PHP :: Bug #20425 :: session file cleared after execution of header("location ...

Bug #20425

session file cleared after execution of header("location ...

Submitted:

2002-11-14 05:03 UTC

Modified:

2002-11-15 04:40 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	0 of 0 (0.0%)

From:

guerrini at dada dot it

Assigned:

Status:

Not a bug

Package:

Session related

PHP Version:

4.2.3

OS:

Linux

Private report:

CVE-ID:

None

View Developer Edit

[2002-11-14 05:03 UTC] guerrini at dada dot it

After execution of header("Location:otherfile.php?".SID);
the session file previously created does not contain all the items posted by a form.

My configuration:
Linux RH6.2 (tested also RH7.2 and RH 7.3)
Apache 1.3.27
PHP 4.2.3 compiled as a CGI
 './configure' '--enable-shared' '--with-system-regex' '--with-gd=/usr/local' '--enable-ftp' '--with-mysql' '--enable-track-vars' '--with-ttf=/usr' '--enable-gd-native-ttf' '--with-jpeg-dir' '--with-png-dir' '--with-zlib' '--enable-force-cgi-redirect' '--enable-dbase' '--with-config-file-path=/usr/local/apache/conf'
register_globals=1
session_trans_sid=1 (tested also =0)

I have 2 files index.php and lib1.inc
When I start index.php a session file is created (under /tmp) and contains the variable name ( !sessione| ).
When I post the form (in index.php), the session file under /tmp does not get updated.
If I comment out the line header("Location:otherfile.php?".SID); instead, the session file is updated with the values posted by the form.
It behaves as if execution of header("location ... cleared the session file.
These are the files involved:

LIB1.INC
<?
session_start();
session_register("sessione");
[....other functions here ....]
function SessioneUtente($fusern,$fpassw,$fnome,$fcognome,$fpriv,$femail)
{
     global $sessione;
     $sessione[nome]=$fnome;
     $sessione[cognome]=$fcognome;
     $sessione[username]=$fusern;
     $sessione[password]=$fpassw;
     $sessione[priv]=$fpriv;
     $sessione[email]=$femail;
     $sessione[loggato]=true;
}
?>
############################################

INDEX.PHP

<?
include("lib1.inc");
$messaggio="";
if (isset($azione) && $azione=="vai")
{
   if(empty($logon[username]) || empty($logon[password]))
     $messaggio.="devi riempire tutti i campi";
     //DEFINISCO l'ARRAY CU che conterr? i dati utente (username,password,priv, ecc.)
     $cu=checkUser( $logon[username], $logon[password]);
   if(!empty($logon[password]) && $logon[password]!=$cu[password])
       $messaggio .= "utente o password errati, riprova";

   if ($messaggio=="")
     {
   
SessioneUtente($cu[username],$cu[password],$cu[nome],$cu[cognome],$cu[priv],$cu[email]);
    header("Location:otherfile.php?".SID);
     }
}

?>
<html>
<head>
  <title>login</title>
  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
  <meta name="GENERATOR" content="Quanta Plus">
</head>
<body>
<?
if($messaggio!="")
echo $messaggio;
?>
<form action="<?echo $PHP_SELF; ?>" method="post">
<input type="hidden" name="azione" value="vai">

<div align=center>
<table border=1 cellpadding=0 cellspacing=0>
<tr>
  <td colspan=2>
  Login
  </td>
</tr>
<tr>
  <td>
  Username
  </td>
  <td>
  <input type="text" name="logon[username]" value="<?echo $logon[username]; ?>">
  </td>
</tr>

<tr>
  <td>
  Password
  </td>
  <td>
  <input type="password" name="logon[password]" maxlength=8>
  </td>
</tr>
<tr>
  <td align=right colspan=2>
  <input type="submit" value=accedi>
  </td>
</tr>
</table>
</div>
</form>
</body>
</html>

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-11-14 08:41 UTC] novell at kiruna dot se

You will find some useful information here: 2nd comment on http://www.php.net/manual/en/function.session-register.php

[2002-11-14 09:09 UTC] iliaa@php.net

Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions. 

Thank you for your interest in PHP.

A number of mistakes in your script are likely causes of your script not to working.
1) Instead of session_register("sessione"); add variables to the session in this fassion $_SESSION['sessione'] = 'value';
2) $sessione[nome]=$fnome; is wrong, what's 'none', it probably should be $sessione['nome']=$fnome;, no?
3) Your location header is wrong for 2 reasons, 1st you are using relatives pathes, always a BAD idea and your header("Location:otherfile.php?".SID); is missing a space between Location: and otherfile.
4) Use session_id() and not SID to retrieve the session id.

[2002-11-14 10:50 UTC] guerrini at dada dot it

Ok, I corrected the errors as missing single quote and missing space between location and otherfile.php. 
The fact that induced me to think to a PHP bug, is that these same scripts work fine on 2 different server with same configuration (php+apache) as my local one.

Thanks, stefano

[2002-11-15 04:38 UTC] guerrini at dada dot it

Maybe it won't be a bug, but I wonder what it is.
I have fixed my problem by simply, recompiling PHP as a module
Now everything works fine again.
Thanks, Stefano

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Wed Dec 03 08:00:02 2025 UTC