Re: session problem - login screen continually reloads after pressing the login button

From: Matthias Esken (
Date: 11/24/03

Date: Mon, 24 Nov 2003 21:24:08 +0100

Chip <> schrieb:

> I am trying to get sessions to work on a log in screen to give certain
> users access to certain pages/directories. The problem is that when
> the login button is pushed (or the enter key pressed) the login screen
> redraws, never loading the next page. I don't get any error messages.
> I am using FreeBSD-5.1/Apache-2.0.46/MySQL-

And you're using code from the times of PHP 4.0.x.

> <?

Don't use short tags. The are not portable. Use <?php.

> session_start();

Seems OK. :-)

> session_register("userid","password");

That's not good. In fact it is bad style. Read the documentation at

> if ($submit)

You rely on register_globals=on. Since PHP 4.2.0, the default value for
register_globals is off.

> This is at the top of all pages, before any html tags -
> -------------
> <?
> session_start();
> if(!isset($userid)) {
> header('Location:');
> exit;
> }
> ?>

Ouch. What is $userid? You might believe that it contains a variable
from your session. If register_globals is off, then it doesn't and PHP
will always send you back to login2.php. You'll find the value in
$_SESSION['userid'] instead. If register_globals is on, then it _might_
contain the id from the session. On the other hand it could be a clever
intruder who just calls your page with page.php?userid=42. So, don't
work with activated register_globals.

This leaves you with some work to do. Check the setting of
register_globals in the php.ini. If it's on, then switch it off. With
activated register_globals you have to work hard to make your code
secure. With deactivated register_globals you have to work to make it

To find errors from uninitialized variables set the error_reporting to
E_ALL, so that you get all notices and warnings during the development
of your code.

Write data to a session with:
  $_SESSION['example'] = $value;

Access data in a session with:
  echo ($_SESSION['example']);

Access data from a form with:
according to your posting method.

Check for
details about these "superglobals".