[RESOLVED] header() and session

ethought

Does issuing a header("Location: page.php") cause the session to invalidate? I am running into situations where my session data is no longer available after calling header() and am wondering if it is a problem with me or if it is normal.

Thanks.

Rodney_H_

I have used both in conjunction without problem. Hmm. Would you care to post your code so we may see it in context?

Thanks.

ethought

Basically, what I do is:

session_start();
session_register('phase', '2');
header("Location: page2.php");

page2.php

if (!isset($SESSION['phase'] || $SESSION['phase'] != '2')
{
//do something else
}

The above block is always true for whatever reason. I tried printing my session and this is what I get:

Array ( [phase] => [2] => )

So it looks like the data is there, however, that block of code should never get executed, and it does.

Thanks.

Rodney_H_

session_start();
session_register('phase', '2');
header("Location: page2.php");

I think session_register is deprecated as of PHP 4.1. Instead, you may try this:

<?php
session_start();
$_SESSION["phase"] = '2';
header("Location: page2.php");
?>

.. and see if that helps. (hope so, let me know)

toplay

If you have PHP version 4.1.0 or higher then just use $SESSION. You're mixing session_register() and $SESSION and you should not. Use one or the other but not both. Read the caution boxes at this manual page:
http://us2.php.net/manual/en/function.session-register.php

You're not using session_register() properly. It's designed to allow use of your own variable names. Also, session_register() requires register_globals to be on (which is a security risk). Just use $_SESSION instead.

When doing a header() with location you have to manually pass the session name and ID yourself since PHP won't do it. This is required if a user doesn't accept cookies and only pertains if you have the session.use_trans_sid php.ini setting on. If you have it on, then you should do something like this:

header('Location: page2.php?' . SID);
exit;

FYI: Please note that the header() with location command does not redirect right there and then when it's executed. It actually redirects when your script ends or an exit is reached. So, to ensure no logic flow problems in your script, you should have an exit right after every header() with location to force redirection to occur immediately.

ethought

That's great. Thanks to both of you. Very well explained. Awesome.