$_SESSION is deleting after going to a different page

[noahssite]

I am storing login information in a $_SESSION variable. When the user enters their login information on the page index.php the login.php script is executed. The first line of login.php is session_start(); as variables are stored in sessions to be used throughout the website. If username & password are correct the user is redirected back to index.php using header('Location: index.php'); There is a bit of PHP on the top of the page that handles the $_SESSION variables:

Code:

<?php
session_start();
$loggedIn = false;
$siteName = "";
if(isset($_SESSION['loggedOn']) && $_SESSION['loggedOn'] == true){
include("xmlDOMDocHandler.php");
$loggedIn = true;
$siteName = getSiteName($skip,$user);
} else {
$loggedIn = false;
}
$bgcolor = "#27B9AD";
?>

Then if $loggedIn == true, the login form is replaced by something else... Hence keeping it all on one page, index.php (excluding login.php).

The login form will not go away.. It work's perfectly on Firefox, Google Chrome, Safari & Opera but it is not working with IE8. I've tried adding in this line after session_start();

Code:

print_r($_SESSION);

But the output is: Array()

Which is blank.

Why is the $_SESSION variables clearing itself upon entering the page (index.php)?

[kows]

could you post the entire index.php and login.php scripts? out of context, there's nothing going on here that would give you any problems.

however, one thing to note is that if $_SESSION['loggedOn'] is set, then they should be logged in. instead of storing a boolean, you might consider storing a username or something instead. then, you would be able to set $loggedOn by doing:

PHP Code:

$loggedOn = isset($_SESSION['loggedOn']);
if($loggedOn){
  $username = $_SESSION['loggedOn'];
} 


if you don't choose to do this, you should at least get rid of the redundancy. you default $loggedOn to false, but then have an if-else statement that sets $loggedOn to false. this part is unneeded.

[noahssite]

For the index.php script, after that code I supplied it goes into HTML. At parts in the HTML I use PHP but I don't think there is a need to supply that as when I used print_r(), it returned null, and I used it right after session_start();. I used echo to see if the login.php was working, all the values checked out.

For the redundancy you talked about, I'll fix it up a bit but I have a separate variable called $_SESSION['username']; I use it for something else in a different script.

I doubt it will make a difference (it's working in all browsers but IE8) but here anyway.

index.php

Code:

