Authorization in Php

Good day to everyone! Once again I need the help of the forum participants! The problem is as follows:
there are two scripts auth.php and cabinet.php, in fact the essence of the work is extremely simple auth.php throws us into cabinet.php upon successful authorization, but for some reason it does not work( Namely: authorization is successful, but instead of cabinet.php I I get back to the authorization page, there is a suspicion that the $login and $pass variables are not passed to the cabinet.php script, but why?

UPDATE:
Debian server

On a server with FreeBSD, the same scripts work, maybe something is wrong with the php configuration?

UPDATE #2:

This is what it says in the log:

[error] [client ip_adress] PHP Notice: Undefined variable: _SESSION in /var/www/cabinet.php on line 11, referer: http://trali-vali.ru/auth.php
[error] [client ip_adress] PHP Notice: Undefined variable: _SESSION in /var/www/cabinet.php on line 11, referer: http://trali-vali.ru/auth.php
[client ip_adress] PHP Notice: Undefined variable: _SESSION in /var/www/cabinet.php on line 11, referer: http://trali-vali.ru /auth.php
[client ip_adress] PHP Notice: Undefined index: sbm_auth in / var/www/auth.php on line 11, referer: http://trali-vali.ru/auth.php

Below is the code from both scripts

auth.php:

\\auth.php
$host='localhost';
$database='family';
$user='root'; 
$pswd='  ';
$dbh=mysql_connect($host,$user,$pswd) or die ("I can not be connected to MYSQL.");
mysql_select_db($database) or die ("I can not be connected to base.");
if($_POST['sbm_auth'])
   {
   $login=($_POST['login']);
   $pass=($_POST['pass']);
$check_q=mysql_query("SELECT id FROM users WHERE login='".
    $login."' AND pass='".$pass."'");
if(mysql_num_rows($check_q) === 1)
    {
    session_start();
    $_SESSION['login'] = $login;
    $_SESSION['pass'] = $pass;
    $_SESSION['usr_id'] = md5(crypt($login,$pass));
    header("Location: cabinet.php");
    }
    else
    {
    echo "incorrect login or password";
    }
    }
print("<CENTER>");
echo '<form action="" method="POST">
<table>
<tr><td>LOGIN</td> <td><input type="text" name="login"></td></tr>
<tr><td>PASSWORD</td> <td><input type="password" name="pass"></td></tr>
<tr><td colspan=2 align=center><input type="submit" name="sbm_auth" value="ENTER"></td></tr>
</table>
</form>';
print("</CENTER>");

cabinet.php:

\\cabinet.php
if(isset($_REQUEST[session_name()]))
{
    session_start();
}
else
{
    header("Location: auth.php");
}
if($_SESSION['usr_id'] == md5(crypt($_SESSION['login'],$_SESSION['pass'])))
{
    echo "HELLO";
}
else
{
header("Location: auth.php");
}

Answer 1, authority 100%

In cabinet.php write $a=session_name();print($a);print($_REQUEST[$a]);die(). What does it output?


Answer 2, authority 100%

Another group of tractor drivers 🙂

after header(“Location: cabinet.php”); put exit ; and you will be happy


Answer 3, authority 100%

If

header("Location: cabinet.php"); exit;

works, given that it even comes to this, then the problem is either that there are no write permissions in the directory with sessions, which is unlikely, but possible, or the problem is already in the office itself, and there are 2 places:

if condition fails

if(isset($_REQUEST[session_name()]))

and here it is not at all clear what (bracket):

else
}
header("Location: auth.php");
}

looks the wrong way after else


Answer 4

The whole problem is in

session_start();

Always specify

session_name("MyProject");
 session_start();

This syntax will bind the login and password


Answer 5

Wait…
Why is there no script in the registration form?

<form action="" method="POST">
<table>
    <tr><td>LOGIN</td> <td><input type="text" name="login"></td></tr>
    <tr><td>PASSWORD</td> <td><input type="password" name="pass"></td></tr>
    <tr><td colspan=2 align=center><input type="submit" name="sbm_auth" value="ENTER"></td></tr>
</table>
</form>

you must have forgotten:

<form action="auth.php" method="POST">

Answer 6

Try putting session_start() at the very beginning of each file


Answer 7

I made the following changes to the code and it worked:
$s=session_id();
header(“Location: cabinet.php?PHPSESSID=$s”);


Answer 8

if($_POST['sbm_auth'])
   {
   $login=($_POST['login']);
   $pass=($_POST['pass']);

Maybe you should check them for emptiness?