Why Do Sessions And Cookies Need To Refresh In Order To Activate? *fixed*

[MrFish]

I've got a working ajax login script, but what's the point of it if you have to refresh to get the cookies working? It works on the responseText but all the other elements of the page won't be viewed properly until the page is refreshed. TRY IT: http://luminaryreport.byethost17.com/username: testuserpassword: passwordWorking Ajax Script-

<script type="text/javascript">		function ajaxlogout(){		var ajaxRequest;		if(window.XMLHttpRequest){			ajaxRequest = new XMLHttpRequest();			} else if (window.ActiveXObject){				ajaxRequest = new ActiveXObject('Microsoft.XMLHTTP');				} else {					alert("Your browser broke!");				}			ajaxRequest.onreadystatechange = function(){					if(ajaxRequest.readyState == 1){						document.getElementById('loginbox').innerHTML = '<img src="images/loading.gif" width="50" height="50">';					}					if(ajaxRequest.readyState == 4){						document.getElementById('loginbox').innerHTML = ajaxRequest.responseText;						document.getElementById('menubarcontent').innerHTML = 'Login to activate this element.';					}				}			ajaxRequest.open("GET", "includes/logout.php", true);			ajaxRequest.send(null);			}				function ajaxlogin(){		var username = document.getElementById('username').value;		var password = document.getElementById('password').value;		var ajaxRequest;				if(username == "" || username == null || password == "" || password == null){			alert('One or more fields is empty.');		} else {			if(window.XMLHttpRequest){				ajaxRequest = new XMLHttpRequest();			} else if(window.ActiveXObject){					ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");				} else {					alert('Your browser broke!');				}				ajaxRequest.onreadystatechange = function(){					if(ajaxRequest.readyState == 1){						document.getElementById('loginformholder').innerHTML = '<img src="images/loading.gif" width="50" height="50">';					}					if(ajaxRequest.readyState == 4){						document.getElementById('loginformholder').innerHTML = ajaxRequest.responseText;						setTimeout('document.getElementById(\'menubarcontent\').innerHTML = \'<?php include("includes/menubarloggedin.php"); ?>\';', 2000);					}				}				ajaxRequest.open("GET", "includes/loginhandler.php?username=" + username + "&password=" + password, true);				ajaxRequest.send(null)			}					}</script>

working login handler-

<?phpsession_start();$username = $_REQUEST['username'];$password = $_REQUEST['password'];$con = mysql_connect("sql204.byethost17.com", "b17_3648160", "********") or die(mysql_error());mysql_select_db('b17_3648160_maindb', $con) or die(mysql_error());$query="SELECT * FROM users WHERE username='$username' AND password='$password'";$run=mysql_query($query);$results=mysql_affected_rows();if($results == 1){		/* Get query information */		/* Get Real Username */				mysql_select_db('b17_3648160_maindb', $con) or die(mysql_error());		$query="SELECT username FROM users WHERE username='$username'";		$run=mysql_query($query);		$results=mysql_fetch_array($run);		$username = $results[0];				/* Last login */		mysql_select_db('b17_3648160_maindb', $con) or die(mysql_error());		$lastlogin = date("y-m-d h:i:s");		$query="UPDATE users SET last_login='$lastlogin' WHERE username='$username'";		$run=mysql_query($query);				/* User_type */				mysql_select_db('b17_3648160_maindb', $con) or die(mysql_error());		$query="SELECT user_type FROM users WHERE username='$username'";		$run= mysql_query($query);		$results= mysql_fetch_array($run);		$user_type = $results[0];				/*Avatar*/				mysql_select_db("b17_3648160_maindb", $con);		$query="SELECT avatar FROM users WHERE username='$username'";		$run=mysql_query($query);		$results=mysql_fetch_array($run);		$avatar= $results[0];			/* Important Information */	$_SESSION["username"] = $username;		$_SESSION["user_type"] = $user_type;	/* Cookie time */		setCookie("username", $username, time() + 60*60*24*365, "/");	setCookie("password", $password, time() + 60*60*24*365, "/");	setCookie("avatar", $avatar, time() + 60*60*24*365, "/");		/* User preferences */	/* none yet */	include('logininformation.php');} else {	echo include('loginforms.php');	echo 'The username and password did not match.';}?>