<?php
session_start();
$loggedIn = false;
$siteName = "";
if(isset($_SESSION['loggedOn']) && $_SESSION['loggedOn'] == true){
include("xmlDOMDocHandler.php");
$loggedIn = true;
$siteName = getSiteName($skip,$user);
} else {
$loggedIn = false;
}
$bgcolor = "#27B9AD";
?>
<html>
<head><title>MySite</title>
<script type="text/javascript">
function addPage()
{
if (window.XMLHttpRequest)
  {// code for IE7+, Firefox, Chrome, Opera, Safari
  xmlhttp=new XMLHttpRequest();
  }
else
  {// code for IE6, IE5
  xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
  }
xmlhttp.onreadystatechange=function()
  {
  if (xmlhttp.readyState==4 && xmlhttp.status==200)
    {
    document.getElementById("pages").innerHTML=xmlhttp.responseText;
    }
  }
xmlhttp.open("GET","addpage.php?r=" + Math.random(),true);
xmlhttp.send();
}
</script>
</head>
<body style="padding:0px;margin:0px;">
<table border="1" style="width:100&#37;;height:100%;">
<tr>
<!--Top Bar-->
<td style="width:20%;height:10%;"><div align="center" style="background:<?php echo $bgcolor; ?>;width:100%;height:100%;"><div style="position:relative;top:30%;"><p style="font-weight:bold;">MySite<br /><a href="http://www.mysite.com" target="_blank" style="text-decoration:underline;color:purple;">www.mysite.com</a></p></div></div></td>
<td style="width:80%;height:10%;" ><div align="center" style="background:<?php echo $bgcolor; ?>;width:100%;height:100%;"><div style="position:relative;top:30%;"><p style="padding:0px;margin:0px;font-weight:bold;font-size:30px;"><?php echo $siteName; ?></p></div></div></td>
</tr>
<tr>
<td style="height:80%;">
<!--Menu-->
<div align="center" style="background:<?php echo $bgcolor; ?>;width:100%;height:100%;">
<div>
<?php
if($loggedIn == false){
echo'&nbsp;';
}
else{
echo '<div id="pages">';
if ($handle = opendir('users/' . $_SESSION['username'] . '/pages')) {
    echo "<table align='center' style='border:0 solid black;'>";
	while (false !== ($file = readdir($handle))) {
        if (is_dir($file) == false && $file != "." && $file != "..") {
            echo "<tr><td><a href='#' onclick='editPage(\"$file\")'>$file</a></td>";
			echo "<td><a href='#' onclick='renameFile(\"$file\")'>...</a> | <a href='#' onclick='deleteFile(\"$file\")'>X</a></td>";
			echo "</tr>";
        }
    }
	echo "</table>";
    closedir($handle);
}
echo '</div><br /><br />';
echo '<a href="#" onclick="addPage()">- Create a New Page -</a>';
}
?>
</div>
</div>
</td>
<?php
if($loggedIn){echo'<td style="height:80%;">';} else { echo'<td style="height:80%;background:' .$bgcolor . ';">'; }
if($loggedIn == false){
echo '<form action="login.php" method="POST">
<table align="center" style="border: 0px solid black;">
<tr><td colspan="2"><p style="padding:0px;margin:0px;font-weight:bold;font-size:18px;">Please log in to your account.</td></tr>
<tr><td>Username:</td><td><input type="text" name="txtUsername" /></td></tr>
<tr><td>Password:</td><td><input type="password" name="txtPassword" /></td></tr>
<tr><td>&nbsp;</td><td><input type="submit" value="Login" /></td></tr></table></form>';
}
else{
echo "You're logged in";
}
?>
</td>
</tr>
</table>
</body>
</html>

login.php

Code:

<?php
session_start();
$txtUsername=$_POST['txtUsername'];
$txtPassword=md5($_POST['txtPassword']);
$message="";
//Logic
if(file_exists("users/" . $txtUsername)){
if(file_exists("users/" . $txtUsername . "/accountInfo.php")){
include("users/" . $txtUsername . "/accountInfo.php");
if($txtPassword == $password){
$_SESSION['username'] = $txtUsername;
$_SESSION['password'] = $txtPassword;
$_SESSION['loggedOn'] = true;
}
else{
$message .= "Password is incorrect!<br />";
}
}
else{
$message .= "Account information could not be found.<br />";
}
}
else{
$message .= "Username does not exist!<br />";
}
if(strlen($message) == 0){
header("Location: index.php");
} else {
echo $message;
}
?>

You may have noticed I'm not using a database.. but the reason for that isn't really relevant right now.

[kows]

a header redirect should be an absolute URL:

PHP Code:

header("Location: http://example.com/index.php"); 


if changing that doesn't work for you, then add an exit:

PHP Code:

header( ... );
exit; 


[noahssite]

I'll try the exit; it was an absolute URL before, I thought it might fix the problem if I changed it, I forgot to turn it back.

[noahssite]

It's still not working.

The header is working fine. It does redirect to the appropriate page, the issue is that the $_SESSION variables are being erased..

And why work in every browser but IE8?

EDIT: Could it have anything to do with Internet Explorer's Cache? Since the login.php is redirected to the page the user was just on.

[kows]

I doubt it. I use sessions with redirects a lot, and I've never run into an issue like you seem to be having. I'll whip up a quick example using the code you've provided (without the login stuff you have there) and see how it works.

[kows]

after modifying your scripts to work with just a regular username/password, the script works perfectly fine with IE8 for me. you could be loading a cached version, I guess. try a hard refresh with CTRL+F5.