PHP session not starting login form

Question

I have a user login that is not starting the session and therefore users can't login. In page 2 I tried echo $_SESSION['email']; to see if the session variable was being passed and nothing appeared.

I doubled checked phpmyadmin and the format of the database and it's columns is correct as well as the data these forms are looking for.

Edit: all code is in the hs folder. there is NO whitespace before either of the session_start();

Page 1:

    <?php
    session_start();
    include '../hs/connect.php';

$email = mysqli_real_escape_string($con, trim($_POST['email'])); 
$password = mysqli_real_escape_string($con, $_POST['password']);

 // echo $email  when i tested these variables they returned the correct values
 // echo $password

$sql="SELECT * FROM users WHERE email='$email' and password='$password'";
$result=mysqli_query($con,$sql);

$count=mysqli_num_rows($result);
if ($count==1){

$_SESSION['email'] = $email;

echo '<meta http-equiv="refresh" content="0;url=/hs/nextlogin.php">';
}
else{

echo '<meta http-equiv="refresh" content="0;url=/hs/hs.php">';
}
?>

The page that the above one redirects to (page 2):

<?php
session_start();
if (!isset($_SESSION['email'])) {


die("Please login <a href='../hs/hs.php'>here</a>");  //this keeps appearing even though I entered the correct login data
}

?>

Why do you echo the variable when the `if` just told you that it's not set? — Barmar, Sep 11 '14 at 22:50
In the second script you have `if(!isset($_SESSION['email']))`. SO the variable isn't set, and on the next line you try to echo it. — Barmar, Sep 11 '14 at 22:53
@user176105 he's talking about this part `if (!isset($_SESSION['email'])) { echo $_SESSION['email']; }` if the variable isn't set, it can't echo it. — iam-decoder, Sep 11 '14 at 22:53
Why do you call `session_start();` twice in the same script? Also, ***don't store user passwords in plain text***. It's ***grossly irresponsible*** to your users. — David, Sep 11 '14 at 22:53
What directory is the first script in? If it's not in `/hs/`, it doesn't share a session with the other script by default. — Barmar, Sep 11 '14 at 22:54
@David thanks for the tip. ill add that later. i just need to fix the login problem first — user176105, Sep 11 '14 at 22:58
Does `var_dump($_SESSION)` show anything in the second script? — Barmar, Sep 11 '14 at 22:59
Make sure the first script doesn't produce ANY output before calling `session_start()`. Not even blank lines or spaces. Make sure the ` — Barmar, Sep 11 '14 at 23:00
Make sure you have error reporting enabled, or check your PHP error log for warnings. — Barmar, Sep 11 '14 at 23:01
Are there any warnings in the PHP log? Specifically, watch for _headers already sent_. — Barmar, Sep 11 '14 at 23:03
Why you don´t use header("Location: hs/nextlogin.php"); instead of html redirect? — Zini, Sep 11 '14 at 23:04
@Zini could you post an answer with that code. im not sure where to put it. sorry for being an ameteur. — user176105, Sep 11 '14 at 23:07
Try to put Limit 1 in your SQL Select query because you can have more than one result with same email and password, maybe it is the problem. You only set the session if you have only one(`if ($count==1)`). — Zini, Sep 11 '14 at 23:09
@Barmar this was the result of the var dump: `array(0) { }`. also how do i check the php log? — user176105, Sep 11 '14 at 23:09
@user176105: `"ill add that later"` "We'll fix it later" is the most pervasive and most destructive delusion (or lie) told in the software development industry. Don't do things wrong with the intention of maybe changing them later. Do things right. — David, Sep 12 '14 at 12:39

score 1 · Accepted Answer · edited Jun 20 '20 at 09:12

1

Solution:

By googling "ipage session not working" I found this: http://www.ipage.com/knowledgebase/read_article.bml?kbid=600

To run PHP sessions, include the following code at the top of any PHP script that uses sessions:

session_save_path("your home directory path"/cgi-bin/tmp); session_start();

To find "your home directory path": Log into the PHP Scripting page for actual path to your home directory. Replace "your home directory path" with the path shown. Set session_save_path to a directory within your cgi-bin: either /cgi-bin/tmp as in the example above or another directory as long as the absolute path is correct.

The problem is that the process running PHP on the server does not have the privileges to write to the global session folder. You should follow the directions provided by your webhost, and if that doesn't solve your issue, I suggest opening a ticket at their support system.

