ID: 14928 Comment by: cjaxsn at hotmail dot com Reported By: mikkoh at htklx2 dot htk dot fi Status: Bogus Bug Type: Session related Operating System: Linux (2.2.15) PHP Version: 4.1.1 New Comment:
HERE IS THE ANSWER TO YOUR PROBLEMS WITH PHP LOSING SESSION INFORMATION AFTER A FORCED REDIRECT. Listen up kids because I'm only going to say this once! I had the exact same problem that is posted here as a 'bug' about 50 times. I am a professional Computer Programmer/Analyst by trade and was quite embarrased that I could not get this working myself. Well it turns out that it's not a PHP bug after all. The symptom: Browser fails to write session cookie when using a header("Location: filname.php"); call after a session_start(); call. Common procedure: ----------- index.php ----------- <form action="login.php" method="post"> <input type="text" name="txtUserName"> <input type="password" name="txtPassword"> </form> ----------- login.php ----------- <? session_start(); //create a new session session_register('username'); //register username session variable session_register('password'); //register password session variable $_SESSION["username"] = $HTTP_POST_VARS["txtUserName"]; //set the username to the session variable object $_SESSION["password"] = $HTTP_POST_VARS["txtPassword"]; //set the password to the session variable object session_write_close(); header("Location: home.php"); ?> ----------- home.php ----------- <? session_start(); echo $_SESSION['txtUserName']; //value should be there but isn't ?> <html> <head> <title>Main Menu</title> etc... The Solution: In your login HTML form page (index.php) place this at the top <?session_start();?>. This way here a session is created before logging in. No session variables exist but the browser now has a session assigned. When you submit the form, the session_start() in the login.php file now resumes the already created session and registers the session values to the session variables. Therefore, if your browser does not write the session cookie before the headers have been sent it will not matter because the session already exists. Common Misconceptions: This has nothing to do with your OS or version of PHP in my opinion. It has to do with HTTP and how your browser conforms to the HTTP standard. People think that PHP is losing the session information. In fact, it is not. But what is happening if you do an immediate redirect without having first created a session in a previous php page, is that it creates a new instance of a session and then uses the newly created one. Previous Comments: ------------------------------------------------------------------------ [2002-02-07 21:23:14] [EMAIL PROTECTED] This issue will not be able to be fixed by PHP. Some browser does not set cookie for initial request. To make sure cookie is enabled _always_, user must check it first. http://www.zend.com/search_code_author.php?author=yohgaki Use session helper html or other people post without JavaScript version. ------------------------------------------------------------------------ [2002-02-07 05:38:58] betsos at westgate dot gr I don't think that this is a duplicate bug. Although the symptomts are identical to bug #14636 the cause is not the same. As of bug #14636 the cause was that session.auto_start was set to 1 and despite this fact session_start was used to initiate a session. I have experienced exactly the same problem although in my php.ini session.auto_start is set to 0. The bug is reproduced either with PHP 4.0.6 or with 4.1.1 and IIS under NT 4.0. However everything works OK with PHP 4.0.1 and Apache under Unix. ------------------------------------------------------------------------ [2002-01-29 13:58:12] jose at unigest dot net I'm having the same problem usign php 4.1.1 on Windows. I'm developing a commercial application and when pass few minutes all session variables are lost and I have to restart Apache to open a new session and begin to work... ------------------------------------------------------------------------ [2002-01-08 07:22:50] [EMAIL PROTECTED] Dupe of 14363. No need to report bugs which already have been reported. ------------------------------------------------------------------------ [2002-01-08 05:17:19] mikkoh at htklx2 dot htk dot fi The symptoms are identical to bug #14636, but with versions 4.1x and on Linux. Manual redirection works fine, but when using header("Location: xxx") registered session variables are lost. All pre-4.1.x -versions seem to work. Not tested on other platforms. session.auto_start is set to 0 in php.ini. Example: script_1.php: <?php session_start (); /* these session variables should be set in script_2.php. On versions 4.1.x they never get set. On 4.0.x everything works. */ echo "FOO: " . $foo . " BAR: " . $bar; ?> <html><head><title></title></head> <body> <form action="script_2.php"> <input type="text" name="param1"> <input type="text" name="param2"> <input type="submit" value="Submit"> </form> </body></html> Script 2: <?php session_start (); session_register ("foo"); session_register ("bar"); $foo = $param1; $bar = $param2; header ("Location: $HTTP_REFERER"); ?> ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=14928&edit=1