PHP drops session variables on refresh

Question

I am currently learning how to make a login system using PHP. Everything seemed easy at first - I had the input data set as $_SESSION variables and then starting the session on the next page I open. However, as I refresh the page the session is still working but the variable data has been dropped and are unrecognized.

Here is my php which sets the variables:

<?php 
            include ("connection.php"); //connects to the database.

            if(isset($_POST['login'])) 
            {
                $user_name = $_POST['EMAIL'];
                $password = $_POST['PASSWORD'];

                // echo $user_name, " AND ", $password, "<br>";

                $q = "SELECT * FROM ".$table." WHERE EMAIL='".$user_name."' AND PASSWORD= '".$password."' AND IS_ADMIN= 'YES';";
                // echo "<br>",$q,"<br>";
                $r = mysqli_query($conn, $q); 

                if(mysqli_num_rows($r) > 0)
                {
                    if(session_id() == '' || !isset($_SESSION)) 
                    {
                        // session isn't started
                        session_start();

                        echo "<br>GREAT SUCCESS!!!<br>";


                        $_SESSION["SESSION_EMAIL"]= $user_name;
                        $_SESSION["SESSION_PASSWORD"]= $password;  

                        echo $_SESSION["SESSION_EMAIL"], "  ", $_SESSION["SESSION_PASSWORD"];

                        header("Refresh:0; url=\website2.php");
                    }

                } 
                else echo "<br>FAIL!!!<br>";
            }
        ?>

Here is the bit I use to check what happens on the next page:

<?php   
    session_start(); 
    if (session_status() == PHP_SESSION_ACTIVE) 
    {
        echo 'Session is active <br>';
    } else echo"session is ded";
    echo $_SESSION["SESSION_EMAIL"]; // it prints out an error if it screws up here
?>

Your query implies your passwords are plain-text, I'd hash them and also use prepared statement. `session_start` is generally at the top irrespective of where you actually use the sessions. You can use `Location: page` instead of `Refresh: ` if you plan on keeping it at `0`. You should `exit()` after header. — Script47, Mar 06 '19 at 14:09
Yes that is the case on purpose. I just want to have it as plain text and Ill get to cryptography later on as I learn more about webdesign and development. — Jeanie Miflin, Mar 06 '19 at 14:11
Something's off here. Other things equal, you can't output any content before doing a `header` call. You should be getting errors/warning about that. — waterloomatt, Mar 06 '19 at 14:15
In the code that sets the variables try putting your `session_start();` at the very top of the file immediately after the ` — Dave, Mar 06 '19 at 14:15
@waterloomatt I am not getting any errors. @Dave session start is at the top at the beginning of the ` — Jeanie Miflin, Mar 06 '19 at 14:24
Please put `ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL);` at the top of all your files, rerun your test, and then edit your question with the warnings/errors. https://stackoverflow.com/a/21429652/296555 — waterloomatt, Mar 06 '19 at 14:35

score 0 · Accepted Answer · answered Mar 06 '19 at 14:52

<?php 
     session_start();
        include ("connection.php"); //connects to the database.

        if(isset($_POST['login'])) 
        {
            $user_name = $_POST['EMAIL'];
            $password = $_POST['PASSWORD'];

            // echo $user_name, " AND ", $password, "<br>";

            $q = "SELECT * FROM ".$table." WHERE EMAIL='".$user_name."' AND PASSWORD= '".$password."' AND IS_ADMIN= 'YES';";
            // echo "<br>",$q,"<br>";
            $r = mysqli_query($conn, $q); 

            if(mysqli_num_rows($r) > 0)
            {
                if(!isset($_SESSION["SESSION_EMAIL"])) 
                {
                    // session isn't started


                    echo "<br>GREAT SUCCESS!!!<br>";


                    $_SESSION["SESSION_EMAIL"]= $user_name;
                    $_SESSION["SESSION_PASSWORD"]= $password;  

                    echo $_SESSION["SESSION_EMAIL"], "  ", $_SESSION["SESSION_PASSWORD"];

                    header("Refresh:0; url=\website2.php");
                }

            } 
            else echo "<br>FAIL!!!<br>";
        }
    ?>

and on second page check for something like this

<?php   
session_start(); 
if (isset($_SESSION["SESSION_EMAIL"])) 
{
    echo 'Session is active <br>';
    echo $_SESSION["SESSION_EMAIL"];
} else echo"session is ded";
 // it prints out an error if it screws up here
?>

hope this help

or

You can check for other session variable

I would also add !empty($_SESSION['SESSION_EMAIL']) to the 'Session is active' check — Jaakko Uusitalo, Mar 06 '19 at 16:46
yeah may be bt it may produce notice undifined SESSION_EMAIL when this variable is not set... — Mohd Qayyoom Khan, Mar 06 '19 at 16:51
Okay I did what you suggested but it only just verifies me that the sessions drops after a refresh whilst it shouldn't do that. — Jeanie Miflin, Mar 07 '19 at 07:01
As you can read bellow in my answer I have fixed the issue by simply restarting all my server configurations. As a token of gratitude, I believe that selecting your answer will be a apt reward for your efforts and to excuse my silliness. Thank you! — Jeanie Miflin, Mar 07 '19 at 07:40

score 0 · Answer 2 · answered Mar 07 '19 at 07:38

I really hate to say this and I honestly feel that I should have done it earlier but after restarting my XAMPP and PHP server, everything seems to have fixed itself and the session works just right now. Nothing gets dropped now and all transitions between pages is effortless.

For all its worth, I apologise to everyone who's pondered upon this silly question of mine and I would also like to thank them for all their time and effort they put in answering.

Once again, thank you all!

PHP drops session variables on refresh

2 Answers2