Unexpectly session destroying

Question

I'm trying to update my user details via ajax on my main page. But after the ajax completed the task, it destroyed my session. It's really unexpected and I'm unable to find any code which will destroy my session. Please help me to find out the reason which causing session destroy.

my php script

updateprofiledetails.php

<?php
    session_start();

    if (isset($_SESSION['UserID']) && isset($_SESSION['Role']) && $_SESSION['Role']="clients" || $_SESSION['Role']="Administrator") {

        require_once("../configuration.php");

        $con=new mysqli($hostname,$dbusername,$dbpass,$dbname);

        if (mysqli_connect_errno($con)) {
            die('The connection to the database could not be established.');
        }

        $uid=$_SESSION['UserID'];

        if (!empty($_POST['password'])) {

            $password=$_POST['password'];
            $password=$con->real_escape_string($password);
            $confirmpassword=$_POST['confirmpassword'];
            $confirmpassword=$con->real_escape_string($confirmpassword);

            if($password!==$confirmpassword){

                echo "Password And Confirm Password Didn't Match";
                exit();

            } else {

                $password=md5($password);
                $querypassword="UPDATE users SET Password='$password' WHERE id='$uid'";
                $con->query($querypassword);
                echo "Password";

            }

        }

        if (!empty($_POST['first_name'])) {

            $first_name=$_POST['first_name'];
            $first_name=$con->real_escape_string($first_name);
            $queryfirstname="UPDATE users SET First_Name='$first_name' WHERE id='$uid'";
            $con->query($queryfirstname);
            echo "Updated First Name, ";

        }

        if (!empty($_POST['last_name'])) {

            $last_name=$_POST['last_name'];
            $last_name=$con->real_escape_string($last_name);
            $querylastname="UPDATE users SET Last_Name='$last_name' WHERE id='$uid'";
            $con->query($querylastname);
            echo "Last Name,";

        }

        if (!empty($_POST['company'])) {

            $company=$_POST['company'];
            $company=$con->real_escape_string($company);
            $querycompany="UPDATE users SET company='$company' WHERE id='$uid'";
            $con->query($querycompany);
            echo "Company";
        }

        if (!empty($_POST['email'])) {

            $email=$_POST['email'];
            $email=$con->real_escape_string($email);
            $queryemail="UPDATE users SET Email_Address='$email' WHERE id='$uid'";
            $con->query($queryemail);
            echo "Email Address,";
        }

        $con->close();
    }
?>

My js file:

    $("#profiledetails form").submit(function(event){

    event.preventDefault();
    var postData = $(this).serializeArray();

    $.ajax({

        url: "/function/updateprofiledetails.php",
        type: "POST",
        data: postData,
        success:function(data, textStatus, jqXHR) {
             $("#alert").show().html("<strong>Alert!!! </strong>"+data).delay(10000).fadeOut();

        },
        error: function(jqXHR, textStatus, errorThrown){
                //if fails     
        }
    })
})

Answer 1

You're using assignments when you should be doing using some comparison operator.

NO:

$_SESSION['Role']="clients"

Next, a better solution and good enough in most cases:

$_SESSION['Role']=="clients"

Next, the (arguably) best solution. With === there's no type coercion. It doesn't matter so much here, but if ever you need to compare a value that could be coerced into a number when you don't want that to happen, you could end up with a subtle bug.

$_SESSION['Role']==="clients"

See also: http://php.net/manual/en/language.operators.comparison.php