[PHP-DEV] Bug #14636 Updated: Session variables are lost when redirecting to a url using header() function.
ID: 14636 Updated by: [EMAIL PROTECTED] -Reported By: [EMAIL PROTECTED] +Reported By: [EMAIL PROTECTED] Status: Feedback Bug Type: Session related Operating System: windows 2000 professional PHP Version: 4.0.6 New Comment: I have experienced a similar problem with Kannan but not due to session.auto_start. In my php.ini session.auto_start is set to 0. I use the following scripts. When run, either with PHP Version 4.0.6, or with Version 4.1.1 and IIS under NT 4.0, the second script - test_login.php - starts a new session and variable $username is unset. When run with PHP 4.0.1 and Apache under Unix they work just fine. // -- login.php -- ?php session_start(); session_register(username); $username = justme; Header(Location: ./test_login.php); ? // -- test_login.php -- ?php session_start(); if ( isset ($username) ) echo $username; else echo Not authenticated!; ? // --- According to Chris 'This is actually not a bug at all but rather behavior of HTTP'. If this is the case then how comes that I don't have this problem when I use PHP Version 4.0.1 with Apache? Previous Comments: [2002-02-04 00:51:05] [EMAIL PROTECTED] I'm not sure what is going on, since I didn't have time to take a look. To report: Is chris' comment enough? [2002-02-03 22:32:07] [EMAIL PROTECTED] This is actually not a bug at all but rather behavior of HTTP. For PHP to be able to find a previously set session variable, it must be able to identify the client, right? Well, the default method used to accomplish this is via a cookie set when you initiate the session. Since it appears you are redirecting the user to the member's only page using the Location header on the same page the session is initiated, the PHPSESSID cookie will not be set. Thus, once the user arrives at the member's only page, PHP won't be able to identify the user. Their session variable is still there, but PHP won't give it to a stranger. :) Basically, in your HTTP reponse that includes the Set-Cookie header, it needs to be a regular 200 OK response and not a protocol level redirection. If you absolutely have to have the behavior you're going for here, you're going to have to use a meta refresh for the redirection. Yes, it's not as cool, but it's the only way to set a cookie and redirect the client in the same response. Otherwise, you'll have to pass the value of the cookie on the URL, which might be a good option for you actually. Hope that helps. [2001-12-21 20:35:17] [EMAIL PROTECTED] Let me check this thing ;) [2001-12-21 12:19:47] [EMAIL PROTECTED] The problem as I understand it is in the use of session.auto_start in the php.ini and session_start() in the script. session.auto_start has to be set to 0 (zero) if using session_start() in the script. The code seems to work with this setting. Somehow I did not see this in any of the documentation or other bug reports. Thanks for the assistance. Kannan [2001-12-21 08:52:59] [EMAIL PROTECTED] Dupe of 6121 The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/14636 -- Edit this bug report at http://bugs.php.net/?id=14636edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] Bug #14636 Updated: Session variables are lost when redirecting to a url using header() function.
ID: 14636 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Feedback +Status: Bogus Bug Type: Session related Operating System: windows 2000 professional PHP Version: 4.0.6 New Comment: This issue will not be able to be fixed by PHP. Some browser does not set cookie for initial request. To make sure cookie is enabled _always_, user must check it first. http://www.zend.com/search_code_author.php?author=yohgaki Use session helper html or other people post without JavaScript version. Previous Comments: [2002-02-07 05:25:24] [EMAIL PROTECTED] I have experienced a similar problem with Kannan but not due to session.auto_start. In my php.ini session.auto_start is set to 0. I use the following scripts. When run, either with PHP Version 4.0.6, or with Version 4.1.1 and IIS under NT 4.0, the second script - test_login.php - starts a new session and variable $username is unset. When run with PHP 4.0.1 and Apache under Unix they work just fine. // -- login.php -- ?php session_start(); session_register(username); $username = justme; Header(Location: ./test_login.php); ? // -- test_login.php -- ?php session_start(); if ( isset ($username) ) echo $username; else echo Not authenticated!; ? // --- According to Chris 'This is actually not a bug at all but rather behavior of HTTP'. If this is the case then how comes that I don't have this problem when I use PHP Version 4.0.1 with Apache? [2002-02-04 00:51:05] [EMAIL PROTECTED] I'm not sure what is going on, since I didn't have time to take a look. To report: Is chris' comment enough? [2002-02-03 