PHP Not saving $_SESSSION variable after login

Question

First time here. Let's hope this works!

I'm new to PHP and trying to create a site where users have their own page with content they can edit. I got the login system to halfway work. It recognizes usernames and passwords correctly, but it does not seem to be storing the $_SESSION variable. At first I thought it was because I was trying to make the username (itself a variable) the $_SESSION variable, but even when I set it to something absolute, my code to check to see if the user is logged in redirects them to the "you are not logged in" page. Here is my verification php code:

<?php

$host="xxxx.ipagemysql.com";
$username="xxxxx";
$password="xxxxxx";
$db_name="farmers";
$tbl_name="users";

mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

$farmeruser=$_POST['farmeruser'];
$farmerpw=$_POST['farmerpw'];

$sql="SELECT * FROM ".$tbl_name." WHERE farmeruser='".$farmeruser."' and farmerpw='".$farmerpw."';";

$result=mysql_query($sql);

$count=mysql_num_rows($result);

if($count==1){

session_start();
$_SESSION['member'] = "affirmative";
header("location:succesful_login.php");
}
else {
echo "Wrong Username or Password";
}
?>

And here is my page that is never recognizing that the user is logged in:

<?php
session_start();
if($_SESSION['member'] == "affirmative")
{
echo
"Welcome!";
}
else {
header('Location: http://www.leukosweb.com/user_not_recognized.php');
}
?>

Any Ideas why this is not working?

PS. I would like to change "affirmative" to the user's login name. If you want to help me set the $_SESSION 'member' variable using a variable in the login varification page, that would also be awesome!

Answer 1

session_start() needs to add a cookie to the user's browser and if you have any space before the first <?php that will be output to the browser and will screw up setting the cookie. I would move the session_start() to the 2nd line

<?php
session_start();

and make sure there is no extra space you can check your browsers cookies and see if you have a cookie PHP_SESSION or similar, and if you

print session_start();

it should return true if the session was able to be created - if not you may have a problem with the PHP config and creating sessions.

also this needs to be corrected

header("location:succesful_login.php");

should be

header("Location: succesful_login.php");

Answer 2

check session timeout time in php.ini file

Answer 3

Go to Ipage and log in to your account.
go to CGI and scripted Language support
choose PHP scripting
there edit the php.ini file by finding the save_path by pressing ctrl +f and change
`session.save_path = "/var/php_sessions"`
to
`session.save_path = "/tmp"`

Answer 4

You need to try a few things to see what is going wrong. Let's try looking at the following lines.

session_start();
$_SESSION['member'] = "affirmative";
header("location:succesful_login.php");

Comment out the header location redirect. After the $_SESSION['member'] is set to affirmative, echo that variable to see what is in it.

echo "DBUG: ".$_SESSION['member']. "<br />";

Let's test that out first, get that working, then you can set it with the username that you asked for.

$_SESSION['member'] = $farmeruser;

But that $farmeruser is directly from $_GET... you might want to get the username from the row after preventing SQL injection.

Let's first check that code right after you set it to see if it is working. I also like to put the session_start() at the top of the page. Throw the connection database details in a separate include file.

Answer 5

Okay, while Anad Pal's answer was not the correct one, it set me in the right direction. Turns out you have to change your iPage account's php.ini file on the following line

session.save_path = "/var/php_sessions"

to

session.save_path = "/tmp"

Now everything is working fine. Thanks! Ironic how it wasn't my own code, but that ipage's default for storing sessions does not work >.<