Problem
When you switch between pages on your website any session variables are lost and unavailable to use on the new page.

  Quick Solution
Ensure that the very first thing on your page is session_start();
<?php session_start(); ?>

  Explained
Session variables are set as header cookies behind the scenes, if anything is output to the browser before the session cookie is set then the headers will not have been sent correctly and as such the session is lost, once output has occured then the session is no longer available as you cannot revert back to sending headers.
As well as any html output or php echo statements also check for whitespace such as spaces and new lines in your code that could be considered output by the browser before setting your session to start.

Make sure session_start(); is the first thing on EVERY web page that uses or is passed via otherwise session will be lost.

Web Browser

  Alternative Solutions
Our quick solution for solving the problem of PHP session not working between pages we consider to be the starting point in any research into solving the problem of your session being lost, check there is no output to the browser before the session_start(); is initiated as well as any spaces or other whitespace causing you to lose your session.
Once the session_start() has been ruled out of causing the problem there is a few other checks you can make to solve the problem of your session disappearing without any forewarning.

Session save path

Check your session save path and session cookie path are set correctly and accesible, you can check for the paths within your phpinfo output, look out for session.cookie and session.save settings, the default setting is normally '/'
We also advise checking the cookie_secure setting in phpinfo, if set to 1 make sure your connection is secure e.g. https://
To check your phpinfo start a new php web page with the following code contained in it, upload to your server and run in the browser, once you have called the file the server should output all its configurations and options for your current set php version.
<?php
phpinfo();
?>

  Security Warning
Always delete your phpinfo file once you have checked what you require, you dont want the world to know all your server configuration details.

.htaccess file

Remove your .htaccess file temporarily and see if the problem persists. If you are rewriting urls or changing the strucure of your web pages and paths then there is a good chance your session will be lost, a session is relative to a specific url, changing it can cause problems.


You visit your website at https://example.com but your .htaccess redirects your page to https://www.example.com
example.com and www.example.com are different entities and as such a session would not follow from one to the next.
Please also note the same is true for secure and unsecure connections so make sure you specify which one to use and use the same connection for all requests e.g. https://mywebsite.com and http://mywebsite.com are different domains and as such trying to keep a session alive between the two will not be possible.
Do not mix domains and prefix domains with WWW or secure https with non secure http links is our advice.

Redirects

If you are using php redirects for example header("location: newpage.php") make sure you always follow the command with an exit; without using exit you may lose your session.

<?php
header("location: newPage.php");
exit;
?>

PHP page

It may sound obvious but make sure that the page you are going to is actually a php page, a php session variable is only valid on a php page, so give this one a quick check to rule out the obvious.

Is your session alive

Make sure that you have not accidently deleted or closed your current session? This may also sound obvious but can be eassily overlooked. Check your code thoroughly for session_destroy(); or session_close(); tags, including any scenraios or queries where you have these commands, make sure they are being called in the right context if you are using them such as a log out button etc.

BOM - Byte Order Mark

A BOM or Byte Order Mark is a unicode character that is used sometimes to pre warn a web browser the encoding of the page, what this means is if your page is encoded for instance with UTF-8 with BOM enabled you will invisibly output to the page prior to calling your session_start(); command, make sure encoding with BOM is unticked and not active when you save your php pages.
In Dreamweaver for instance you can check the status of BOM in the Page Properties menu, click File -> Page Properties, under the Title/Encoding link in the category menu on the left click to reveal the options. Make sure Include Unicode Signature BOM is unticked, this will stop Dreamweaver adding this additional character to your page and fix any session problems.

Dreamweaver BOM setting


The above solutions should help you in finding the cause of your PHP session not working between pages, please feel free to leave a comment below with any helpful hints or additional comments.

Author: Paul Webb

Comments (13)
Add Comment