I made a simple login function in PHP. My problem is that there are no session attributes when the browser hits page login_success.php

After i store data in the session in checklogin.php, i checked if it contained any data by typing : print_r($_SESSION); , this prints 2 object. However, when i try to do the same in login_success.php , it comes up empty.

I use xampp and safari.

Login.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Login</title>
</head>

<form name="form1" method="post" action="checklogin.php">
<input name="tb_username" type="text"/>
<input name="tb_password" type="password" />
<input type="submit" name="Submit" value="Login">
</form>

<body>
</body>
</html>

checklogin.php

<?php

$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password=""; // Mysql password 
$db_name="test"; // Database name 
$tbl_name="user"; // Table name 

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['tb_username']; 
$mypassword=$_POST['tb_password']; 

// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['myusername']= "myusername";
$_SESSION['mypassword']= "mypassword";

//print_r($_SESSION);

header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>

login_success.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?php
session_start();
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Untitled Document</title>
</head>

<?php print_r($_SESSION); ?>
<body>
</body>
</html>

According to the php documentation: session_start

session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie.

So add session_start() to the top of your checklogin.php page.

Just use <?php session_start() ?> on top of page.

Configure your php.ini like this:

session.auto_start = 1;

Or run following command at your first line:

ini_set('session.auto_start', 1);

Apart from using session_start(), there can be a couple of other reasons as well:

1. Disk space is full on your server. This once happened to be the case with me. Try checking the available space on your server at root '/' (df -h).
2. The sessions directory on your server (where the session files are being written) has some permission issues.