22:32:07] [EMAIL PROTECTED] This is actually not a bug at all but rather behavior of HTTP. For PHP to be able to find a previously set session variable, it must be able to identify the client, right? Well, the default method used to accomplish this is via a cookie set when you initiate the session. Since it appears you are redirecting the user to the member's only page using the Location header on the same page the session is initiated, the PHPSESSID cookie will not be set. Thus, once the user arrives at the member's only page, PHP won't be able to identify the user. Their session variable is still there, but PHP won't give it to a stranger. :) Basically, in your HTTP reponse that includes the Set-Cookie header, it needs to be a regular 200 OK response and not a protocol level redirection. If you absolutely have to have the behavior you're going for here, you're going to have to use a meta refresh for the redirection. Yes, it's not as cool, but it's the only way to set a cookie and redirect the client in the same response. Otherwise, you'll have to pass the value of the cookie on the URL, which might be a good option for you actually. Hope that helps. [2001-12-21 20:35:17] [EMAIL PROTECTED] Let me check this thing ;) [2001-12-21 12:19:47] [EMAIL PROTECTED] The problem as I understand it is in the use of session.auto_start in the php.ini and session_start() in the script. session.auto_start has to be set to 0 (zero) if using session_start() in the script. The code seems to work with this setting. Somehow I did not see this in any of the documentation or other bug reports. Thanks for the assistance. Kannan The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/14636 -- Edit this bug report at http://bugs.php.net/?id=14636edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] Bug #14636 Updated: Session variables are lost when redirecting to a url using header() function.
ID: 14636
Updated by: [EMAIL PROTECTED]
-Reported By: [EMAIL PROTECTED]
+Reported By: [EMAIL PROTECTED]
Status: Assigned
Bug Type: Session related
Operating System: windows 2000 professional
PHP Version: 4.0.6
Assigned To: yohgaki
New Comment:
This is actually not a bug at all but rather behavior of HTTP.
For PHP to be able to find a previously set session variable, it must
be able to identify the client, right? Well, the default method used to
accomplish this is via a cookie set when you initiate the session.
Since it appears you are redirecting the user to the member's only page
using the Location header on the same page the session is initiated,
the PHPSESSID cookie will not be set. Thus, once the user arrives at
the member's only page, PHP won't be able to identify the user. Their
session variable is still there, but PHP won't give it to a stranger.
:)
Basically, in your HTTP reponse that includes the Set-Cookie header, it
needs to be a regular 200 OK response and not a protocol level
redirection. If you absolutely have to have the behavior you're going
for here, you're going to have to use a meta refresh for the
redirection. Yes, it's not as cool, but it's the only way to set a
cookie and redirect the client in the same response. Otherwise, you'll
have to pass the value of the cookie on the URL, which might be a good
option for you actually.
Hope that helps.
Previous Comments:
[2001-12-21 20:35:17] [EMAIL PROTECTED]
Let me check this thing ;)
[2001-12-21 12:19:47] [EMAIL PROTECTED]
The problem as I understand it is in the use of
session.auto_start in the php.ini and
session_start() in the script.
session.auto_start has to be set to 0 (zero) if using session_start()
in the script. The code seems to work with this setting. Somehow I
did not see this in any of the documentation or other bug reports.
Thanks for the assistance.
Kannan
[2001-12-21 08:52:59] [EMAIL PROTECTED]
Dupe of 6121
[2001-12-21 08:36:04] [EMAIL PROTECTED]
I have reviewed the Bugs database against the following IDs
13732 - is closed with no reply or resolution indicated.
12704 - marked Bogus
12679 - does not solve my situation (session.cookie_domain). I am not
using one. It is left blank.
8912 - similar. But in my case browser refresh on the target page also
does not solve the problem.
The only thin that works is clicking on a href link to go to the target
page.
I am using Apache Webserver 1.3.22 for Windows.
Kannan
[2001-12-21 03:12:13] [EMAIL PROTECTED]
I have 2 scripts: a script to login a user and set a session variable.
After checking session_is_registered() I redirect to a url using
header(). The target script checks for the session variable and is not
able to find it.
If I use href to go to the target page, the session variable is found.
I have reviewed the bugs database, and the solutions reported for
similar cases do not work for me. The following are portion of the
code used:
I tested the code on a Linux server and it works perfectly.
Thank you.
