[geeklog-devel] Re: [PHP-DEV] Is this a bug? (fwd)

Tony Bibbs tony at tonybibbs.com
Wed Mar 26 11:18:18 EST 2003

This is in response to some work on the MVC stuff I have been developing.  
Specifically, when the code does a redirect to the same page I lose my 
session data.  This adequetely explains my problem but I wanted to post it 
here for archival purposes.

Tony Bibbs          "I guess you have to remember that those who don't
tony at tonybibbs.com  hunt or fish often see those of us who do as      
                    harmlessly strange and sort of amusing. When you  
                    think about it, that might be a fair assessment." 

---------- Forwarded message ----------
Date: Wed, 26 Mar 2003 09:50:47 +0100
From: Hartmut Holzgraefe <hartmut at six.de>
To: Tony Bibbs <tony at tonybibbs.com>
Subject: Re: [PHP-DEV] Is this a bug?

Tony Bibbs wrote:
> Are there instances you all can think of where doing a header('location: 
> $url'); causes a loss of all session data?  I have a case I can reproduce 
> consistently where doing a header() refresh or echoing out an HTML page 
> with a meta refresh both cause resulting page to lose session.  My hunch 
> is that I may not be accounting for some ingrained PHP handling and that 
> this isn't a bug but I can't be sure.  

Clients will usualy ignore any header but Location: when they get a
redirection status code (...) so any cookie set in the same request
will be ignored, even the PHP session cookie

So if the redirected request is the one where you first called
session_start() to create the session you won't get the session ID
passed on unless you add it as a get parameter to the Location: URL

You should also be aware of the fact that PHP will not try to set
the session cookie if it already got the session id as a GET parameter
so you would either have to make sure you pass it as a GET parameter
in all following requests or to test for the cookie yourself when
calling session_start() and set it yourself using set_cookie() or
header() if it is not there already

Six Offene Systeme GmbH     http://www.six.de/
i.A. Hartmut Holzgraefe     Email: hartmut at six.de   Tel.: +49-711-99091-77

More information about the geeklog-devel mailing list