Undefined index when using !isset to check login credentials

Question

When a user first logs in I add a $_SESSION['login'] = true;. In another function I'm checking the login session variable to make sure a user has logged in and not just navigated to that page. Like this.

if ((!isset($_SESSION['login']) && $_SESSION['login'] != '') || (empty($_SESSION))) {
    session_register_shutdown();
    header("Location: login.php");
    exit; // stop further executing, very important
}

So if the login session variable isn't set I redirect to the login page. It works but I get an Undefined index: login error when it redirects. Is there a way to fix this?

You have a syntax error `if ((!isset($_SESSION['login'])` Correct syntax is `if(!isset($_SESSION['login']))` — Aniket Singh, Mar 01 '17 at 18:44
did you have `session_start();` somewhere? Also `if (empty($_SESSION['login']) || $_SESSION['login'] ==false) { session_register_shutdown(); header("Location: login.php"); exit; // stop further executing, very important }` — Alive to die - Anant, Mar 01 '17 at 18:44
`if (session_status() === PHP_SESSION_NONE) { session_start(); }` — moe, Mar 01 '17 at 18:46
Aniket, I only check if login is set? I don't need to check if it is set to 'true'? — moe, Mar 01 '17 at 18:48
@AniketSingh where is the syntax error? If there were one, he would not be getting as far as an undefined index error. — miken32, Mar 01 '17 at 18:53
You get the undefined index error because you use the && operator in your if statement which causes it to evaluate both of the first two clauses, the second of which causes the error. Consider changing that first && to || — S. Imp, Mar 01 '17 at 18:53
Possible duplicate of [PHP: "Notice: Undefined variable", "Notice: Undefined index", and "Notice: Undefined offset"](http://stackoverflow.com/questions/4261133/php-notice-undefined-variable-notice-undefined-index-and-notice-undef) — miken32, Mar 01 '17 at 18:54
@S. Imp, I want to evaluate both correct? That session variable be set and not have a value or vise versa. — moe, Mar 01 '17 at 18:59
Are you aware I answered your question 10 minutes ago? If it doesn't solve your problem, please advise what the problem is. — miken32, Mar 01 '17 at 19:01
@miken32 I am checking !isset and if the value is a bool. I don't care if it's isset and empty. — moe, Mar 01 '17 at 19:09
How can it have any value if it's not set? Your code has nothing about a boolean value. — miken32, Mar 01 '17 at 19:10
@miken32, `$_SESSION['login'] = true;`. Don't know, that was the question. — moe, Mar 01 '17 at 19:13
@moe If $_SESSION['login'] is not set, you shouldn't bother trying to check what value is in it, amirite? It it IS set to something, you would want to fail if it is the empty string or null. Like this: if (!isset($_SESSION['login']) || !$_SESSION['login'] || empty($_SESSION)). Although you should probably check of $_SESSION is even an array before checking members. This is pretty basic stuff. — S. Imp, Mar 01 '17 at 20:41

score 1 · Accepted Answer · answered Mar 01 '17 at 18:49

1

You're checking if the variable is not an empty string only if it's not set: !isset($_SESSION['login']) && $_SESSION['login'] != ''. These situations are mutually exclusive. You maybe meant to do this?

if ((empty($_SESSION)) || (isset($_SESSION['login']) && $_SESSION['login'] == '')) {
    session_register_shutdown();
    header("Location: login.php");
    exit; // stop further executing, very important
}

Though empty() checks if the index is unset or an empty string, so you could just do this:

if (empty($_SESSION) || empty($_SESSION['login'])) {
    session_register_shutdown();
    header("Location: login.php");
    exit; // stop further executing, very important
}

Note the order of operations is important as well. Checking if the login key exists should be done after you check whether or not the array is empty.

answered Mar 01 '17 at 18:49

miken32

42,008
16
111
154

I don't want to redirect if my session is set. If the session isset then they logged in correctly. so If I do this,`if ((empty($_SESSION)) || (isset($_SESSION['login']) && $_SESSION['login'] == '')) { session_register_shutdown(); header("Location: login.php"); exit; // stop further executing, very important }` I will get stuck in a redirect loop. – moe Mar 01 '17 at 19:11
Yes that's why my code does. `empty()` also returns true for boolean false. – miken32 Mar 01 '17 at 19:13
Oh, right right. I apologize. You're not checking isset. Yes, this should work. Thank. – moe Mar 01 '17 at 19:18

Undefined index when using !isset to check login credentials

1 Answers1