Skip to content
Advertisement

PHP Session not working no matter what – However other website works

Basically just making some back-end for my portfolio, in pretty early days right now so the code is messy and a lot of playing around still.

I had sessions working but now they’re not.

My website is set up like so: portfolio, then sub folder for my back end. It contains an index.php (which I log in through) then its supposed to load dashboard.php and pass in the session (which should pass in that im logged in) then load all of the dashboard.

However it loads “You are not logged in” the weird thing is.. if i purposely type in an incorrect password on the index.php, it STILL loads dashboard.php and says “you are not logged in” instead of just echoing “please try again”

My index.php: http://pastebin.com/eCzxUCkY Dashboard.php: http://pastebin.com/waJ2HAXA

Thought it may be neater to post them there instead.

Please help 🙁 I’ve restarted my pc, cleared my cache, done everything. It won’t work locally, and it wont work on my host. HOWEVER i do have another site running all the same stuff and it still works. So i feel like its something in my actual code 🙁

Advertisement

Answer

Try this. I added some extra error checking.

On your log in page replace this

<?php
session_start();
if (isset($_SESSION["username_login"])) {
    $username = $_SESSION["username_login"];
    $loggedIn = true;
}

with this

<?php
session_start();
if (isset($_SESSION["username_login"]) && $_SESSION["username_login"] != '') { // does the session exist and if so, does it have a value
    $username = $_SESSION["username_login"];
    $loggedIn = true;
} else {
    $_SESSION['username_login'] = NULL; // empty the session value
    unset($_SESSION['username_login']); // kill the session
    $loggedIn = false;
}

On your dashboard, replace this

<?php
session_start();
    $username = $_SESSION["username_login"];
    $loggedin = true;
}
?>

with this

<?php
    session_start();
    if (isset($_SESSION["username_login"]) && $_SESSION["username_login"] != '') { // does the session exist and if so, does it have a value
        $username = $_SESSION["username_login"];
        $loggedin = true;
    } else {
        $_SESSION['username_login'] = NULL; // empty the session value
        unset($_SESSION['username_login']); // kill the session
        $loggedin = false;
    }
?>

session_destroy() does not “kill” a session. It’s equivalent to $_SESSION['something'] = ''. The session is still alive, it’s just empty.

To completely kill a session you have to “unset” it.

References

session_destroy()

unset()

User contributions licensed under: CC BY-SA
9 People found this is helpful
Advertisement