How do I hold a session through a PHP login redirect?

Question

I've been experimenting with php lately and I'm trying to understand sessions. So far I understand that each page needs a session_start() if I am to require a login to view certain pages/ carry information, but what I cannot figure out is how to keep the user's information after the login page.

Here is my login.php script:

<?php

session_start();

?>
<head>
<link rel="stylesheet" type="text/css" href="styles.css">
<link href='http://fonts.googleapis.com/css?family=Lato|Quattrocento+Sans|Oxygen|Hind|Raleway' rel='stylesheet' type='text/css'>
<script src="http://code.jquery.com/jquery-1.8.3.min.js"></script>
<script src="career.js"></script>
</head>
<body onload="fadeUp()">
<form id="login" class="login" action="logCheck.php" method="POST">
<div id="titleArea"><img src="tampa-bay.png" class="t2"><div class="workspaceTitle">CPC <br><align ="left">WorkSpace</align></div></div>
<center>
<table class="logTable">
<tr><td colspan="2"><input type="text" class="field" value="username" onclick='javascript: this.value = ""' name="user"></td></tr>
<tr><td colspan="2"><input type="password" class="field" onclick='javascript: this.value = ""'  value="password" name="pass"></td></tr>
<tr><td></td><td colspan="2"><input type="submit" name="login" value="Login"></td></tr>
<tr><td></td><td colspan="2">Don't have an account?<a href="register.php"> Register Here</a></td></tr>
<tr><td></td><td colspan="2">Forgot your username/password?<a href="register.php"> Click Here</a></td></tr>
</table>
</center>
</form>
</body>

And here is the relevant login verification (logCheck.php) script

if(isset($_POST['login'])){

    $username = mysqli_real_escape_string($con,$_POST['user']);

    $pass = mysqli_real_escape_string($con,$_POST['pass']);

    $sel_user = "select * from userdata where username='$username' AND password='$pass'";

    $run_user = mysqli_query($con, $sel_user);

    $check_user = mysqli_num_rows($run_user);

    if($check_user>0){
        $_SESSION['username']=$_POST['user'];

        echo "<script>window.open('careerindex.php','_self')</script>";
    }
    else {
        echo "<script>alert('Username or password is not correct, try again!')</script><script>window.open('login.php','_self')</script>";
    }
}
?>

Lastly, I also have an includes which holds the header on all pages that require logins. Here is the header's session:

<?php
session_start();
if (isset($_SESSION['username'])) {
?>
    logged in HTML and code here
<?php
} else {
?>
    Not logged in HTML and code here
<?php
}
?>

I've tried to use a regular session_Start() on each page, a session variable that uses the username (like $_SESSION['username']=$_POST['user'];). But I can't understand what I'm doing wrong. Any suggestions? (Ps, I've tried google searching, looking up answers here and w3 schools but none of the methods suggested seem to work)

Answer 1

Anywhere you are using any $_SESSION data, you need to initiate the session with session_start(), including in header and include files, you can find easily from StackOverflow various methods to check if a session has already been started and then if not, you can call session_start(); .

As long as you reference the $_SESSION values correctly and you have sorted out that session_start(); runs correctly, if you have further issues then you'd need to provide more specific details and code.