ID: 14636
Comment by: andrew dot whale at which dot net
Reported By: kannan at tmsassociates dot com
Status: Bogus
Bug Type: Session related
Operating System: windows 2000 professional
PHP Version: 4.0.6
New Comment:
Hi
I've also had a similar problem of session variables not being passed
following a call to header(). I am running PHP 4.0.15 on an XP m/c.
The following worked for me, by placing a session_write_close() before
the call to header, followed by and exit():
session_write_close();
header("Location: $strPage");
exit();
I hope this will be of use to some.
Andrew Whale
Previous Comments:
------------------------------------------------------------------------
[2002-02-07 21:23:36] [EMAIL PROTECTED]
This issue will not be able to be fixed by PHP.
Some browser does not set cookie for initial request.
To make sure cookie is enabled _always_, user must check it first.
http://www.zend.com/search_code_author.php?author=yohgaki
Use session helper html or other people post without JavaScript
version.
------------------------------------------------------------------------
[2002-02-07 05:25:24] betsos at westgate dot gr
I have experienced a similar problem with Kannan but not
due to session.auto_start. In my php.ini session.auto_start
is set to 0.
I use the following scripts. When run, either with PHP Version 4.0.6,
or with Version 4.1.1 and IIS under NT 4.0,
the second script - test_login.php - starts a new session
and variable $username is unset. When run with PHP 4.0.1
and Apache under Unix they work just fine.
// ------ login.php ------
<?php
session_start();
session_register("username");
$username = "justme";
Header("Location: ./test_login.php");
?>
// ------ test_login.php ------
<?php
session_start();
if ( isset ($username) )
echo $username;
else
echo "Not authenticated!";
?>
// -----------------------
According to Chris 'This is actually not a bug at all but rather
behavior of HTTP'.
If this is the case then how comes that I don't have this
problem when I use PHP Version 4.0.1 with Apache?
------------------------------------------------------------------------
[2002-02-04 00:51:05] [EMAIL PROTECTED]
I'm not sure what is going on, since I didn't have time to take a
look.
To report: Is chris' comment enough?
------------------------------------------------------------------------
[2002-02-03 22:32:07] chris at k2labs dot org
This is actually not a bug at all but rather behavior of HTTP.
For PHP to be able to "find" a previously set session variable, it must
be able to identify the client, right? Well, the default method used to
accomplish this is via a cookie set when you initiate the session.
Since it appears you are redirecting the user to the member's only page
using the Location header on the same page the session is initiated,
the PHPSESSID cookie will not be set. Thus, once the user arrives at
the member's only page, PHP won't be able to identify the user. Their
session variable is still there, but PHP won't give it to a stranger.
:)
Basically, in your HTTP reponse that includes the Set-Cookie header, it
needs to be a regular 200 OK response and not a protocol level
redirection. If you absolutely have to have the behavior you're going
for here, you're going to have to use a meta refresh for the
redirection. Yes, it's not as cool, but it's the only way to set a
cookie and redirect the client in the same response. Otherwise, you'll
have to pass the value of the cookie on the URL, which might be a good
option for you actually.
Hope that helps.
------------------------------------------------------------------------
[2001-12-21 20:35:17] [EMAIL PROTECTED]
Let me check this thing ;)
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/14636
--
Edit this bug report at http://bugs.php.net/?id=14636&edit=1
