session is empty after redirect

delight-im / PHP-Auth

Authentication for PHP. Simple, lightweight and secure.

MIT License

1.09k stars 235 forks source link

session is empty after redirect #300

Open sadalsuud opened 8 months ago

sadalsuud commented 8 months ago

I have a login form on login.php that action's form go to LoginController.php In LoginController.php I have this:

require_once '../vendor/autoload.php';

$db = \Delight\Db\PdoDatabase::fromDsn(new \Delight\Db\PdoDsn('mysql:dbname=blabla;host=localhost;charset=utf8mb4', 'blabla', 'blabla'));

$auth = new Auth($db);
$auth->loginWithUsername($_POST['username'], $_POST['password']);

 session_start();
 $_SESSION['auth'] = $auth;

And I redirect to another php file: home.php and there I have:

session_start();
$auth = $_SESSION['auth'];
var_dump($_SESSION);

But the $_SESSION is empty ... that var_dump prints : array(0) { }

The login is working but when I redirect and I stay on home.php no data session, but session_id is the same in LoginController and home.php

What is wrong? Help please, I am undertanding how to use this great library thanks

eypsilon commented 8 months ago

I don't know if it will fix the problem, but session_start(); must be called before anything else, before require_once. Is error_reporting on?

sadalsuud commented 8 months ago

No nothing, It so same. Do you have a example, how do you pass data from script to another script? I think I am doing something wrong

eypsilon commented 8 months ago

Do you have a example

Well, it should work, like you are doing it. Try, if your SESSION works at all, save a string in $_SESSION['test'] = 'Test var';, redirect and check the SESSION. The target after the redirect needs also a session_start().

sadalsuud commented 8 months ago

What you say I did that already. The sesión works if I do not use login() or loginWithUsername() methods then, how I do go to use the library ??

eypsilon commented 8 months ago

Sorry, you don't need to do the SESSION-handling, it's done internally by the lib. And the target-page (or URL) you redirect to needs to require the library, too.

sadalsuud commented 8 months ago

Then on the Target-page I do require_once '../vendor/autoload.php'; But how I do access the $auth object on the Target-page ? I try it and Tell you

eypsilon commented 8 months ago

Chack the SESSION on the target Page, it should be filled after the require

require_once '../vendor/autoload.php';

var_dump($_SESSION);

ponasromas commented 3 weeks ago

Library automatically calls for session when it is needed. You don't need to initiate it.