header function behavior

the_seekers

Hello everyone,

I am encounter a weird (I think) problem with the header and hope that some one can suggest a work around solution.

I am developing a login system for a web application. I am using php ver 4.3.7 running on a test station with win2k and iis 5 along with ie 6.

In this module I have 3 pages (login, welcome, logout) and I am using session to carry the information from page to page. Everything is fine until I hit the header ("location: http://localhost/mywebserver/phpscripts/welcome.php"). What I see is that it is creating a brand new session id with 0KB and use it as the source to fill in the blank on the welcome page. Here is the thing that keeps my head spinning. I replace the header with a normal href= http://localhost/mywebserver/phpscripts/welcome.php and the darn thing works as expected. What gives?????? do I missed configure something??????

I have tried the following method to remedy the problem:

put a session_write_close(); before the header to ensure all are recorded ==> still failed
append a ? . sid on the url in the header ==> still failed

A side note, I verified that it is using the new session id (the one with 0K😎 through my logout page where I destroy the session and that is the one is clearing out.

Has any 1 here seen this behavior be 4 and would you please so kind to offer me an explaination so I can learn (btw, I've worked with php for about 1 month now so please be kind....)

TIA

tsinka

Hi,

how did you set up sessions in php.ini ?

Thomas

the_seekers

My session section in the php.ini is as follow:

sesion.save_path d:/tmp
session.use_cookies On
session.use_only_cookies Off
session.use_trans_sid Off

HTH

tsinka

Hi,

please post the code of the scripts (at least the code that dealse with the sessions).

Thomas

the_seekers

Hi there,

Okie here it is (will cut back some code since it will be long...)

in the login.php I have

<?php

// set capture user id and pwd to single variables
$s_userid = $POST['usrid'];
$s_userpwd = $POST['pwd'];

define, formulate and connect to MS SQL database

execute query to retrieve user id and pwd in the database

get # of row return by the query

if ($rowreturned >0)
    {
        session_start();
        header ("Cache-control: private");

        $_SESSION['sess_userid'] = $s_userid;
        $_SESSION['sess_pwd'] = $s_userpwd;
        $_SESSION['sess_id'] = session_id();

         session_write_close();
    // print '<p> <a href = [url]http://localhost/webservername/phpscripts/welcome.php[/url]> Click here to continue </a> <p>';

       header ("location: [url]http://localhost/webservername/phpscripts/welcome.php[/url]");
       exit();

    }     
 else
      {
         print "redirect user back to home page".
      }

?>

my welcome.php

<?php

session_start();

print "Welcome " . $_SESSION['sess_user'] . "<br />";

print "You have logged on with the pw of : " . $SESSION['sess_pwd'] . " and the current session is : " . $SESSION['sess_id'] . "<br />";

print '<p> <a href = "logout.php"> click here to log out </a> </p>';

=================================

Tsinka,

Did I missed any thing??????

As I said the only way I can maintain the session id and information is throught the href method and not with the header.

Thanks for your help.

tsinka

Hi,

does it work if you put

session_start();
header ("Cache-control: private");

on the very top of the login.php script and if you use the header directive in welcome.php, too ?

Thomas

the_seekers

Hi Tsinka,

Going from login to welcome using the header directive certainly did not work for me. I however, have not try going from welcome to logout. I will give it a try now and post it back so you can see.

Thanks for your time and help.

tsinka

Hi,

did you move the session_start and header directives move on top of the scripts and add the header header ("Cache-control: private"); to welcome.php, too ?

Sorry for asking that twice but your last post isn't clear in that point.

Thomas

the_seekers

Hi Tsinka,

I have added a session variable on the welcome page and call the logout page using the header directive. Try to print out the session variable that I set in the welcome page ==> not thing print at all. However, I think the welcome and the logout page are using the same session that was created while redirecting from welcome to logout.

To clarify the event.

upon entering the login page, a session is created let say session_1. After some logics the welcome page is called via header; session_2 is created with 0KB. In turns, logout page is called from welcome via header also. No new session is created but not thing is print out on the logout page; thus indicate it is using the session_2 for the source. WEIRD.......

HTH

tsinka

Hi,

I tried your login.php and welcome.php code and it worked.

Try the following code samples:

do not use [url]http://[/url]

<?PHP
header("Location: /webservername/phpscripts/welcome.php");
?>

add the session info to the redirect:

<?PHP
header("Location: /webservername/phpscripts/welcome.php?".session_name()."=".session_id());
?>

Thomas