Working user info (which uses sessions and cookies mind you!)-

<div style="float: left; margin-bottom: 10px;"><div id="leftlogin_avatar" style="float: left; width: 99px;"><?phpsession_start();	/* AVATAR */		$username = $_SESSION['username'];	if(isset($_COOKIE['avatar'])){		echo '<img src="' . $_COOKIE['avatar'] . '" style="width: 75px; height: 75px;">';	} else {		$con = mysql_connect("sql204.byethost17.com", "b17_3648160", "frizzler") or die(mysql_error());		mysql_select_db("b17_3648160_maindb", $con);		$query="SELECT avatar FROM users WHERE username='$username'";		$run=mysql_query($query);		$results=mysql_fetch_array($run);		$avatar= $results[0];		echo '<img src="' . $avatar . '" style="width: 75px; height: 75px;">';	}?></div><div id="leftlogin_userinfo" style="width: 160px; float: left; padding: 5px; border-left: 1px solid #7A441D; text-align: left;"><?php session_start();$username = $_SESSION['username'];/* Username */echo $_SESSION['username'] . '<br />';/* User type */echo 'User type: ' . $_SESSION['user_type'] . '<br />';/* Last Login */$con = mysql_connect("sql204.byethost17.com", "b17_3648160", "frizzler") or die(mysql_error());mysql_select_db('b17_3648160_maindb', $con) or die(mysql_error());	$query="SELECT last_login FROM users WHERE username='$username'";$run=mysql_query($query);$results=mysql_fetch_array($run);$lastlogin= $results[0];echo 'Last Login: ' . $lastlogin;?></div></div><div id="leftlogin_guides" style="width: 280px; text-align: left;">Guides</div><div id="leftlogin_otherinfo" style="width: 280px; text-align: left;"><ul><li>messages<li>New Subscriptions<li>other stuff, I don't know</ul></div><div id="leftlogin_logout" style="width: 280px;"><input type="button" value="logout" onclick="ajaxlogout()" style="width: 200px;"></div>

But this is all centered around the user info. My menu bar is supposed to check if the username session exists but unless you refresh after logging in then you won't get anything.

<?php	session_start();	if(isset($_SESSION['username'])){	echo 'Welcome back, <b>' . $_SESSION['username'] . '</b>! | ';	echo '<img src="images/nomail.jpg"> (0) | ';	echo '<img src="images/usercp.png"> <a href="usercp.php">UserCP</a>';	} else {	echo 'NO USERNAME SESSION WAS FOUND. GAAAAH! :(';	}?>

Why do sessions and cookie take a refresh to work?

[vytas]

This won't fix your problem but here is just some advice1. Never put password's in a cookie really risky.2. You should do better input checking because your avatar variable in the cookie is XSSed.

[MrFish]

This won't fix your problem but here is just some advice1. Never put password's in a cookie really risky.2. You should do better input checking because your avatar variable in the cookie is XSSed.

Well the login doesn't use any cookie to login directly. The login system uses sessions, but if a username session doesn't exist and a username cookie does, then it will make a username session equal to the value of the username cookie. But of course this could mean anyone could make the username cookie "admin" (if that was an admin login name) and become the admin. So the password cookie is called and used to validate the username cookie. If the password and username match, then the username session is set. This is my way of creating a remember me login.Also, I don't know what you mean by XSSed (cross site scripting). I don't see how it is a problem. When the user is logged in the cookie is set by going into the databases and getting the url of the avatar that is equal to the username. It's width/height is set so that people cannot add a 1000px by 1000px avatar.Anyway, this doesn't help me at all with my problem

[justsomeguy]

Why do sessions and cookie take a refresh to work?

Because cookies are sent by your browser as a header. Headers only get sent when a page gets requested, if you're adding cookies during the response the browser will need to send another request in order to send those new cookies to the server. Why are you using both sessions and cookies? Why can't you save everything in the session and avoid saving user data in cookies? For my applications that use ajax, when a user logs in I either just refresh the page at that point or use Javascript to update the elements on the page to indicate that they're now logged in. Log in here as "student" and "4321", when you log in the page will just refresh and it will pick up the session and show something other than the log in page. I've got some other sites that will just update the log in area instead of refreshing, but none that I would post a link to.