exists $_SESSION["autenticado"] in the session, redirects to the login page that has a login form. The action of this form checks the validity of the login data and if the login is successfully performed, you must create this variable $_SESSION["autenticado"] and redirect to the protected page.

Example login with PHP using Session

index php.

<?php

session_start();

if(!isset($_SESSION["autenticado"]))
{
    header("Location: login.html");
}
else
{
    header("Location: protegida1.php");        
}

This is the input page. It checks if the user is already logged in. If sent to the internal page of the system, if not, send the user to the login form.

login.html

<h2>Por favor, efetue o login para acessar o sistema</h2>

<form action="processa_login.php" method="post">

    Login: <input type="text" name="login"><br>
    Senha: <input type="password" name="senha">

    <input type="submit" value="Logar">

</form>

login.html is a form that sends the login data to be verified by the script process_login.php. Note that the form has the method post and the following script will use $_POST to verify the data sent. Use login equal to test and password 12345 to test.

processa_login.php

<?php

if(!isset($_POST["login"]) || !isset($_POST["senha"]))
{
    header("Location: login.html");
}

if($_POST["login"]=="teste" && $_POST["senha"]=="12345")
{
    session_start();
    $_SESSION["autenticado"] = true;
    
    header("Location: protegida1.php");
}
else
{
    header("Location: login.html");    
}

They are checked first if the login variables have been sent. It is then checked whether the login and password pair indicate a valid login. If it is a valid login, start the session, create the $_SESSION["authenticated"] variable and send it to the protected page1.php, otherwise it goes back to the login form.

protegida1.php

<?php
    session_start();
    if(!isset($_SESSION["autenticado"]))
    {
        header("Location: login.html");
    }
?>  
<h2> Página protegida 1</h2>

<p>Lorem ipsum dolor sit amet.</p>

<a href="protegida2.php">Ir para a página protegida 2</a>
<br><br>
<a href="deslogar.php">Sair do sistema(logoff)</a>

This is the first page on the system after login. If a user tries to access this page directly without first logging in correctly, they will be redirected to the login form.

protegida2.php

<?php
    session_start();
    if(!isset($_SESSION["autenticado"]))
    {
        header("Location: login.html");
    }
?>  
<h2> Página protegida 2</h2>

<p>Lalala lerolero lolololol.</p>

<a href="protegida1.php">Voltar para a página protegida 1</a>
<br><br>
<a href="deslogar.php">Sair do sistema(logoff)</a>

protegida2.php is another protected page just to show that login is maintained.

offset.php

<?php

// Limpa a sessão 
session_unset();
session_destroy();
session_write_close();
setcookie(session_name(),'',0,'/');
session_regenerate_id(true);    

header("Location: login.html");

This session clear code is actually a cake recipe to kill the user session.

If that answer has helped you, mark it as accepted and give +1 to give me reputation points.

Any questions let’s talk down here in the comments.

A big hug.