Variables $ _SESSION resets after reloading page in PHP

1

Hello. I'm trying to run a very simple login system with session and I'm not able to keep the $ _SESSION variables saved, because they get lost every time I have a reload on the page.

My index.php

 <?php
    session_start();
    if(isset($_POST["login"])){
        $_SESSION["autenticado"] = true;
    }
?>  
<html>
    <head>
        <?php include("header.php"); ?>
    </head>
    <body>
        <?php 
        include("cabecalho.php");
        include("corpo.php");
        include("rodape.php");
        ?>
    </body>
</html>

Inside the header.php there is the function that checks login and etc. When I use the login function, the session works normally, however when I reload the page, or use some function that sends me back to index.php (which gives all include again) the variables $ _SESSION ["authenticated"] is null.

Why is this happening? What do I have to do to continue with their values retained even by reloading the page?

PS: only has session_start () in index.php because it gives include in all other pages and whenever a new page is loaded, it goes through index.php, so there will always be session_start before anything else

    
asked by anonymous 03.02.2017 / 13:23

1 answer

1

You will need to give session_start () on all protected pages, with a fragment of the type:

<?php
    session_start();
    if(!isset($_SESSION["autenticado"]))
    {
         header("Location: login.html")
    }
?>  

If the $_SESSION["autenticado"] variable does not exist in the session, it redirects to the login page that has a login form. The action of this form checks the validity of the login data and if the login is successful, you should create this variable $_SESSION["autenticado"] and redirect it to the protected page.

Example of login with PHP using session

index.php

<?php

session_start();

if(!isset($_SESSION["autenticado"]))
{
    header("Location: login.html");
}
else
{
    header("Location: protegida1.php");     
}

This is the home page. It checks to see if the user is already logged in. If it is sent to the internal page of the system, if not, send the user to the login form.

login.html

<h2>Por favor, efetue o login para acessar o sistema</h2>

<form action="processa_login.php" method="post">

    Login: <input type="text" name="login"><br>
    Senha: <input type="password" name="senha">

    <input type="submit" value="Logar">

</form>

login.html is a form that sends the login data to be verified by the processa_login.php script. Note that the form has the method post and the following script will use $ _POST to check the submitted data. Use test and password 12345 to test.

processa_login.php

<?php

if(!isset($_POST["login"]) || !isset($_POST["senha"]))
{
    header("Location: login.html");
}

if($_POST["login"]=="teste" && $_POST["senha"]=="12345")
{
    session_start();
    $_SESSION["autenticado"] = true;

    header("Location: protegida1.php");
}
else
{
    header("Location: login.html"); 
}

First of all, check if login variables have been sent. It is then checked whether the login pair and password indicate a valid login. If it is a valid login, log in, create the $ _SESSION ["authenticated"] variable and send it to the protected1.php page, otherwise return to the login form.

protected1.php

<?php
    session_start();
    if(!isset($_SESSION["autenticado"]))
    {
        header("Location: login.html");
    }
?>  
<h2> Página protegida 1</h2>

<p>Lorem ipsum dolor sit amet.</p>

<a href="protegida2.php">Ir para a página protegida 2</a>
<br><br>
<a href="deslogar.php">Sair do sistema(logoff)</a>

This is the first page on the system after login. If a user attempts to access this page directly without first logging in correctly, they will be redirected to the login form.

protected2.php

<?php
    session_start();
    if(!isset($_SESSION["autenticado"]))
    {
        header("Location: login.html");
    }
?>  
<h2> Página protegida 2</h2>

<p>Lalala lerolero lolololol.</p>

<a href="protegida1.php">Voltar para a página protegida 1</a>
<br><br>
<a href="deslogar.php">Sair do sistema(logoff)</a>

protected2.php is another page protected only to show that the login remains.

deslogar.php

<?php

// Limpa a sessão 
session_unset();
session_destroy();
session_write_close();
setcookie(session_name(),'',0,'/');
session_regenerate_id(true);    

header("Location: login.html");

This session cleanup code is really cake recipe to kill the user session.

If this answer helped you, mark it as you accept and give +1 to give me reputation points.

Any questions we are talking about here in the comments below.

A big hug.

    
03.02.2017 / 15:36