PHP $_SESSION variable not saving across pages


#1

I’ve been having some big problems with this all day.

I’m trying to save a SESSION variable and then print it onto another PHP file however the variable isn’t saving across pages. I’m essentailly making a login system using SQL to then be able to view the users details using the username as the SESSION variable.

I’ve done a lot of research and it seems that my redirect URL is causing the issue. It needs to be a realtive URL used not a HTTP one as this doesn’t carry over SESSION variables.

I’ve tested that the variable is stored by printing it straight away in the source PHP file and that works fine. It just doesn’t get transfered across, it comes back with a blank array.

I’m calling my method from an API routes PHP file. I don’t think this causes an issue?

Here is my setup:

API PHP file:

$app->post(’/api/customer/login/{Username}/{PassW}’, function(Request $request, Response $response){

$Username = $request->getParam('Username');
$PassW = $request->getParam('PassW');

$PassW = md5($PassW);//FIND NEW WAY OF HASHING AS MD5 IS DEPRECIATED
$sql = "SELECT * FROM login WHERE Username= '$Username' AND PassW='$PassW' LIMIT 1";

try{
    $db = new db();
    $db = $db->connect();
    
    $stmt = $db->query($sql);
    $result = $stmt->fetchAll(PDO::FETCH_ASSOC);
    
    if(count($result) == 1){  
    session_start();  
    $_SESSION['Username'] = $Username;
    header("Location: http://localhost/testing/dashboard.php");
    exit();
   
    
    }else{
    echo "<script type='text/javascript'>alert('Wrong Username or Password');
    window.location='http://localhost/testing/login.html';
    </script>";
    //echo'{"notice": {"text": "Incorrect"}';
    }
  
    //$db = null;
    //echo json_encode("hello");
}
catch(PDOException $e){
    echo '{"error": {"text": '.$e->getMessage().'}';
}

});

Test SESSION variable has been set PHP file:

<?php session_start(); print_r($_SESSION); ?>

I’m very new to all this so my apologies if it’s something very simple for you guys.

Big Love.


#2

The PHP session handler must be started before you can use it.
Add this middleware to the end of your middleware stack (LIFO).

Notice: Slim 3 is LIFO (last in, first out), which means you have to add this middleware to the last position to run it first.

use Slim\Http\Request;
use Slim\Http\Response;

// Session middleware
$app->add(function (Request $request, Response $response, $next) {
    session_start();
    return $next($request, $response);
});

#3

In your code:

$Username = $request->getParam('Username');

$request->getParam() won’t get you the param as you expect for your route.

getParam() will get you a param from the $_GET array.

You are looking for the parsed route arguments, you need to provide a third argument $args to your route handler. Then slim will pass an array containing the parsed arguments.

$app->post(’/api/customer/login/{Username}/{PassW}’, 
           function(Request $request, Response $response, $arguments) {
     $Username = $arguments['Username'];
};