I have a website where people can create an account and then log in to their account.
When I check log in's inputs (email and password), I use a file called control_login.php
. Here is its code:
// -> some DB calls checking whether the user exists or not...
if(isset($user->email) && password_verify($_POST['password_login'],$user -> password)){
session_start();
$_SESSION['auth'] = $user;
$user_id = $_SESSION['auth']->id;
echo "Loading your profile...";
header("Refresh:2 ; url=http://www.someurl.com/account.php?id=$user_id");
exit();
}
else{
$errors_login['danger'] = "We couldn't find any account. Please try again";
}
If everything is fine, I start a session and redirect to account.php
. If not, I display an error message.
This account.php
file includes a specific function called logged_only()
that starts a session when everything is fine or deny access if there is no session. Here is its code:
function logged_only(){
if(session_status() == PHP_SESSION_NONE){
session_start();
}
if(!isset($_SESSION['auth'])){
echo 'Access denied';
header('Refresh:2 ; url=http://www.someurl.com');
exit();
}
}
Here is my issue: everything is working fine locally. On real life (i.e when using the website url), everything is working fine when using Internet Explorer. But, I have the following issue when using Chrome or Firefox:
- I open a browser, go to my website and log in for the first time
- I get "Loading your profile" from
control_login.php
meaning it found the user - When arriving on
account.php
, I get the following 'Access denied' from mylogged_only()
function. - I am redirected to the main page
- I log in for the second time
- I can connect to my profile properly :( ...
- There won't be any problem to log in as long as I don't close the browser.
I am kind of lost... Where is the problem coming from?
Thank you for your help!
Note: I don't use cookies at all for the present time.