On my website, users have the option to have a profile and edit it with appropriate information.

I just use sessions to keep my users log in from page to page. This is the basic layout of it, on the login page, I have this..


<?
include("connection.php");

$username = $_POST['username'];
$password = $_POST['password'];

$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";

$result = mysql_query($query);

if(mysql_num_rows($result) != 1) {
echo "<font color=red><b>Wrong Credentials!</b></font><br>";
echo "<a href=forgot.php class=forgot>forgot your password?<br></a>";
die("<a href=index.php class=forgot>try again</a>");
} else {

$_SESSION['username'] = "$username";
}
?>


Then, on the top of every single page, I put this.


<?
session_start();
$session = $_SESSION['username'];
include("connection.php");
?>


But I have a problem. Whenever a user edits his/her profile, it logs you out right after. This is my edit.php page, (the jist of it)


<?
session_start();
$session = $_SESSION['username'];
include("connection.php");
$query = mysql_query("SELECT `id` FROM `users` WHERE `username` = '$session'");
$id = mysql_result($query, 0);
echo "$id";
?>

<b>Edit your profile:</b><br><br><br>
<font color=red>Favorite Quote:</font>
<form action=" <? $_SERVER['PHP_SELF']; ?> " method="POST">
<textarea cols="40" rows="10" name="favorites">
</textarea><br>
<input type="submit" name="quote" value="Update">
</form>

<?

$quote = $_POST['favorites'];

$sql = mysql_query("UPDATE `users` SET `quote` = '$quote' WHERE `username` = '$session'");
echo "Thank you for updating your profile!";
if(!$sql) {
die(mysql_error());
}
?>


Then my main profile.php page is this.


<?
session_start();
$session = $_SESSION['username'];
include("connection.php");
?>

<html><head><TITLE>Page</TITLE>
<link rel="stylesheet" type="text/css" href="../style.css" />
<meta name="description" content="Blah blah" />
</head>

<body bgcolor="#E5E5E5">

<?
if($session) {

$username = mysql_real_escape_string($_GET['user']);

$query = "SELECT * FROM `users` WHERE `username` = '$session'";
$result = mysql_query($query);
$row = mysql_fetch_assoc($result);

$sql = mysql_query("SELECT `quote` FROM `users` WHERE `username` = '$session'");
$quote = mysql_result($sql, 0);

?>

<div id="header">
<table><tr><td align="left"><table>
<tr><td width="220px" height="26" id="welcome">
<a href="/"><img src="../images/logo.gif"></a></td></tr>
</table>
</td><td align="center">
<table>
<tr><td align="center"><a href="features.php" id="top_links" class="top">features</a></td><td><b>|</b></td>
<td align="center"><a href="forum" id="top_links" class="top">forums</a></td><td><b>|</b></td>

<?
if($session) {
$query = mysql_query("SELECT `username` FROM `users` WHERE `username` = '$session'");
$row = mysql_fetch_assoc($query);

echo "<td align='center'><a href='profile/?user={$row['username']}' id='top_links' class='top'>profile</a></td><td><b>|</b></td>";
} else {
?>
<td align="center"><a href="register.php" id="top_links" class="top">register</a></td><td><b>|</b></td>
<? } ?>
<td align="center"><a href="music.php" id="top_links" class="top">music</a></td><td>
<tr><td align="center"><a href="featured.php" id="top_links" class="top">featured</a></td><td><b>|</b></td>
<td align="center"><a href="subscribe.php" id="top_links" class="top">subscribe</a></td><td><b>|</b></td>
<td align="center"><a href="feedback.php" id="top_links" class="top">feedback</a></td><td><b>|</b></td>
<td align="center"><a href="contact.php" id="top_links" class="top">contact</a></td></tr>
</td>
</table>

<td align="right"><table>
<tr><td colspan="2" align="center"><font size="-1">Profile Username Search</font></td>
<td colspan="2"align="center"><img src="/images/searchicon.gif" width="25px" height="20px" alt="search"></td></tr>
<tr><td colspan="2" ><input type="text" name="msearch" size="20"></td>
<td colspan="2" ><input type="submit" name="submit" value="Find" class="register" title="Search for a profile"></td></tr></table>
</td>

<?
if($session) {
?>

<td align="right">
<a href="logout.php" class="forgot">Logout</a>
</td>

<?
}
?>

</table>
</div> <br />
<?
if($session) {
include("header.php");
}
?>


Can anybody help me figure out, that whenever you get done editing your profile, and go back to the profile page, it logs you out? Do I need to setup a cookie or something similar?

Well what I do is have a menu.php and then have the menu.php include session.php which says "Welcome $username" So maybe on your navagation bar you should include your session.

+rep if that helped please ;)

If this is your exact code, this here:

<?
if($session) {

$username = mysql_real_escape_string($_GET['user']);

$query = "SELECT * FROM `users` WHERE `username` = '$session'";
$result = mysql_query($query);
$row = mysql_fetch_assoc($result);

$sql = mysql_query("SELECT `quote` FROM `users` WHERE `username` = '$session'");
$quote = mysql_result($sql, 0);

?>

has no close to the session, either in this block or further in your script. So you are running a fatal error when you are attempting to execute - turn on your error display (error_reporting(E_ALL)) for testing.
If this is not the full code, sessions can be a pain if the default configurations are enabled.
Run:

ini_set('session.use_cookies', 1);
ini_set('session.use_only_cookies', 0);
ini_set('session.use_trans_sid', 1); // If you want transparent sessions added to all your links.

The default php.ini configurations are set to use only cookies, which means if the user has their cookies off, they cannot obtain a reusable session.
As well, you may want to consider a couple of things with your php scripts. Always use <?php instead of the short tags <?. This is because many hosts do not support short tags, and if I'm not mistaken they are to be removed in PHP 6. Also, with your forms, try using something like __FILE__ or even better $_SESSION['script_name'] instead of php_self - php_self is XSS exploitable. And talking about exploits, ensure that you are cleaning all of your database input values, a good start is just running it through mysql_real_escape_string (which you have done on at least one input, but run it against all of your input to be safer). If your magic_quotes_gpc directives are enabled, you must restore your own input values to remove the slashes before hand - I won't post that is it is longer to write, but post back if you need that one (you'll know, input values with quotations will always come out with more \ in front of them each time for escaping).

The only other thing that I can think of off hand is that the header.php file you have may be removing the session values. make sure it is using session_start in it as well, and that your session values are not being destroyed or nulled.

Hope that helps, post back with your results!
[/php]

If I could make a suggestion. Instead of putting <?
session_start();
$session = $_SESSION['username'];
include("connection.php");
?> at the top of each page, make a separate file with the previous code and just include that file on each page you want it. That way if you ever want to change something in that code, you can edit just one file instead of many. That can be done for many things like menus, etc.