CODEWITHSUNDEEP
phpsessionhttp-redirect
OzMan13
OzMan13

Reputation: 31

PHP $_SESSION variable not working first time

$_SESSION['isloggedin'] doesn't seem to be working on first load.
This only happens on server, not on localhost.
session_start() is at the top of each page.

initialized to: $_SESSION['isloggedin'] = false;

When user logs in $_SESSION['isloggedin'] = true;
When user logs out $_SESSION['isloggedin'] = false;

on home.php:

if (!$_SESSION['isloggedin']) {
  die(header("Location: login.php"));
}

on login.php:

if ($_SESSION['isloggedin']) {
  die(header("Location: home.php"));
}

When you login and sent to the home page $_SESSION['isloggedin'] doesn't seem to be true so it redirects to login.php. But since it is true it redirects to Home.php causing a redirect loop.

when a redirect loop error pops up, I refresh and am taken to the right page. Sometimes the page self refreshes and takes me to the correct page, still showing redirect error before.

Why isn't $_SESSION variable working properly on server? The correct value doesn't seem to register the first time on every page, every site link.

EDIT:

everything works as expected on localhost just not on the online server.
when login is clicked and everything passes the class login function is called:

class users {

    $_SESSION['isLoggedIn'] = false;

    function __construct() {
        if (session_id() == "") {
            session_start();
        }

        if (isset($_SESSION['isLoggedIn']) && $_SESSION['isLoggedIn'] == true) {
            if (session_id() == '') {
                session_start();
            }
        }
    }

    function login($user,$password) {
        if (session_id() == "") {
            session_start();
        }
        $_SESSION['isLoggedIn'] = false;

        $mysqli = new mysqli(DB_HOST, DB_USERNAME, DB_PASSWORD, DB_DATABASE);
        if ($mysqli->connect_errno) {
            return false;
        }

        $user = $mysqli->real_escape_string($user);
        $password = $mysqli->real_escape_string($password);
        $query = "SELECT * from users WHERE email=$user";

        if (!$result = $mysqli->query($query)) {
            return false;
        }

        $row = $result->fetch_assoc();
        $db_pass = $row['password'];

        if (crypt($password,$db_pass) != $db_pass) {
            return false;
        }

        $_SESSION['isLoggedIn'] = true;

        if (session_id() == '') {
            session_start();
        }
        return true;
    } 

}

Upvotes: 1

Views: 1365

Answers (2)

OzMan13
OzMan13

Reputation: 31

I was using AWS Elastic Beanstalk to run this web app. I didn't think this matter but apparently it did. It turns out that sessions don't work the same as they do on localhost since you are dividing your servers. I needed to enable sticky session within the load balancer.

Upvotes: 0

Hail Hydra
Hail Hydra

Reputation: 473

Try changing your code to something like this

if (!isset($_SESSION['isloggedin'])) {

  header("Location: login.php");

} else {

  header("Location: home.php");
}

Upvotes: 1

Related Questions