PHP Session not being passed

Question

I am working on authentication for my schools username and password. The school has its own backend script to use for form POST. It allows some hidden inputs with specific names for customization, for example, page redirecting on success. However, I can't have any session_start() or any of my php code on that page because after the login.php, the login page gets redirected to the schools page and then gets redirected back to my index.php. The post value gets passed through to the index.php but on page refresh, it goes back to the login page because the session is not saved with the post value.

Any help on this will very helpful.

Index.php

<?php
session_start();
$_SESSION['username'] = $_POST['sid'];
if(!isset($_SESSION['username'])){
header("Location: login.php");
} else {
?>
// HTML here
<?php
}
?>

Login.php

<form action="authenticator.pl" name="form1" method="POST">
    // Using hidden inputs I specify which page to redirect to... These are specific hidden inputs that are accepted.
</form>

Answer 1

You have to include the sessions_start(); at the top of every file where you need to check if they are logged in.

Put an if statement at the top of login.php to check if they're session exists. If it does then redirect the to index.php.

At the top of index.php check if they are logged in using an if statement. If they are then proceed to rest of index.php if not (else {}) then redirect them to login.php

Set the SESSION after you run your checks and authentications in your login.php script. You can set a session like this:

$_SESSION['userid']     = $id;
$_SESSION['username']   = $name;
$_SESSION['userpass']   = $pass;

Just be sure to add session_start(); at the top of index.php and check if they're sessions equate to a logged in user.

Answer 2

If you're not sending post data to the index.php page the following line will clear the username session value.

$_SESSION['username'] = $_POST['sid'];