CODEWITHSUNDEEP
phpsessionhttp-redirect
Caz1224
Caz1224

Reputation: 1569

PHP Losing Session Data After a Redirect

I am having an issue that it seems like a lot of people are having though have tried all the solutions provided and none seem to be working.

I have my session starting on every page redirecting with a header(location: exact url) Calling exit(); after the redirect (I have tried session save and a few others). Globals are not an issue (PHP 7) and files are in a sub domain (in development at the moment) exact link:

localhost:1080/basefolder/admin/file.php

And the file that starts the session is in folder

localhost:1080/basefolder/admin/php/file.php

login.php - localhost:1080/basefolder/admin/login.php

<?php
 include 'php/adminloginfunctions.php';

 if ($_SERVER["REQUEST_METHOD"] == "POST") {
   if ($_POST['type'] == 'login'){
      $username = $_POST['loginusername']; 
      $password = $_POST['loginpassword'];     
    if (login($username, $password)) {
      header('Location: http://' . $_SERVER['SERVER_NAME'].':1080' . dirname($_SERVER['REQUEST_URI']) . '/home.php');
        exit();
    }

} else {
    logout();
}

}

?>

The session functions are in localhost:1080/basefolder/admin/php/adminloginfunctions.php:

<?php
  include 'adminmySQLCon.php';
  sec_session_start();

  function sec_session_start() {
    $session_name = 'sec_session_id'; 
    $secure = true;
    $httponly = true;
     if (ini_set('session.use_only_cookies', 1) === FALSE) {
       header("Location: ../error.php?err=Could not initiate a safe session            (ini_set)");
        exit();
  }
      $cookieParams = session_get_cookie_params();
      session_set_cookie_params($cookieParams["lifetime"],
      $cookieParams["path"], 
      $cookieParams["domain"], 
      $secure,
      $httponly);
       session_name($session_name);
       session_start(); 
       session_regenerate_id(true); 
}


 function login($email, $password) {
    global $conn;
     if ($stmt = $conn->prepare("SELECT Occupant.idOccupant,           Occupant.Occ_Email, Occupant.Occ_Password, roles.RoleLevel
         FROM Occupant INNER JOIN userrolemapping ON Occupant.idOccupant = userrolemapping.URMUserId
          INNER JOIN roles on roles.idRoles = userrolemapping.URMRoleID
       WHERE Occ_Email = ?
        LIMIT 1")) {
       $stmt->bind_param('s', $email);
       $stmt->execute();
       $stmt->store_result();
       $stmt->bind_result($user_id, $username, $db_password, $userrole);
       $stmt->fetch();

       if ($stmt->num_rows == 1) {
          if (checkbrute($user_id) == true) {
            return false;
        } else {
            if (password_verify($password, $db_password)) {
                $user_browser = $_SERVER['HTTP_USER_AGENT'];
                $_SESSION['user_id'] = $user_id;
                $_SESSION['username'] = $username;
                $_SESSION['login_string'] = hash('sha512', 
                          $db_password . $user_browser);
                $_SESSION['userrole'] = $userrole;
                // Login successful.
                return true;
            } else {
                $now = time();
                $conn->query("INSERT INTO login_attempts(idOccupant, time)
                                VALUES ('$user_id', '$now')");

                return false;
            }
        }
    } else {

        return false;
    }
}
}

The redirect page home.php is located in localhost:1080/basefolder/admin/home.php:

<?php
   include 'php/adminloginfunctions.php';
   echo $_SESSION['userrole'];
 ?>

Resulting in the error:

Notice: Undefined index: userrole in 'folder link' on line 3

Running out of things to try, any help would be great.

Upvotes: 0

Views: 458

Answers (1)

Caz1224
Caz1224

Reputation: 1569

Setting secure to false in the "session_set_cookie_params" seems to have resolved the issue. 

function sec_session_start() {
$session_name = 'sec_session_id'; 
$secure = FALSE;
$httponly = true;
 if (ini_set('session.use_only_cookies', 1) === FALSE) {
   header("Location: ../error.php?err=Could not initiate a safe session            (ini_set)");
    exit();
}
    $cookieParams = session_get_cookie_params();
  session_set_cookie_params($cookieParams["lifetime"],
  $cookieParams["path"], 
  $cookieParams["domain"], 
  $secure,
  $httponly);
   session_name($session_name);
   session_start(); 
   session_regenerate_id(true); 
}

Upvotes: 1

Related Questions