I can't change $_SESSION value with jquery

Hello,
I wat to give users a message when they make an error on login, e.g. when they forget to fill username / password, or insert wrong username / password
I decided to use $_SESSIOn[‘login_error’] for this purpose
Initially $_SESSIOn['login_error'] = "";
A message is echoed when this variable’s value is not “”.
I want to change its value on button click but it doesn’t work

Here is the login form code:

	echo '<form method="post" action="includes/login.inc.php">
						<input type="text" name="username" placeholder="Username">
						<input type="password" name="password" placeholder="password">
						<input type="hidden" name="destination" value=" '.$directing_url.'"/>
						<button type="submit" name="submit">Login</button>
					</form>
					<ul>
						<li><a href="reset-password.php">Forgot Password</a></li>
						<li><a href="signup.php">Sign up</a></li>
					</ul>';
					}
					///message for pasword reset success
					if (isset($_GET["newpwd"])) {
						if ($_GET["newpwd"] == "passwordupdated"){
							echo '<p class="signupsuccess">Your password has been reset</p>';
						}
					}
					 //code for login error message
					 if(isset($message) && ($message !="")){
						 include_once 'pages/error_message.php';; 
					 }

Here is the login process code:



if(empty($_POST['username']) || empty($_POST['password'])){
    $_SESSION['login_error']="Missing username and / or password";
	header("Location:".$url);
	exit();
}   else {//fields are not enpty.
	      $username = ($_POST['username']);

		  $password = ($_POST['password']);

	//Retrieve user account information for the given username

	$sql = "SELECT * FROM users WHERE username = :username";

	$stmt = $db->prepare($sql);

	//Bind value

	$stmt->bindValue('username', $username);

	//Execute statement

	$stmt->execute();

	$row = $stmt->fetch(PDO::FETCH_ASSOC);
	print_r($row);
	//CHeck if username exist.
	if(count($row) < 1){
					//If count($row) < 1 -> username doesnt exist
					 $_SESSION['login_error']="Incorrect username or password";
					header("Location:".$url);
					exit();
	} else { //username exists.
	         $hashedPasswordCheck = password_verify($password, $row['password']);
			 if($hashedPasswordCheck == false){
				 $_SESSION['login_error']="Incorrect username or password";
			    header("Location:".$url);
				exit();
			 } elseif($hashedPasswordCheck == true){
					//Login the user here
					$_SESSION['user_id'] = $row['user_id'];
					$_SESSION['firstname'] = $row['firstname'];
					$_SESSION['lastname'] = $row['lastname'];
					$_SESSION['username'] = $row['username'];
					$_SESSION['password'] = $row['password'];

					$_SESSION['login_error']="";

This is the error message code

<?php
    if(isset($message) && $message != ""){
	 
	 echo '<div  class="error_message">Login Error : '.$message.'<br>';
	 echo "<button id='error_message_button' type='submit' name='submit' class=    '           '>OK</button></div>"; 
	}
		
?>

And this is the jquer


	     $(".error_message").hide();
		 $.ajax({
                 type: "POST",
                 url: "change_value.php",
                 data: {}
                });
   });

change_value.php file


<?php
$_SESSION['login_error'] = "";
?>

I also tried adding this code

 $("#error_message_button").click(function(){
var js_var = '<?php $_SESSION['login_error'] = "";?>';
document.write(js_var);

The $_SESSIOn value doesn’t change and I keep getting the error message on every page
What did I do wrong?
How do I change the variable value ?

Your change_value.php doesn’t seem to have a session_start() call in it, which I believe it will need.

Blockquote
Thanks for your reply,
Every page in my site has a jeader which begins with

<?php
if(!isset($_SESSION)){
  session_start();
  
}

A bit off topic but why aren’t you just doing everything on one page and just echoing $message?

Even if you insist on processing on another page and setting the error to session, why not just use it and unset it?

if(!empty($_SESSION['login_error'])){
	echo '<div class="error_message">Login Error : '.$_SESSION['login_error'].'<br>';
	unset($_SESSION['login_error']); 
}

When you get an error, you put it into $_SESSION['login_error'], but then your code to look for it and display it seems to be:

 //code for login error message
					 if(isset($message) && ($message !="")){
						 include_once 'pages/error_message.php';; 
					 }

At what point does the message move from the session variable into $message?

It is at the head of the login process page

<?php 
	if(!isset($_SESSION)){
      session_start();
    }

// Prepare login process error message
  if(isset($_SESSION['login_error']) && $_SESSION['login_error'] !=""){
    $message = $_SESSION['login_error'];
  }
  
?>
<header>

The problem is that then the user doesn’t have to clich the OK buton. to make the message disappear. The message disappears when navigating to another page.
Is it O.K. from the UX point of view?

Well they shouldn’t have access to other pages if checks are made to verify access. The message is kind of secondary to security and having a message “go away” really isn’t important. It is more of a courtesy message and it can show while they enter the correct information.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.