Here are the code of my login page where the login script checks for the authenticity of the user and then redirects to inbox page using header function.
<
- Make sure
session_start();
is called before any sessions are being called. So a safe bet would be to put it at the beginning of your page, immediately after the openingtag before anything else. Also ensure there are no whitespaces/tabs before the opening
tag.
- After the
header
redirect, end the current script usingexit();
(Others have also suggestedsession_write_close();
andsession_regenerate_id(true)
, you can try those as well, but I'd useexit();
).- Make sure cookies are enabled in the browser you are using to test it on.
- Ensure
register_globals
is off, you can check this on thephp.ini
file and also usingphpinfo()
. Refer to this as to how to turn it off.- Make sure you didn't delete or empty the session.
- Make sure the key in your
$_SESSION
superglobal array is not overwritten anywhere.- Make sure you redirect to the same domain. So redirecting from a
www.yourdomain.com
toyourdomain.com
doesn't carry the session forward.- Make sure your file extension is
.php
(it happens!).
PHP session lost after redirect