Marco Bonanno Marco Bonanno - 8 months ago 14
PHP Question

PHP login and session establishment

I have a problem, I searched around a bit but could not find anything that would help me in my particular case.

I come to the point, I created a small function to log log (), inside of course step the variables $ username and $ password, everything works.

The problem is that last night I made a small change, inserting a string of code after the passage of SESSIONS, who was setcookie etc etc because I believed that in doing so the user's connection to last for a long time (I'm no expert).

This morning, the session was timed course, it makes a new login but the data are not passed. (So the User Account box is not refreshed with your username etc.).

I'll post some code:

class User {

private $db;
private $username;
private $password;

* Construct
* @param type $pdo
function __construct($pdo){
$this->db = $pdo;

public function login($username, $password){
$this->db->query("SELECT * FROM users WHERE username = :username AND status = :status LIMIT 1");
$this->db->bind(':username', $username);
$this->db->bind(':status', 1);
$row = $this->db->single();
$count = $this->db->rowCount();
if ($count > 0) {
if (password_verify($password, $row['password'])) {
$_SESSION['session'] = [
'id' => $row['id'],
'username' => $row['username'],
'email' => $row['email'],
return true;
} else {
return false;

public function isLoggedIn() {
if (isset($_SESSION['session'])) {
return true;

I do not understand what happened, I hope that I explained to the fullest, I apologize for my bad English.

Also another question, is it safe enough to protect the pages?
Some users told me to register the token, but do not know how to do.

Thank you


Try removing


after 'email' => $row['email'],

And yes, If not started your session, use

<?php session_start() ?>