Sessions are making me pull my hair out

Question

login.php

<?php 
session_start();

$_SESSION['username'] = $_POST['username'];
$pass = $_POST['password'];


$conn = mysqli_connect('localhost', 'root', '', 'smithrwg_database');

$_SESSION['username'] = mysqli_real_escape_string($conn, $_SESSION['username']);

$query = "SELECT id, password, salt, priv FROM tbl_mem WHERE username = '{$_SESSION['username']}'";

$result = mysqli_query($conn, $query);

if(mysqli_num_rows($result) == 0) // User not found. So, redirect to login_form again.
{
    header('Location: index1.php');
    exit;
    session_destroy();
}



$userData = mysqli_fetch_array($result, MYSQL_ASSOC);
$hash = hash('sha256', $userData['salt'] . hash('sha256', $pass) );

if($hash != $userData['password']) // Incorrect password. So, redirect to login_form again.
{
    header('Location: oeifnweoifn.php');

}else {
// Redirect to home page after successful login.


    header('Location: dashboard.php');
        $_SESSION['username'] = $userData['username'];
    $_SESSION['priv'] = $userData['priv'];
        $_SESSION['id'] = $userData['id'];



}
?>

at the moment every one of the $_SESSION's work but $_SESSION['username'] wont echo and aparantly contains nothing although the rest of the session information still works.

Answer 1

$query = "SELECT password, salt, priv FROM tbl_mem WHERE username = '{$_SESSION['user']}'";

$_SESSION['user'] = $userData['user'];
$_SESSION['id'] = $userData['id'];

You're not selecting user or id in your query

For the record, you really shouldn't be storing the user's password in the session. Sessions are often vulnerable to attack, so this is bad practice.

Answer 2

It's not because of *_SESSION* it's because of your query that you did not select username .
Change

$query = "SELECT id, password, salt, priv FROM tbl_mem WHERE username = '{$_SESSION['username']}'";

To

$query = "SELECT id, username, password, salt, priv FROM tbl_mem WHERE username = '{$_SESSION['username']}'";