Older suggestions for future reference:

For some reason the $_SESSION is not carrying over after the redirect. Here's a checklist of things that could be wrong, but here's a few key points to check:

Check that you are indeed redirected to "nextlogin.php", ie. that $count is indeed 1. I know this sounds like a silly thing, but sometimes these mistakes happen.
Check that you have cookies enabled in your browser.
Try changing the redirect to header('Location: http://myhost.com/hs/nextlogin.php');
Make sure you're outputting all errors. There might be some clues there as to why the session is not being saved.

Besides those suggestions I'd need more info to come up with other potential solutions.

Edit 1: to turn on error reporting on just these pages, add these two lines to the top of the pages, just after the php opening tag:

error_reporting(E_ALL);

ini_set('error_reporting', E_ALL);

Edit 2: As barmar noted in the comments, please make sure there's is absolutely nothing in the file before <?php, not even spaces. It could also be a problem in the session handling itself. Have you made any modifications to the session handling in php.ini?

edited Jun 20 '20 at 09:12

Community

1
1

answered Sep 11 '14 at 23:11

Schlaus

18,144
10
36
64

i checked 1-3. how can i turn on errors in these page only (without changing php.ini config files? – user176105 Sep 11 '14 at 23:15
i added the error reporting code and no errors came up – user176105 Sep 11 '14 at 23:25
there is NO whitespace before ` – user176105 Sep 11 '14 at 23:37
another good idea is to use `set_ini("register_globals","Off");` to avoid side effects between your email variables.. All these `set_ini` should be below the `session_start` but in the start of code. Set_int can overright some `php.ini` sets this related by @Schlaus and this I show you are some of them. – Zini Sep 11 '14 at 23:37
@Zini Shouldn't they be before the session_start to display possible errors arising from that statement? – Schlaus Sep 11 '14 at 23:39
@Schlaus Actually not, because `session_start` must be the first command to a session works. – Zini Sep 11 '14 at 23:42
@Zini That's not exactly true. From the PHP manual: "To use cookie-based sessions, session_start() must be called before outputing anything to the browser." So only statements that output something can't go before `session_start()`. – Schlaus Sep 11 '14 at 23:45
@user176105 I posted the code with the all suggested configs in your code. And Schlaus you are right, but is a good pratice to do this, once you can have a whitespace inside your include files and don´t know about, very common it happen actually. – Zini Sep 11 '14 at 23:53
@Zini You are absolutely correct that `session_start()` should be as close to the top as possible, but to catch errors related to it you need to have the error reporting commands before it. Otherwise they have no effect to it. – Schlaus Sep 12 '14 at 00:06

score 0 · Answer 2 · answered Sep 11 '14 at 23:13

About the idea of limit the results you can use this query:

$sql="SELECT * FROM users WHERE email='$email' and password='$password' LIMIT 1";

And about the redirect you can try to use this:

if ($count==1){

$_SESSION['email'] = $email;

  header('Location: "hs/nextlogin.php"';
}
else{
  header('Location: "hs/hs.php"';    
}

Zini · Answer 3 · 2014-09-11T23:55:48.223

0

To debug properly try this:

<?php
    session_start();

    error_reporting(E_ALL);

    ini_set('error_reporting', E_ALL);
    ini_set("display_errors","1");
    ini_set("register_globals", "Off");

    include '../hs/connect.php';

    //...
    //the  rest of code here.

edited Sep 11 '14 at 23:55

answered Sep 11 '14 at 23:50

Zini

909
7
15

when i use this code i get an internal server error. also my php editor did not recognize the set_ini( prefix – user176105 Sep 11 '14 at 23:52
this is the result of the warnings on page 2: `Warning: Unknown: open(/var/php_sessions/sess_c60947b236a447e11627b29d02c4020a, O_RDWR) failed: No such file or directory (2) in Unknown on line 0 Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/php_sessions) in Unknown on line 0` – user176105 Sep 11 '14 at 23:58
Like said here: http://stackoverflow.com/questions/18981778/var-php-sessions-not-being-recognized . In this case you need support of your Host Provider guys, it should be a problem about /var/php_sessions existence or permission. Your session can´t be saved in the session files because of it and consequently you have nothing in the `$_SESSION` array. – Zini Sep 12 '14 at 00:02

PHP session not starting login form

3 Answers3