Session seems to disappear after header redirect

Question

I have four pages so far:

index.php
login.php
setsessionconfig.php
account.php

The background:

When I click the login w/ facebook button from the index it takes me to login.php which if the user is already registered with the site it doesn't go through the facebook website it just continues. Login.php pulls the neccessary information for the session then header redirects to setsessionconfig.php which has the code below:

login.php has a 5 second delay for loading visual then redirects to ...

header( "refresh:5;url=".URLBASE."/setsessionconfig.php?uid=".$uid."&email=".$email );

setsessionconfig.php

$uid = isset($_GET['uid']) ? $_GET['uid'] : "";
$email = isset($_GET['email']) ? $_GET['email'] : "";

if( $uid != "" && $email != "") {

  session_start();
  $_SESSION[SESSION_UID] = $uid;           
  $_SESSION[SESSION_EMAIL] = $email;
  $_SESSION[SESSION_IS_LOGGEDIN] = 1;
  header("Location: account");

}

The Problem

When setsessionconfig.php redirects to account.php it checks to see if the users is logged in via the SESSION_UID global variable then displays the user information OR it displays the "you are not logged in" text. No matter what I do I think the header redirect to account.php is destroying session variables.

I even checked to see if the session was available with the following code in account.php.

function is_session_started()
{
    if ( php_sapi_name() !== 'cli' ) {
        if ( version_compare(phpversion(), '5.4.0', '>=') ) {
            return session_status() === PHP_SESSION_ACTIVE ? TRUE : FALSE;
        } else {
            return session_id() === '' ? FALSE : TRUE;
        }
    }
    return FALSE;
}
if ( is_session_started() === FALSE ) 
    echo "<script>console.log('FALSE');</script>";
else
    echo "<script>console.log('TRUE - ".session_id()."');</script>"; 

Unfortunately that part actually returns the TRUE and the session ID... So I am sort of stuck because I have never had this issue with sessions before...

Answer 1

try using exit(); after the header

Answer 2

Since the function is_session_started, returned TRUE and also returned the session ID, obviously the session ID is passed properly.

I hope the account.php code looks something like this

<?php               
session_start();
if (! empty($_SESSION['SESSION_UID']))
{
?>

your code here

<?php
}
else
{
     echo 'You are not logged in.';
}
    ?>

Edit :

Try

$_SESSION['SESSION_UID'] = $uid;           
  $_SESSION['SESSION_EMAIL'] = $email;
  $_SESSION['SESSION_IS_LOGGEDIN'] = 1;