Why is $_SESSION cleared on redirect

php
#1

I have a login page that redirects to home.php if the username and password entered are valid. However, upon redirecting, the $_SESSION is cleared, which is an issue as the user_id has to be set to actually use the site. Can anyone explain why my session is being cleared, and if there is a way to fix it or—if this is intended—how get around it?

login.php:

<?php
require realpath($_SERVER["DOCUMENT_ROOT"]) . "/myfunctions.php";

if(!isset($_SESSION))
{
    session_start();
    $_SESSION = $_POST;
}

if (count($_POST) > 0) $_SESSION['LAST_POST'] = $_POST;

//*******************Read Critical Data*************************
$DBH = connect_to_DB(lolno);

//*******************Process user input*************************


if(!isset($_SESSION['login_attempt']))
{
    unset($warning);
} else 
{
    
    $sql = "SELECT `team_id`, `team_username`, `team_password` FROM `team` WHERE `team_username` = :email";
    $data = array("email" => $_SESSION['email']);
    $rows = query($DBH, $sql, $data);
    
    if(!filter_var($_SESSION['email'], FILTER_VALIDATE_EMAIL))
    {
        $warning = 'There is no such password-email combination.';
    } else if(count($rows) < 1)
    {
        $warning = 'There is no such password-email combination.';
    } else if(!password_verify($_SESSION['password'], $rows[0]['team_password']))
    {
        $warning = 'There is no such password-email combination.';
    } else {
        $_SESSION['user_id'] = $rows[0]['team_id'];
        redirect('home.php');
    }

}

//************** Debugging information ***********************
debug('$_POST',$_POST);
debug('$_SESSION',$_SESSION);
debug('$warning', $warning);
debug('$rows',$rows);

if (count($_POST) > 0) $_SESSION['LAST_POST'] = $_POST;


 ?>

  <!--**********************HTML********************************-->

<!doctype html>
<html>
<head>
    <meta charset="utf-8">
    <title>ScoutMe</title>
    <link href="loginstyle.css" rel="stylesheet" type="text/css">
    <link href="https://fonts.googleapis.com/css?family=Comfortaa" rel="stylesheet">
</head>
<body>
    <main>
        <div class="login-box">
            <h1 class="login-label">Log in</h1>
            <form method='POST'>
                <ol class="login-form">
                    <li>
                        <input type="email" name="email" class="form-field" placeholder=" E-Mail" >
                    </li>
                    <li>
                        <input type="password" name="password" class="form-field" placeholder=" Password">
                    </li>
                    <li>
                        <input type="submit" name="login_attempt" value="Log in">
                    </li>
                </ol>
                <?php echo ' <div class="warnings">' . $warning . '</div>' . PHP_EOL; ?>
            </form>
            <div class="bottom-shit"><a id=forgot href='https://assets.bigcartel.com/product_images/222339310/product_image.jpg?auto=format&fit=max&h=1000&w=1000'>Forgot your Password?</a><a href='/register.php' id=register>Register</a></div>
        </div>
    </main>


</body>
</html>

redirect() definition:

	function redirect($location=false)
{
    session_write_close();
	if($location==false) $location = $_SERVER['REQUEST_URI'];
	header('Location: ' . $location);
	exit();
}

Thanks! :slight_smile:

0 Likes

#2

What is also a bit confusing is that I looked at the code of a classmate of mine (he’s also making a webapp right now) and we have the almost the same redirect() function, and he uses it in the same way, but his doesnt delete the session…

his redirect() definition:

function redirect()
{
    header('Location: ' . $_SERVER['REQUEST_URI']);
    exit;   
}
0 Likes