Kannan
Environment: Windows 2000, IE 5.5, Linux 4.0.6
Login.php
$db = db_connect();
$result = mysql_query($query, $db);
if (mysql_num_rows($result) 0 )
{
// if they are in the database register the user id
$row = mysql_fetch_array($result);
$suser = $user;
session_register(suser);
}
}
if (session_is_registered(suser))
{
if ($redirect)
header(location: $redirect);
// redirect is instantiated with 'members_only.php'
else {
echo You are logged in as: $suser br;
echo suser: $suserbr;
echo a href=\members_only.php\Members Only/abr;
echo a href=\logout.php\Log out/abr; // === redirect
to URL
}
}
.
members_only.php
?
session_start();
// check session variable
echo Members_onlybr;
echo $suserbr;
if (session_is_registered(suser))
{
echo Members Only Pagebr;
echo pYou are logged in as $suser./p;
echo pMembers only content goes here/p;
echo a href=\login.php\Back to main page/a;
echo a href=\logout.php\Logout/a;
}
else
{ $redirect = members_only.php;
header(location: login.php?redirect=$redirect);
}
?
php.ini
[Session]
session.save_handler = files
session.save_path = C:\temp
session.use_cookies = 1
session.name = FOO
session.auto_start = 1
session.cookie_lifetime = 60
session.cookie_path = c:\temp
session.cookie_domain =
session.serialize_handler = php
[PHP-DEV] Bug #14636 Updated: Session variables are lost when redirecting to a url using header() function.
ID: 14636 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Assigned +Status: Feedback Bug Type: Session related Operating System: windows 2000 professional PHP Version: 4.0.6 Assigned To: yohgaki New Comment: I'm not sure what is going on, since I didn't have time to take a look. To report: Is chris' comment enough? Previous Comments: [2002-02-03 22:32:07] [EMAIL PROTECTED] This is actually not a bug at all but rather behavior of HTTP. For PHP to be able to find a previously set session variable, it must be able to identify the client, right? Well, the default method used to accomplish this is via a cookie set when you initiate the session. Since it appears you are redirecting the user to the member's only page using the Location header on the same page the session is initiated, the PHPSESSID cookie will not be set. Thus, once the user arrives at the member's only page, PHP won't be able to identify the user. Their session variable is still there, but PHP won't give it to a stranger. :) Basically, in your HTTP reponse that includes the Set-Cookie header, it needs to be a regular 200 OK response and not a protocol level redirection. If you absolutely have to have the behavior you're going for here, you're going to have to use a meta refresh for the redirection. Yes, it's not as cool, but it's the only way to set a cookie and redirect the client in the same response. Otherwise, you'll have to pass the value of the cookie on the URL, which might be a good option for you actually. Hope that helps. [2001-12-21 20:35:17] [EMAIL PROTECTED] Let me check this thing ;) [2001-12-21 12:19:47] [EMAIL PROTECTED] The problem as I understand it is in the use of session.auto_start in the php.ini and session_start() in the script. session.auto_start has to be set to 0 (zero) if using session_start() in the script. The code seems to work with this setting. Somehow I did not see this in any of the documentation or other bug reports. Thanks for the assistance. Kannan [2001-12-21 08:52:59] [EMAIL PROTECTED] Dupe of 6121 [2001-12-21 08:36:04] [EMAIL PROTECTED] I have reviewed the Bugs database against the following IDs 13732 - is closed with no reply or resolution indicated. 12704 - marked Bogus 12679 - does not solve my situation (session.cookie_domain). I am not using one. It is left blank. 8912 - similar. But in my case browser refresh on the target page also does not solve the problem. The only thin that works is clicking on a href link to go to the target page. I am using Apache Webserver 1.3.22 for Windows. Kannan The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/14636 -- Edit this bug report at http://bugs.php.net/?id=14636edit=1 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] Bug #14636 Updated: Session variables are lost when redirecting to a url using header() function.
ID: 14636
User updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Open
Bug Type: Session related
Operating System: windows 2000 professional
PHP Version: 4.0.6
New Comment:
I have reviewed the Bugs database against the following IDs
13732 - is closed with no reply or resolution indicated.
12704 - marked Bogus
12679 - does not solve my situation (session.cookie_domain). I am not using one. It
is left blank.
8912 - similar. But in my case browser refresh on the target page also does not solve
the problem.
The only thin that works is clicking on a href link to go to the target page.
