Session Variable Resets on Page Refresh

Question

I wish to Update My Session Variable but it's resets everytime I refresh the page, What should I do?

<?php

session_start();  
include_once 'connect.php';

$currID = $_SESSION['user_id'][0];  
$sfName = $_SESSION['user_id'][1];  
$smName = $_SESSION['user_id'][2];  
$slName = $_SESSION['user_id'][3];  

$fullName = $_POST['fullName'];  
list($vfName, $vmName, $lvName) = explode('|', $fullName);

$qEditName = "UPDATE userzavier SET fname='$vfName', mdname='$vmName', lname='$lvName' where ID='$currID'";  
if (mysqli_query($con, $qEditName)) {  
    $sfName = $vfName;  
    $smName = $vmName;  
    $slName = $lvName;  
    echo $sfName . ' ' . $smName . ' ' . $slName;  
   } else {  
    echo "Error updating record: " . mysqli_error($con);  
   }  
   mysqli_close($con);  

?>

I've Updated Session Variable (Array) but it resets when I refresh the page... — Derry, Jun 12 '17 at 03:34

score 0 · Accepted Answer · answered Jun 12 '17 at 17:56

Judging from your script, you are updating in the database, but not updating the session. It would help you to assign names to the key to help it be readable. You should also use an if clause when relying on a $_POST or $_GET. Note, since you are dealing with user-sent data, you should bind parameters on your exploded values (I have not done this in my example, but have supplied link above):

<?php
# Start session
session_start();
# Include database
include_once('connect.php');
# Assign current values
$currID = $_SESSION['user_id'][0];
$sfName = $_SESSION['user_id'][1];  
$smName = $_SESSION['user_id'][2];  
$slName = $_SESSION['user_id'][3];
# Add an if here, this is not always guaranteed
if(!empty($_POST['fullName'])) {
    $fullName = $_POST['fullName'];
    # This explode seems strange, the input sounds like it could be reworked...
    list($vfName, $vmName, $lvName) = explode('|', $fullName);
    # Sql statement, this should have parameters that are bound since you are
    # receiving them from $_POST, which can seriously mess up your database via injection
    $qEditName = "UPDATE userzavier SET fname='$vfName', mdname='$vmName', lname='$lvName' where ID='$currID'";
    # Create query
    if (mysqli_query($con, $qEditName)) {
        # Here is where you need to fix your script
        # Assign the session, not just variable (you really
        # should make the key associative, not numeric. It is
        # easier to read and use if it was $_SESSION['user_id']['first_name'] or similar)
        $_SESSION['user_id'][1] = 
        $sfName                 = $vfName;
        $_SESSION['user_id'][2] = 
        $smName                 = $vmName;
        $_SESSION['user_id'][3] = 
        $slName                 = $lvName;

        echo $sfName . ' ' . $smName . ' ' . $slName;  
    } else {
        #Display Error
        echo "Error updating record: " . mysqli_error($con);  
    }
    # Close connection
    mysqli_close($con);
}

Be sure to mark it correct so the question is not left as unanswered — Rasclatt, Jun 13 '17 at 03:21

Alex Mac · Answer 2 · 2017-06-10T05:33:12.063

-1

Check session status before session_start() try:

        if (session_status() == PHP_SESSION_NONE) {
              session_start();
        }

instead of:

        session_start();

edited Jun 10 '17 at 05:33

answered Jun 10 '17 at 04:13

Alex Mac

278
2
11

thats NOT what session start does – Jun 10 '17 at 04:22
session_start — Start new or **resume existing** session . http://php.net/manual/en/function.session-start.php – Jun 10 '17 at 04:23
Okay sorry, I was basing off this answer https://stackoverflow.com/questions/6249707/check-if-php-session-has-already-started?rq=1 And it seems to be that allowing session_start() to run while a session already exists may cause the issue. So I assumed that it was overwriting it. – Alex Mac Jun 10 '17 at 05:29

Session Variable Resets on Page Refresh

2 Answers2