Problem with Sessions?

I attempted to create a members only area, When I try to register,
The link to sign up works, however when I try to login
The same link to sign up doest work (I guess the variable $IsUserLoggedIn is faslse)
Here is the code setting that variable is the user is sucessfully logged (in my header.php file)

// Run a quick check to see if we are an authenticated user or not  
// First, we set a 'is the user logged in' flag to false by default.  
$isUserLoggedIn = false;  
$session = session_id();
$query = "SELECT * FROM users1 WHERE session_id = '".$session."' LIMIT 1";  
$userResult = mysql_query($query) or die ("Error in query: $query. ".mysql_error()); 
if(mysql_num_rows($userResult) == 1){  
    $_SESSION['user'] = mysql_fetch_assoc($userResult);  
    $isUserLoggedIn = true;
    echo "<span>Welcome ".$_SESSION["user"]["username"]."</span>"; 
    echo "<ul>";
    echo "<li><a href=\\"/masterasp/logout.php\\">Logout</a></li>";
    echo "</ul>";
} else {  
    echo "<ul>";
    echo "<li><a href=\\"/masterasp/login.php\\">Login</a></li>";
    echo "<li><a href=\\"/masterasp/register.php\\">Register</a></li>";
    echo "</ul>";

Here is my code for become_a_provider.php.

<?php if($isUserLoggedIn) { ?>
<h2>Become a provider</h2>
<?php } else { ?>
<p>In order to become a provider, you must be logged in.  Reqistration is free and takes only a second,  <a href="../register.php">register</a> or <a href="../login.php">login</a>.</p>
<p align="center"><img src="../images/sad.jpg" alt="I'm sad" class="result"></p>
<?php } ?>

I dont understand why that variable is true upon registration, but not on the login screen
shouldn’t it be?

This should hav ebeen posted in PHP, but an admin will take care of that.

So essentially you are setting $isUserLoggedIn = true; on page1 and trying to access $isUserLoggedIn; and page 2…

Let me answer this problem by posing another question to you. What is the difference between setting $isUserLoggedIn = true; and $_SESSION[‘user’] = mysql_fetch_assoc($userResult); ?

isnt the variable ($IsUserLoggedIn) only set to true if that session_id is located (mysql_num_rows($userResult) == 1), and I really dont know what _SESSION[‘user’] = mysql_fetch_assoc($userResult); does. I think its not needed as I don’t have an associative array , but what does that do?

The problem is that isUserLoggedIn is not a session, therefore it will not survive an HTTP request, $_SESSION[‘user’] will though. You can either 1) use $_SESSION[‘user’] to determine if the user is logged in or not, or 2) change $IsUserLoggedIn to $_SESSION[‘IsUserLoggedIn’]

Any scripts which use sessions need to have session_start() in them before any point at which anything is output to the browser. Typically it’s placed as the very next line after the opening <?php of the script.

Ya, I have session_start(); at the top of my header.php file.
Session variables are used here because they can be used by any page which has session_start() in it?
If thats the case t hen it would be easy to simply check for the existence of $_SESSION[‘logged’] (I’ll rename the session variable inj the header.php file and check for it on both my registration and login pages?


Maybe some error occurs before session set?