php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #14928 Session variables are lost when using header() redirection(identical to #14636)
Submitted: 2002-01-08 05:17 UTC Modified: 2002-02-07 21:23 UTC
Votes:1
Avg. Score:1.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: mikkoh at htklx2 dot htk dot fi Assigned:
Status: Not a bug Package: Session related
PHP Version: 4.1.1 OS: Linux (2.2.15)
Private report: No CVE-ID: None
 [2002-01-08 05:17 UTC] mikkoh at htklx2 dot htk dot fi
The symptoms are identical to bug #14636, but with versions 4.1x and on Linux. Manual redirection works fine, but when using header("Location: xxx") registered session variables are lost. All pre-4.1.x -versions seem to work. Not tested on other platforms.

session.auto_start is set to 0 in php.ini.


Example: 


script_1.php:

<?php

session_start ();

/* these session variables should be set in script_2.php. 
On versions 4.1.x they never get set. On 4.0.x everything works. */

echo "FOO: " . $foo . " BAR: " . $bar;


?>

<html><head><title></title></head>
<body>
<form action="script_2.php">
<input type="text" name="param1">
<input type="text" name="param2">
<input type="submit" value="Submit">
</form>
</body></html>

Script 2:

<?php

session_start ();
session_register ("foo");
session_register ("bar");

$foo = $param1;
$bar = $param2;

header ("Location: $HTTP_REFERER");

?>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-01-08 07:22 UTC] sander@php.net
Dupe of 14363.

No need to report bugs which already have been reported.
 [2002-01-29 13:58 UTC] jose at unigest dot net
I'm having the same problem usign php 4.1.1 on Windows. I'm developing a commercial application and when pass few minutes all session variables are lost and I have to restart Apache to open a new session and begin to work...
 [2002-02-07 05:38 UTC] betsos at westgate dot gr
I don't think that this is a duplicate bug. Although the
symptomts are identical to bug #14636 the cause is not 
the same.

As of bug #14636 the cause was that session.auto_start
was set to 1 and despite this fact session_start was
used to initiate a session.

I have experienced exactly the same problem although in 
my php.ini session.auto_start is set to 0. The bug is
reproduced either with PHP 4.0.6 or with 4.1.1 and IIS
under NT 4.0.

However everything works OK with PHP 4.0.1 and Apache 
under Unix.
 [2002-02-07 21:23 UTC] yohgaki@php.net
This issue will not be able to be fixed by PHP.
Some browser does not set cookie for initial request.

To make sure cookie is enabled _always_, user must check it first.

http://www.zend.com/search_code_author.php?author=yohgaki

Use session helper html or other people post without JavaScript version.
 [2003-03-27 19:03 UTC] cjaxsn at hotmail dot com
HERE IS THE ANSWER TO YOUR PROBLEMS WITH PHP LOSING SESSION INFORMATION AFTER A FORCED REDIRECT.

Listen up kids because I'm only going to say this once!

I had the exact same problem that is posted here as a 'bug' about 50 times.  I am a professional Computer Programmer/Analyst by trade and was quite embarrased that I could not get this working myself.  Well it turns out that it's not a PHP bug after all.

The symptom:

Browser fails to write session cookie when using a header("Location: filname.php"); call after a session_start(); call.

Common procedure:
-----------
index.php
-----------
<form action="login.php" method="post">
 <input type="text" name="txtUserName">
 <input type="password" name="txtPassword">
</form>

-----------
login.php
-----------
<?
session_start(); //create a new session
session_register('username'); //register username session variable
session_register('password'); //register password session variable

$_SESSION["username"] = $HTTP_POST_VARS["txtUserName"]; //set the username to the session variable object
$_SESSION["password"] = $HTTP_POST_VARS["txtPassword"]; //set the password to the session variable object

session_write_close();
header("Location: home.php");
?>

-----------
home.php
-----------
<?
session_start();
echo $_SESSION['txtUserName']; //value should be there but isn't
?>
<html>
 <head>
  <title>Main Menu</title>
etc...

The Solution:

In your login HTML form page (index.php) place this at the top <?session_start();?>.  This way here a session is created before logging in.  No session variables exist but the browser now has a session assigned.  When you submit the form, the session_start() in the login.php file now resumes the already created session and registers the session values to the session variables.  Therefore, if your browser does not write the session cookie before the headers have been sent it will not matter because the session already exists.

Common Misconceptions:

This has nothing to do with your OS or version of PHP in my opinion.  It has to do with HTTP and how your browser conforms to the HTTP standard.

People think that PHP is losing the session information.  In fact, it is not.  But what is happening if you do an immediate redirect without having first created a session in a previous php page, is that it creates a new instance of a session and then uses the newly created one.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Oct 31 23:01:28 2024 UTC