Recently my hosting provider decided to upgrade from PHP version 5.4 tot version 5.6, and after that I experience a problem with sessions I'm using in my login system.
The login system is a simple one, after checking user name and password a session variable is set and the user is redirected to the protected page. Once there, it will be checked if the mentioned session variable is set or not to decide if the page has to be shown or if the user has to be redirected to the login page.
As suggested, up to a few days ago everything was working fine! However, when a user tries to log in now and is redirected to the protected page, he will be sent back to the login page, probably because of a problem with the session due to the PHP upgrade.
Below are some parts of the code.
<?php
//login page
session_start();
if ($check >= 1)
// If combination user name password is correct.
{
session_regenerate_id(TRUE);
$_SESSION['logged_in'] = TRUE;
header('Location: /');
exit();
}
?>
and
<?php
// protected page
session_start();
if (!isset($_SESSION['logged_in']))
// User not logged in.
{
session_unset();
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
session_destroy();
header('Location: /login');
}
else
// Logged in, show page.
{
// page
}
?>