I am using Apache Webserver 1.3.22 for Windows.
Kannan
Previous Comments:
[2001-12-21 03:12:13] [EMAIL PROTECTED]
I have 2 scripts: a script to login a user and set a session variable. After checking
session_is_registered() I redirect to a url using header(). The target script checks
for the session variable and is not able to find it.
If I use href to go to the target page, the session variable is found.
I have reviewed the bugs database, and the solutions reported for similar cases do not
work for me. The following are portion of the code used:
I tested the code on a Linux server and it works perfectly.
Thank you.
Kannan
Environment: Windows 2000, IE 5.5, Linux 4.0.6
Login.php
$db = db_connect();
$result = mysql_query($query, $db);
if (mysql_num_rows($result) 0 )
{
// if they are in the database register the user id
$row = mysql_fetch_array($result);
$suser = $user;
session_register(suser);
}
}
if (session_is_registered(suser))
{
if ($redirect)
header(location: $redirect);
// redirect is instantiated with 'members_only.php'
else {
echo You are logged in as: $suser br;
echo suser: $suserbr;
echo a href=\members_only.php\Members Only/abr;
echo a href=\logout.php\Log out/abr; // === redirect to URL
}
}
.
members_only.php
?
session_start();
// check session variable
echo Members_onlybr;
echo $suserbr;
if (session_is_registered(suser))
{
echo Members Only Pagebr;
echo pYou are logged in as $suser./p;
echo pMembers only content goes here/p;
echo a href=\login.php\Back to main page/a;
echo a href=\logout.php\Logout/a;
}
else
{ $redirect = members_only.php;
header(location: login.php?redirect=$redirect);
}
?
php.ini
[Session]
session.save_handler = files
session.save_path = C:\temp
session.use_cookies = 1
session.name = FOO
session.auto_start = 1
session.cookie_lifetime = 60
session.cookie_path = c:\temp
session.cookie_domain =
session.serialize_handler = php
session.gc_probability = 1
session.gc_maxlifetime = 1440
session.referer_check =
session.entropy_length = 0
session.entropy_file =
session.cache_limiter = private
session.cache_expire = 180
session.use_trans_sid = 1
url_rewriter.tags = a=href,area=href,frame=src,input=src,form=fakeentry
Edit this bug report at http://bugs.php.net/?id=14636edit=1
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #14636 Updated: Session variables are lost when redirecting to a url using header() function.
ID: 14636
Updated by: sander
Reported By: [EMAIL PROTECTED]
Old Status: Open
Status: Duplicate
Bug Type: Session related
Operating System: windows 2000 professional
PHP Version: 4.0.6
New Comment:
Dupe of 6121
Previous Comments:
[2001-12-21 08:36:04] [EMAIL PROTECTED]
I have reviewed the Bugs database against the following IDs
13732 - is closed with no reply or resolution indicated.
12704 - marked Bogus
12679 - does not solve my situation (session.cookie_domain). I am not using one. It
is left blank.
8912 - similar. But in my case browser refresh on the target page also does not solve
the problem.
The only thin that works is clicking on a href link to go to the target page.
I am using Apache Webserver 1.3.22 for Windows.
Kannan
[2001-12-21 03:12:13] [EMAIL PROTECTED]
I have 2 scripts: a script to login a user and set a session variable. After checking
session_is_registered() I redirect to a url using header(). The target script checks
for the session variable and is not able to find it.
If I use href to go to the target page, the session variable is found.
I have reviewed the bugs database, and the solutions reported for similar cases do not
work for me. The following are portion of the code used:
I tested the code on a Linux server and it works perfectly.
Thank you.
Kannan
Environment: Windows 2000, IE 5.5, Linux 4.0.6
Login.php
$db = db_connect();
$result = mysql_query($query, $db);
if (mysql_num_rows($result) 0 )
{
// if they are in the database register the user id
$row = mysql_fetch_array($result);
$suser = $user;
session_register(suser);
}
}
if (session_is_registered(suser))
{
if ($redirect)
header(location: $redirect);
// redirect is instantiated with 'members_only.php'
else {
echo You are logged in as: $suser br;
echo suser: $suserbr;
echo a href=\members_only.php\Members Only/abr;
echo a href=\logout.php\Log out/abr; // === redirect to URL
}
}
.
members_only.php
?
