PHP Put variables in Session doesn't work

Question

I created a php page that receive in input a string that is an encoded Json, i must decript this string and put all Json attributes in session.

This page is login.php.

To test this page i created another page named test.php. In this page i encript a Json and sent it to login.php.

The problem is that all works fine (encription, sending, decription) but the variables is not saved in session.

I tried to open directly login.php, i set a fixed encripted json and in this case all works fine.

Some help???

login.php

<html>
<head>

    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>TantoSvago</title>

    <script src="../vendors/jquery/jquery-2.1.4.min.js"></script>
    <script src="../js/angular.min.js"></script>
    <script src="../js/ui-bootstrap-tpls-0.12.0.js"></script>
    <script src="../js/angular-google-maps.min.js"></script>
    <script src="https://code.angularjs.org/1.2.28/angular-route.js"></script>
    <script src="https://maps.googleapis.com/maps/api/js?key=AIzaSyBze9qLOsDpAWj8938CYJSVsopwrkuWbPA&callback=initMap"></script>
    <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.4.2/angular-sanitize.js"></script>
    <script src="../js/markerclusterer.js"></script>
    <script src="../js/angular.rangeSlider.js"></script>
    <script src="../js/assets/app.js"></script> 

</head>
<body ng-app="tantoSvagoApp">

<?php
    session_start();
    include 'AES.php';

    $inputText = file_get_contents("php://input");

    //$inputText = "RFk0ZGRtZWQ0NUdrNzNHa3BtYVBCdklEYUlUMk5CUUdGMUF5V2tFSHVWRTRsUEtYZTRiL1FmVGNsY2pKZHdIb2lkOG1ra3BMODdPZUVuUmQzN3Vqd1JpamZGRmloeW1EU09xVFMzbU1Jd1Z0N1dNZzF6MitDYWlHZ3p6VUVyRXgycDYrbHU1Tm0yYVQ4amNuK0hheUNyODErSXZqMzVIQm9NdCtOQU0vVTcyMVBUQ09YQmRZTWZkM1JsbHk0aVJJaFFJdUYrR0JWZzF5WG1HUXl6QnFEa0d0V2ozNWl2YmhheGp6UkpXSVRFZDh4TXM3Q2Vyb2liQWp1UmJEZXNvYnFWNmkzc3ZzWEp4ak92MjB0ZWpjYWJGOFVoMEw0Vk8rNTI2WXhoMTRvYW89";

    $inputText = base64_decode($inputText);

    $inputKey = "466169626f20536f74662052756c657a";

    $blockSize = 256;

    $aes = new AES($inputText, $inputKey, $blockSize);

    $enc = $aes->decrypt();

    $inputJson = json_decode($enc);

    $email = $inputJson->{'email'};
    $firstName = $inputJson->{'firstName'};
    $lastName = $inputJson->{'lastName'};
    $phone = $inputJson->{'phone'};
    $credit = $inputJson->{'credit'};
    $userId = $inputJson->{'userId'};
    $supportPhone = $inputJson->{'supportPhone'};
    $supportMail = $inputJson->{'supportMail'};
    $paymentTypes = $inputJson->{'paymentTypes'};

    if (isset($email)) {
        $_SESSION['email'] = $email;

    }   

    if (isset($firstName)) {
        $_SESSION['firstName'] = $firstName;
    }   

    if (isset($lastName)) {
        $_SESSION['lastName'] = $lastName;
    }   

    if (isset($phone)) {
        $_SESSION['phone'] = $phone;
    }   

    if (isset($credit)) {
        $_SESSION['credit'] = $credit;
    }   

    if (isset($userId)) {
        $_SESSION['userId'] = $userId;
    }   

    if (isset($supportPhone)) {
        $_SESSION['supportPhone'] = $supportPhone;
    }   

    if (isset($supportMail)) {
        $_SESSION['supportMail'] = $supportMail;
    }   

    if (isset($paymentTypes)) {
        $_SESSION['paymentTypes'] = $paymentTypes;
    }else{
        $_SESSION['paymentTypes'] = 'welfare';
    }

    echo 'ok';
?>

<div ng-controller="loginController"></div>

</body>
</html>

test.php

<?php
$inputText = '{"firstName":"Mario","lastName":"Rossi","email":"mario.rossi@gmail.com","phone":"02 342522","userId":2,"credit":30,"paymentTypes":"welfare","supportMail":"supporto@welfarebit.it","supportPhone":"0321 444999"}';

include 'AES.php';

$inputKey = "466169626f20536f74662052756c657a";

$blockSize = 256;

$aes = new AES($inputText, $inputKey, $blockSize);

$enc = $aes->encrypt();

$result = base64_encode($enc);

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'http://welfarebitexperience.tantosvago.it/login/login.php');
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");                                                                     
curl_setopt($ch, CURLOPT_POSTFIELDS, $result );                                                                  
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);                                                                      
curl_setopt($ch, CURLOPT_HTTPHEADER, array(                                                                          
    'Content-Type: application/json',                                                                                
    'Content-Length: ' . strlen($result))                                                                       
);  

$result = curl_exec($ch);

curl_close($ch);

?>

<html xmlns="http://www.w3.org/1999/xhtml">
<head></head>
<body onload="test()">
<form id="B2BKv" name="B2BKv" action="http://welfarebitexperience.tantosvago.it/login/login.php" method="POST">
    <input type="hidden" id="MPCookieManager" name="MPCookieManager" value="<?php echo $result; ?>">
</form>
<script language="javascript">
function test() {
    document.B2BKv.submit();
}
</script>
</body>
</html>

Answer 1

Try and put session_start() before the html tag on every page

<?php
    session_start();?>

<html>

<head>

and this

<?php
session_start();
$inputText = '{"firstName":"Mario","lastName":"Rossi","email":"mario.rossi@gmail.com","phone":"02 342522","userId":2,"credit":30,"paymentTypes":"welfare","supportMail":"supporto@welfarebit.it","supportPhone":"0321 444999"}';

include 'AES.php';

$inputKey = "466169626f20536f74662052756c657a";

Answer 2

如上所述在这里 ， session_start()需要获取返回的任何内容之前执行。

Answer 3

What strikes me from the start is where session_start() is called. PHP manual states: to use cookie-based sessions, session_start() must be called before outputting anything to the browser.