ID: 14928
Comment by: cjaxsn at hotmail dot com
Reported By: mikkoh at htklx2 dot htk dot fi
Status: Bogus
Bug Type: Session related
Operating System: Linux (2.2.15)
PHP Version: 4.1.1
New Comment:
HERE IS THE ANSWER TO YOUR PROBLEMS WITH PHP LOSING SESSION INFORMATION
AFTER A FORCED REDIRECT.
Listen up kids because I'm only going to say this once!
I had the exact same problem that is posted here as a 'bug' about 50
times. I am a professional Computer Programmer/Analyst by trade and
was quite embarrased that I could not get this working myself. Well it
turns out that it's not a PHP bug after all.
The symptom:
Browser fails to write session cookie when using a header("Location:
filname.php"); call after a session_start(); call.
Common procedure:
-----------
index.php
-----------
<form action="login.php" method="post">
<input type="text" name="txtUserName">
<input type="password" name="txtPassword">
</form>
-----------
login.php
-----------
<?
session_start(); //create a new session
session_register('username'); //register username session variable
session_register('password'); //register password session variable
$_SESSION["username"] = $HTTP_POST_VARS["txtUserName"]; //set the
username to the session variable object
$_SESSION["password"] = $HTTP_POST_VARS["txtPassword"]; //set the
password to the session variable object
session_write_close();
header("Location: home.php");
?>
-----------
home.php
-----------
<?
session_start();
echo $_SESSION['txtUserName']; //value should be there but isn't
?>
<html>
<head>
<title>Main Menu</title>
etc...
The Solution:
In your login HTML form page (index.php) place this at the top
<?session_start();?>. This way here a session is created before
logging in. No session variables exist but the browser now has a
session assigned. When you submit the form, the session_start() in the
login.php file now resumes the already created session and registers
the session values to the session variables. Therefore, if your
browser does not write the session cookie before the headers have been
sent it will not matter because the session already exists.
Common Misconceptions:
This has nothing to do with your OS or version of PHP in my opinion.
It has to do with HTTP and how your browser conforms to the HTTP
standard.
People think that PHP is losing the session information. In fact, it
is not. But what is happening if you do an immediate redirect without
having first created a session in a previous php page, is that it
creates a new instance of a session and then uses the newly created
one.
Previous Comments:
------------------------------------------------------------------------
[2002-02-07 21:23:14] [EMAIL PROTECTED]
This issue will not be able to be fixed by PHP.
Some browser does not set cookie for initial request.
To make sure cookie is enabled _always_, user must check it first.
http://www.zend.com/search_code_author.php?author=yohgaki
Use session helper html or other people post without JavaScript
version.
------------------------------------------------------------------------
[2002-02-07 05:38:58] betsos at westgate dot gr
I don't think that this is a duplicate bug. Although the
symptomts are identical to bug #14636 the cause is not
the same.
As of bug #14636 the cause was that session.auto_start
was set to 1 and despite this fact session_start was
used to initiate a session.
I have experienced exactly the same problem although in
my php.ini session.auto_start is set to 0. The bug is
reproduced either with PHP 4.0.6 or with 4.1.1 and IIS
under NT 4.0.
However everything works OK with PHP 4.0.1 and Apache
under Unix.
------------------------------------------------------------------------
[2002-01-29 13:58:12] jose at unigest dot net
I'm having the same problem usign php 4.1.1 on Windows. I'm developing
a commercial application and when pass few minutes all session
variables are lost and I have to restart Apache to open a new session
and begin to work...
------------------------------------------------------------------------
[2002-01-08 07:22:50] [EMAIL PROTECTED]
Dupe of 14363.
No need to report bugs which already have been reported.
------------------------------------------------------------------------
[2002-01-08 05:17:19] mikkoh at htklx2 dot htk dot fi
The symptoms are identical to bug #14636, but with versions 4.1x and on
Linux. Manual redirection works fine, but when using header("Location:
xxx") registered session variables are lost. All pre-4.1.x -versions
seem to work. Not tested on other platforms.
session.auto_start is set to 0 in php.ini.
Example:
script_1.php:
<?php
session_start ();
/* these session variables should be set in script_2.php.
On versions 4.1.x they never get set. On 4.0.x everything works. */
echo "FOO: " . $foo . " BAR: " . $bar;
?>
<html><head><title></title></head>
<body>
<form action="script_2.php">
<input type="text" name="param1">
<input type="text" name="param2">
<input type="submit" value="Submit">
</form>
</body></html>
Script 2:
<?php
session_start ();
session_register ("foo");
session_register ("bar");
$foo = $param1;
$bar = $param2;
header ("Location: $HTTP_REFERER");
?>
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=14928&edit=1
