Search code examples
phphtmlcssldap

PHP Session lost after redirection

I have a problem with my LDAP Authentication redirection. If I access Index.php it should redirect my request to my login page (login.php). This does work. After I enter my Credentials it does not redirect me to the Index Page. Any Tipps?

Here is my Code:

index.php;

<?php

session_start();
if(!isset($_SESSION['user'])) {
    // user is not logged in, do something like redirect to login.php
    header("Location: http://192.168.0.20:8090/login.php");
    exit;
}
?>

login.php

<?php
include("authenticate.php");
 
// check to see if user is logging out
if(isset($_GET['out'])) {
    // destroy session
    session_unset();
    $_SESSION = array();
    unset($_SESSION['user'],$_SESSION['access']);
    session_destroy();
}
 
// check to see if login form has been submitted
if(isset($_POST['userLogin'])){
    // run information through authenticator
    if(authenticate($_POST['userLogin'],$_POST['userPassword']))
    {
        // authentication passed
        header("Location: http://192.168.0.20:8090/index.php");
        die();
    } else {
        // authentication failed
        $error = 1;
    }
}
 
// output error to user
if(isset($error)) echo "Login failed: Incorrect user name, password, or rights<br />";
 
// output logout success
if(isset($_GET['out'])) echo "Logout successful";
?>
Solution

  • You forget session_start();. (-brombeer)

    You need session_start(); to initialize a new session or use existing session.

    <?php

session_start();

include("authenticate.php");
 
// check to see if user is logging out
if(isset($_GET['out'])) {
    // destroy session
    session_unset();
    $_SESSION = array();
    unset($_SESSION['user'],$_SESSION['access']);
    session_destroy();
}
 
// check to see if login form has been submitted
if(isset($_POST['userLogin'])){
    // run information through authenticator
    if(authenticate($_POST['userLogin'],$_POST['userPassword']))
    {
        // authentication passed
        header("Location: http://192.168.0.20:8090/index.php");
        die();
    } else {
        // authentication failed
        $error = 1;
    }
}
 
// output error to user
if(isset($error)) echo "Login failed: Incorrect user name, password, or rights<br />";
 
// output logout success
if(isset($_GET['out'])) echo "Logout successful";
?>