session_start();
// check session variable
echo Members_onlybr;
echo $suserbr;
if (session_is_registered(suser))
{
echo Members Only Pagebr;
echo pYou are logged in as $suser./p;
echo pMembers only content goes here/p;
echo a href=\login.php\Back to main page/a;
echo a href=\logout.php\Logout/a;
}
else
{ $redirect = members_only.php;
header(location: login.php?redirect=$redirect);
}
?
php.ini
[Session]
session.save_handler = files
session.save_path = C:\temp
session.use_cookies = 1
session.name = FOO
session.auto_start = 1
session.cookie_lifetime = 60
session.cookie_path = c:\temp
session.cookie_domain =
session.serialize_handler = php
session.gc_probability = 1
session.gc_maxlifetime = 1440
session.referer_check =
session.entropy_length = 0
session.entropy_file =
session.cache_limiter = private
session.cache_expire = 180
session.use_trans_sid = 1
url_rewriter.tags = a=href,area=href,frame=src,input=src,form=fakeentry
Edit this bug report at http://bugs.php.net/?id=14636edit=1
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP-DEV] Bug #14636 Updated: Session variables are lost when redirecting to a url using header() function.
ID: 14636
User updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
Status: Duplicate
Bug Type: Session related
Operating System: windows 2000 professional
PHP Version: 4.0.6
New Comment:
The problem as I understand it is in the use of
session.auto_start in the php.ini and
session_start() in the script.
session.auto_start has to be set to 0 (zero) if using session_start() in the script.
The code seems to work with this setting. Somehow I did not see this in any of the
documentation or other bug reports.
Thanks for the assistance.
Kannan
Previous Comments:
[2001-12-21 08:52:59] [EMAIL PROTECTED]
Dupe of 6121
[2001-12-21 08:36:04] [EMAIL PROTECTED]
I have reviewed the Bugs database against the following IDs
13732 - is closed with no reply or resolution indicated.
12704 - marked Bogus
12679 - does not solve my situation (session.cookie_domain). I am not using one. It
is left blank.
8912 - similar. But in my case browser refresh on the target page also does not solve
the problem.
The only thin that works is clicking on a href link to go to the target page.
I am using Apache Webserver 1.3.22 for Windows.
Kannan
[2001-12-21 03:12:13] [EMAIL PROTECTED]
I have 2 scripts: a script to login a user and set a session variable. After checking
session_is_registered() I redirect to a url using header(). The target script checks
for the session variable and is not able to find it.
If I use href to go to the target page, the session variable is found.
I have reviewed the bugs database, and the solutions reported for similar cases do not
work for me. The following are portion of the code used:
I tested the code on a Linux server and it works perfectly.
Thank you.
Kannan
Environment: Windows 2000, IE 5.5, Linux 4.0.6
Login.php
$db = db_connect();
$result = mysql_query($query, $db);
if (mysql_num_rows($result) 0 )
{
// if they are in the database register the user id
$row = mysql_fetch_array($result);
$suser = $user;
session_register(suser);
}
}
if (session_is_registered(suser))
{
if ($redirect)
header(location: $redirect);
// redirect is instantiated with 'members_only.php'
else {
echo You are logged in as: $suser br;
echo suser: $suserbr;
echo a href=\members_only.php\Members Only/abr;
echo a href=\logout.php\Log out/abr; // === redirect to URL
}
}
.
members_only.php
?
session_start();
// check session variable
echo Members_onlybr;
echo $suserbr;
if (session_is_registered(suser))
{
echo Members Only Pagebr;
echo pYou are logged in as $suser./p;
echo pMembers only content goes here/p;
echo a href=\login.php\Back to main page/a;
echo a href=\logout.php\Logout/a;
}
else
{ $redirect = members_only.php;
header(location: login.php?redirect=$redirect);
}
?
php.ini
[Session]
session.save_handler = files
session.save_path = C:\temp
session.use_cookies = 1
session.name = FOO
session.auto_start = 1
session.cookie_lifetime = 60
session.cookie_path = c:\temp
session.cookie_domain =
session.serialize_handler = php
session.gc_probability = 1
session.gc_maxlifetime = 1440
session.referer_check =
session.entropy_length = 0
session.entropy_file =
session.cache_limiter = private
session.cache_expire = 180
session.use_trans_sid = 1
url_rewriter.tags = a=href,area=href,frame=src,input=src,form=fakeentry
Edit this bug report at http://bugs.php.net/?id=14636edit=1
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
