php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #8809 Cookieless session with Header redirects
Submitted: 2001-01-19 14:44 UTC Modified: 2010-12-22 14:34 UTC
Votes:3
Avg. Score:3.7 ± 1.9
Reproduced:3 of 3 (100.0%)
Same Version:1 (33.3%)
Same OS:1 (33.3%)
From: bf at ez dot no Assigned:
Status: Not a bug Package: *General Issues
PHP Version: 4.0.4pl1 OS: All
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: bf at ez dot no
New email:
PHP Version: OS:

 

 [2001-01-19 14:44 UTC] bf at ez dot no
I have code like:

session_start();
if ( !isset( $Foo ) )
{
        session_register( "Foo" );
}
else
{
 print( $Foo );
}

Header( "Location: /index.php" );

This does not work with cookieless sessions because the session information is not added to the header() if it's a redirect. 

The header() should add the PHPSESSIONID variable to the redirection path if it contains "Location: " like it does with other URLS and forms.




Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2001-01-23 12:33 UTC] bf at ez dot no
When PHP is compiled with --enable-trans-sid  http redirects with header() does not work with cookieless sessions. 

This must be a bug. 

Here is how I fixed it with php code. The header() function should handle this if --enable-trans-sid is compiled in:


function ezheader( $string )
{
    $sid =& $GLOBALS["PHPSESSID"];

    if ( isset( $sid ) )
    {
        $pos = strpos( $string, "?" );

        if ( $pos )
        {
            $string = $string . "&PHPSESSID=$sid";
        }
        else
        {
            $string = $string . "?PHPSESSID=$sid";    
        }
    }
    
    header( $string );    
}

This code will automatically append the session id if it exists and that enables cookieless sessions with header( "Location: " ) redirects.


 [2010-12-22 14:34 UTC] johannes@php.net
-Status: Open +Status: Bogus -Package: Feature/Change Request +Package: *General Issues
 [2010-12-22 14:34 UTC] johannes@php.net
You have to use the SID constant.

To be standards compliante a Location header has to contain the complete URL. The session rewriter won't touch complete URLs, so it won't touch the Location header.
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Sun Nov 19 01:31:42 2017 UTC