Why $_SESSION is not accessible on another page

Question

Why $_SESSION is not accessible on another page

Asked 6 years, 3 months ago

Viewed 671 times

1

On my site I have a profile page, when the user logs in he is redirected to the page perfil.php, this login is performed on the page entrar.php.

So on the page enter I have:

enter php.

<?php include "controller/functions.php";?>
<?php include "controller/db_ss_user_entrar.php";?>
<?php include "view/doctype.php";?>
<html>
    <?php include "view/head.php";?>
    <body>
        <?php include "view/header.php";?>
        <div id="content">
            <?php include "view/wrap_entrar.php";?>
        </div>
            <?php include "view/footer.php";?>
        <script src=js/entrar.js></script>
    </body>
</html>

The relevant file for login is db_ss_user_entrar.php. The section related to session is indicated in the code below:

db_ss_user_log in.php

<?php
include 'db_conect.php';
$place_email = "Insira um email";
$place_senha = "Insira uma senha";*/
$email_place = "Insira um email";
$email_err = "";
$senha_place = "Insira uma senha";
$senha_err = "";
$error = 0;
if($_SERVER["REQUEST_METHOD"] === "POST")
{       $value_email =  mysqli_real_escape_string($con, preg_replace('/\s+/', '', $_POST['email']));
        if(empty($_POST["email"]) || 
                $value_email === "" || 
                $value_email === "Email inválido" || 
                !preg_match("/^([\w-]+(?:\.[\w-]+)*)@((?:[\w-]+\.)*\w[\w-]{0,66})\.([a-z]{2,6}(?:\.[a-z]{2})?)$/i",$value_email))
        {       $value_email = "Email inválido";
                $error++;
        }else
        {       $value_email = mysqli_real_escape_string($con, preg_replace('/\s+/', '', $_POST['email']));
        }
        $value_senha = mysqli_real_escape_string($con, $_POST['senha']);
        if(empty($_POST["senha"]) || 
                !preg_match("/^\S*$/",$value_senha))
        {       $place_senha = "Senha inválida";
                $error++;
        }else
        {       $value_senha = mysqli_real_escape_string($con, $_POST['senha']);
        }
        if($error !== 0)
        {       return false;
        }
        $sql = "SELECT input_nome,input_email,input_tel,input_senha,user_id,img_perfil FROM form_user WHERE input_email = '$value_email' AND input_senha = '$value_senha'";
        $result = $con->query($sql);
        $linha = $result->num_rows;
        if($linha != 1)
        {       $error++;
                $value_email = "Email inválido";
                $value_senha = "";
                $place_senha = "Senha inválida";
                $con->close();
                return false;
        }else //<-----------------Aqui começa o trecho relativo a sessão
        {       $row = $result->fetch_object();
                session_start();
                $_SESSION['ss_nome'] = $row->input_nome;
                $_SESSION['ss_email'] = $row->input_email;
                $_SESSION['ss_id_user'] = $row->user_id;
                $_SESSION['ss_tel'] = $row->input_tel;
                $_SESSION['ss_s_user'] = $row->input_senha;
                if(($row->img_perfil) === "")
                {   $_SESSION['ss_img_perfil'] = "img/icon_perfil_bluegrey.svg";
                }else
                {   $_SESSION['ss_img_perfil'] = $row->img_perfil;
                }
                header('location:perfil');
        }
}
?>

So far all goes well the user is redirected to the profile page and giving a var_dump($_SESSION), i see that session has the data I need.

The problem occurs on the profile page that has a link that allows the user to edit the profile:

<a href="editar-perfil" class="btn_fImob">Editar Perfil</a>

Then on the page editar-perfil.php I have the following code:

<?php include "controller/functions.php";?>
<?php include "controller/security.php";?>
<?php include "controller/db_select_user.php";?>
<?php include "view/doctype.php";?>
<html>
    <?php include "view/head.php";?>
    <body>
        <?php include "view/header.php";?>
        <div id="content">
            <div id="content_perfil">
                                <?php include 'view/wrap_perfil_edit.php';?>
            </div>
        </div>
            <?php include "view/footer.php";?>
    </body>
</html>

The problem is that when redirected from the page perfil.php for editar-perfil.php, the session variable gets null and automatically redirects to enter, the code that does this is from the file security.php:

security.php

<?php
session_start();
if(empty($_SESSION['ss_email']))
{       session_destroy();
        unset ($_SESSION['ss_email']);
        header('location:entrar');
}
?>

That is the session data is not being passed to the page editar-perfil.php, and I don’t understand why.

Could you check the page editar-perfil.php before include a Session exists with var_dump

– Sam

2018/03/16 at 00:34
@dvd thanks for your attention, come zaio.

– MagicHat

2018/03/16 at 00:52
Actually, it wouldn’t matter, because session_start(); it’s inside include ;/

– Sam

2018/03/16 at 00:54
Maybe doing the var_dump after the includes

– Sam

2018/03/16 at 00:55
@dvd even I taking out the other includes (commenting on the lines) and putting on top session_start() in the archive editar-perfil If it’s empty... it’s a blow

– MagicHat

2018/03/16 at 00:56
Complicated... maybe a more "raw" test... backs up the page editar-perfil.php and empty it all and just leave session_start and var_dump to see if it’s going empty... if it’s going full, it’s some trouble code

– Sam

2018/03/16 at 01:05
With my head full it was working, I can’t imagine what it might be

– MagicHat

2018/03/16 at 01:19
Have some framework working behind or it’s all neat ?

– Isac

2018/03/16 at 02:57
Thanks for the attention @Isac is pure...

– MagicHat

2018/03/16 at 04:35
I would start by doing some sanity tests. Testing a var_dump from the top session and browse multiple pages to see if it stays on some/all/none pages. Then confirm if the warnings are active, because if you have inactive you may not be seeing a headers already sent that will make the session not work. That would be the case if you were writing any strange characters before session_start or directly or through the inclusion of another file.

– Isac

2018/03/17 at 09:47

Show 5 more comments

1 answer

Browser other questions tagged php session

You are not signed in. Login or sign up in order to post.

by Adelino Vasconcelos • 76 points · Answer 1 · 2018-03-16T13:32:45+00:00

I use this code for the $_SESSION

    if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";

function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 

  $isValid = False; 

  if (!empty($UserName)) { 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && true) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}

$MM_restrictGoTo = "../index.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0) 
  $MM_referrer .= "?" . $_SERVER['QUERY_STRING'];
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}