cookies and sessions are not being saved

Question

my site is working (sort off). When i check if there sessions are there, they echo out a message which works BUT when i check session storage in chrome, the sessions are not coming up, which is strange. I have also tried to set a cookie but that is not coming up either. So what am i doing wrong. So the sessions are working but not getting stored, and the cookies are not getting stored either

this is part of login class

public function __construct(DB $pdo)
{
    $this->pdo = $pdo->pdo;

    if(isset($_GET['logout'])){
        $_SESSION = array();
        session_destroy();
    }

}

public function checklogin()
{
    if(isset($_SESSION['user_sess']) && $_SESSION['logged_in'] === true){
        return true;
    } else {
        return false;
    }
}

public function loginwithdata($email, $password)
{
    $query = $this->pdo->prepare('SELECT * FROM `users` WHERE `email` = ?');

    $query->bindValue(1, $email);

    try{

    $query->execute();

    $data = $query->fetch();

    $salt = $data['salt'];
    $user_key = $data['user_key'];
    $hashed_pass = sha1(md5($salt.$password));

    if($this->verify($hashed_pass, $email) === true){

        $_SESSION['user_sess'] = $user_key;
        $_SESSION['logged_in'] = true;
        setcookie('key', '12345678910', 1209600, '/');
        return true;
    } else {
        return false;
    }

    } catch(PDOException $e) {
        die($e->getMessage());
    }
}

here is the ajax_login.php

require '../core/init.php';

if(isset($_POST))
{
    $email = $_POST['email'];
    $password = $_POST['password'];

    if(!empty($email) && (!empty($password))){

        $try = $login->loginwithdata($email, $password);

        if($try){
            //login successful
            echo 'success';
        } else {
            echo 'login failed';
        }
    }
} 

and on my index page i have

require_once 'core/init.php';

if($login->checklogin() === true){
    echo "you are logged in";
} else if ($login->checklogin() === false) {
    echo "you are not logged in";
}

and my init file

session_start();
error_reporting(E_ALL);
date_default_timezone_set('Europe/London');

require_once 'classes/DB.php';
require_once 'classes/Upload.php';
require_once 'classes/Login.php';
require_once 'classes/Register.php';
require_once 'classes/Site.php';
require_once 'classes/Admin.php';

require_once 'sinitize.php';

$pdo        = new DB;
$upload     = new Upload($pdo);
$login      = new Login($pdo);
$register   = new Register($pdo);

Answer 1

Your code looks good so far.

But wait.. dude.. Sessions generally get stored in a COOKIE (as ID). SESSION STORAGE and WEB STORAGE in chrome is something completely different and is sorta part of HTML5 rather than PHP Sessions.

You say you get the proper echoes so there is really nothing wrong with your session. If you open the developers console and in networking tab you see the cookie sent, it's everything perfect.

If you are having problems with the session cookie itself, please provide and check the session configuration variables from php.ini:

From console:

php -i | grep session

or use phpinfo(); in a web served script.

session.use_cookies should be On

See: http://www.php.net/manual/de/ini.list.php

Answer 2

Some browsers, if path is set, wants the domain too:

setcookie ( $name, $value, $expire, $path,  $domain);

About $expire It's the "absolute" time in seconds since Epoc when the cookie expire, so expire within an hour should be:

$expire = time()+3600;

see also: http://www.php.net/setcookie