I'm making a login system, but when a user logs in, it doesn't actually store any of the data i want it to in the session. I even checked the session's file, and it was empty. I have session_start(); on all the pages. what else could i be doing wrong. Heres the code for the two main pages.

the login code:

if ($DEBUG == true) {
require "header.php";

require_once "dbinterface.php";
require_once "user.class.php";
require_once "config.inc.php";

$db = new db($DB['host'], $DB['user'], $DB['pass'], $DB['database']);

$u_result = $db->run("select user_id from users where user_name = '" . $db->escape($_POST['user_name']) . "'");

if ($u_result == false) {
    $url = 'Location: error.php?id=8';

if (count($u_result) < 1) {
    $url = 'Location: error.php?id=3';

$user = new user($u_result[0]['user_id']);

if ($user->match_password($_POST['pass']) == true) {
    $_SESSION['authenticated'] = true;
    $_SESSION['user_id'] = $u_result[0]['user_id'];
    $_SESSION['user'] = $user;
} else {
    $url = 'Location: error.php?id=4';
header('Location: index.php');


The header that gets included in every page:

if (!session_start()) {
    $url = "Location: error.php?id=13";

A little background:

  • windows 7 (also tried on windows
  • server 2008, but currently on 7) PHP
  • 5 localy hosted problem is present
  • for everyone problem exists in all
  • browsers


You need to put session_start at the very top of your first php file.

Written by MrHus

@MrHus: Not true. You only need to call session_start() before outputting anything to the browser.

Written by daremon

Hi, did you ever solve this? Did my answer pinpoint a real bug?

Written by daremon

yes deramon, your answer was the correct one. but by the time i saw it, i had figured it out myself, and SO had auto-accepted an answer =/ sorry.

Written by The.Anti.9

Accepted Answer

Here are a couple suggestions (I don't really know what's happening and/or why ; so they are only suggestions ; maybe one will solve the problem ^^ ).

First of all, a couple of questions :
(They matter at least if none of these suggestion does the trick)

  • Which version of PHP / Apache are you using ?
  • Are you on Windows ? Linux ?
  • If you are on your "production" server, what hosting service are you using ? Maybe there's something special about it ?
  • Is the problem present for every one ?
    • Is there always a problem when you are browsing the site ?
    • Is it still present when you are accessing the site from another browser ?
    • What about from another computer ?
  • If you use something like var_dump($_SESSION); die; at the end of the script that sets data in session, what does it give ?

First idea : what if you set some header to disable caching by the browser ?
Stuff like this, for instance :

header("Cache-control: private");

Second idea (at least if you are on windows) : did you try disabling you antivirus / firewall ?
Is the session cookie correctly created in the client's browser ?
If you are using sub-domains (or not) : is the cookie's domain OK ? What about it's expiration date ?

Third idea :

  • you said error_reporting is set to E_ALL, which is nice
  • what about display_errors ? Is it set to On so that errors get displayed ?
  • Is there anything interesting in PHP/Apache's error_log ?

Another one : Are you sure there is absolutly nothing that gets to the output before the session_start ? Not even white spaces ?

Yet another one : Are you sure about permissions on the directories / files ?

  • Permission to write in a directory means you can create new files, and/or delete old ones.
    • But, if I remember correctly, not that you can modify them
  • To modify files, you need write access on the files too
    • Actually, your webserver need write access to those files ^^

What are the permissions on the session's directory, and on the (empty) files that get created ?

I'm beginning to run out of ideas... With a bit of luck, maybe one of those will be the right one... Or help you find out what the right one would be !

Good luck !

Written by Pascal MARTIN
This page was build to provide you fast access to the question and the direct accepted answer.
The content is written by members of the stackoverflow.com community.
It is licensed under cc-wiki