I have a page where a user logs in and some session variables are set:
$_SESSION['username'] = "Bob Smith";
$_SESSION['company'] = "acme Co";
$_SESSION['someData'] = "yes";
so far so good.
now the user is at landing.php and here i have a series of links on left side that users user for navigation.
<li class='menu' id='createUser'>Create New user</li>
<li class='menu' id='modUser'>Modify User</li>
<li class='menu' id='reports'>Reports</li>
<li class='menu' id='api'>API Management</li>
<li class='menu' id='logout'>Logout</li>
and the jquery for navigation:
$('.menu,.menu2').click(function(){
var action = $(this).attr('id');
$.ajax({
type: "POST",
url: "admin.php",
data: "action="+action,
success: function(result){
$('#modData').html(result);
}
});
admin.php returns an include of the var action's php page. so modUser.php or reports.php and so on are returned with different forms and data on them.
now. The strange thing i cant figure out. When i click on any link. My session variables are still set. When i click again on any link(except logout), All session variable data is gone. I have no session_destroy anywhere except in logout.php
print_r($_SESSION) on any of those pages show variables the first time only....second click i get the result
Array()
I have session_start() on every page possible.
I know this is a longshot, and you probably need a ton more info, but is there anything inherently wrong here that I am missing that causes session data to be removed.
admin.php
<?php
session_start();
if ($_POST['action'] == "reports")
{
include('reports.php');
}
if ($_POST['action'] == "logout");{
include('logout.php');
}
if ($_POST['action'] == "api"){
include('apiMgmt.php');
}
?>
One of the problems you might be facing is the include part of your admin.php. While you want to have a session_start() almost always at the beginning of each new file, the include section is just appending the code to the landing php file, having multiple session starts in one 'large' file.
One way you could solve this is in each 'child' php file, have the session start written as -
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
This is for PHP version 5.4 and later. For earlier versions, use
if (session_id() == '') {
session_start();
}
<?php
session_start();
if ($_POST['action'] == "reports")
{
include('reports.php');
}
if ($_POST['action'] == "logout");{ <------
include('logout.php');
}
if ($_POST['action'] == "api"){
include('apiMgmt.php');
}
remove the semi-colon in the logout if statement fixes the problem.