Sessions not being stored

[ApocalypeX]

On my local server my script works, I can login to a system I've created and navigate admin controls using cookies/sessions to know who the user is. But when I moved my system to a server I can't logon and I am redirected to the login page.I'm not very good at PHP cookies/sessions but from the looks of it it should work.

<form name="form1" method="POST" action="checklogin.php"><input name="myusername" type="text" id="myusername"><input name="mypassword" type="text" id="mypassword"><input type="submit" name="Submit" value="Login"></form>

Heres basically whats going on behind the scenes

<?php$myusername=$_POST['myusername']; $mypassword=$_POST['mypassword'];$myusername = stripslashes($myusername);$mypassword = stripslashes($mypassword);if($myusername=="Admin" && $mypassword=="Admin"){	session_start();	$_SESSION['user'] = $myusername;	header("location:cpanel.php");}else {	header("location:adminlogin.html");}?>

Then on every page that is an admin page this block of code is at the top to check

<?php session_start();if(!isset($_SESSION['user'])){header("location:adminlogin.html");}?>

Any insight will be helpful.

[Fmdpa]

if($myusername=="Admin" && $mypassword=="Admin"){session_start();$_SESSION['user'];header("location:cpanel.php");}

What is that $_SESSION variable doing? It isn't being assigned or used...it's just floating in mid-air.

[jeffman]

What is this line supposed to do?$_SESSION['user'];

[ApocalypeX]

At first it was $_SESSION['user'] = $myusername; but I changed it to $_SESSION['user']; to see if it made any difference. Let me change the OP.

[jeffman]

FWIW, if you're just going to see if the variable is set, it really doesn't matter what value you put in there. That's all I do mostly, unless I have multiple apps and different sets of users running on the same box.

[trevelluk]

I think this problem relates to a PHP feature known as register globals (see http://uk3.php.net/manual/en/security.globals.php).The page I've linked to explains some more about it, but basically this is the PHP feature that automatically turns an input field with name="myusername" into a PHP variable called $myusername.With this turned off (which is now the recommended and default setting), you should access input values via the $_GET or $_POST arrays (in your case $_POST, because you use POST as the form method).In short, instead of writing:

f($myusername=="Admin" && $mypassword=="Admin"){	session_start();	$_SESSION['user'] = $myusername;

use:

f($_POST['myusername']=="Admin" && $_POST['mypassword']=="Admin"){	session_start();	$_SESSION['user'] = $_POST['myusername'];

or alternatively, before your if statement, run:

$myusername = $_POST['myusername'];

[birbal]

as it is entering in else block (false). that means that condition is not satisfying. i guess it is not problem of session.try to echo after each assighnment. and let see the intended values are coming or not.

$myusername=$_POST['myusername'];$mypassword=$_POST['mypassword'];//echo both of here$myusername = stripslashes($myusername);$mypassword = stripslashes($mypassword);//echo both of here

[gar_onn]

Try to stop SEssion writing a

[gar_onn]

Try adding: session_write_close();

<?php$myusername=$_POST['myusername']; $mypassword=$_POST['mypassword'];$myusername = stripslashes($myusername);$mypassword = stripslashes($mypassword);if($myusername=="Admin" && $mypassword=="Admin"){	session_start();	$_SESSION['user'] = $myusername; session_write_close(); //stop session writing before redirect	header("location:cpanel.php");}else { session_write_close();//stop session writing before redirect	header("location:adminlogin.html");}?>