I have a very simple session-based login system in PHP. I have used similar systems a lot in the past and there was never any problem. However, now I'm running into a very strange occurrence - when I type in my username and password for the first time, nothing happens. But when I type it for the second, third, and every consecutive time, it works fine!
Let me illustrate with two files. In index.php I have a standard login form:
<form id="lform" action="login.php" method="post">
<table cellpadding='1' cellspacing='0'>
<tr>
<td width='60'>
EMAIL<br/>(or Username)
</td>
<td width='120'>
<input type="text" name="email" id="l_email" class="keylog" />
</td>
</tr>
<tr>
<td>
PASSWORD
</td>
<td>
<input type="password" name="password" id="l_password" class="keylog" />
</td>
</tr>
</table>
<!-- submit button, forgotten-password etc go here, not really relevant -->
</form>
As you see, it submits to login.php. In that file, I first check the username and password against the DB. If it checks out (and it does check out correctly) then this happens:
//get the user's database entry in an array named $row
//create session variables
$_SESSION['username']=$row[username];
$_SESSION['user_id']=$row['id'];
$_SESSION['user_level']=$row['account_type'];
//store login in database
mysql_query("update members set last_login='$today' where id='$row[id]' ");
mysql_query("insert into login_log set member_id='$row[id]' ");
//redirect back to index.php
header("location: ".$url."en/index.php");
exit;
At this point, everything seems fine. The MySQL queries execute correctly, saving the login into the database. If I do var_dump($_SESSION) here (instead of redirecting back) it prints out the session array including all the variables I have set above. So here the session exists, and it looks like:
array(3) { ["username"]=> string(9) "monsignor" ["user_id"]=> string(1) "2" ["user_level"]=> string(1) "2" }
The problem occurs after the redirect. In the top of index.php I have placed:
session_start();
var_dump($_SESSION);
Here (after the first login) the var_dump just shows array(0) { }! It's like the session gets destroyed during the redirect for some reason.
What's even stranger is that, if I now proceed to type my username/password again and submit the form, after the redirect it shows the correct session values in index.php:
array(3) { ["username"]=> string(9) "monsignor" ["user_id"]=> string(1) "2" ["user_level"]=> string(1) "2" }
From this point on, the login session remains active and works fine.
So, to sum up, after the first login attempt, the session variables seem to disappear between the login script and the page it redirects to, but on every consecutive attempt it works fine! Then, if I don't log in for a couple of hours (I haven't timed it exactly), the first next attempt doesn't work again, the second one does etc.
I hope someone can help me out here because I am stumped by this.
EDIT:
Here is the full code of login.php and index.php, I put it on pastebin because it's too large to display nicely here.
EDIT Pt 2:
When I open index.php, then try to log in for the first time, the above problem happens. But when I open index.php, reload the page once, then try to log in for the first time, it works. So the problem isn't with the redirect, it's something to do with the page itself.
