Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

sessions and header redirection 1

Status
Not open for further replies.
bedrock

bedrock

Programmer
Nov 6, 2002
94
US
hi all, i feel bad posting an question since i havent been on the forum in a long time, but this one is really starting to irritate me. im trying to run an open source webmail client called squirrelmail and the session doesnt seem to be saving data correctly. here are some code snippets and then ill explain the problem:

redirect.php:
Code: 
//lots of code registering session vars,etc
session_write_close();
header("Location: webmail.php");

webmail.php:
Code: 
session_start();
//bunch of includes,etc
is_logged_in();

is_logged_in() checks for a registered session variable 'user_is_logged_in' the other stuff is basically to test the version of php and test the correct var (according the setting of register_globals). so ive tried the scripts with register_globals=on (even though its look pretty compatible w/o, like in the above function) ive tried session.auto_start = 1 & 0, and lastly i checked the session array manually. before the call to write and close the session the array prints out as expected with all vars registered. but in webmail.php if i print the array i get nothing. i moved the session_start() call before the includes because i read that could cause problems, but it didnt do anything for me. the session does start with the correct name, but simply prints an empty array. ive scoured the net for solutions and havent come up with anything that i havent already tried. any suggestions?

what we see depends mainly on what we're looking for.
--John Lubbock
 
Sort by date Sort by votes
i should add, im running php 4.2.2 apache 2.0 redhat 8.0

what we see depends mainly on what we're looking for.
--John Lubbock
 
Upvote 0 Downvote
Is the session cookie being sent to the browser? When a server issues the "Location" header to redirect the browser, it also sets the HTTP return status to 301. IIS, I know, will not send cookies when the status is 301; I know Apache 1.3 will. I'm don't know one way or the other with Apache 2.0.

Two ways to test:
1. Telnet to port 80 and issue the commands necessary to fetch the page.

2. Remove the header() and replace it with the output of an <a>...</a> tag that you can click on to get to the next page.

Want the best answers? Ask the best questions: TANSTAAFL!
 
Upvote 0 Downvote
thanks for the suggestion sleipnir. i tried adding the link. using the link doesnt seem to fix the problem and im not familiar enough with http to telnet into the machine. something similar was also mentioned in a but report on sourceforge. the fix in their case was to add some html output along with a meta tag to refresh the page to redirect to while outputing some text. this also didnt work for me. the session is being saved, once i get to the main page where the data is lost i have two session files stored, the old one with all the data and new one that is empty. this is just a shot in the dark, but if my problem is with the cookies (im fairly certain it is because of the header call atleast) then would manually writing a cookie with the data before the redirect do anything? if so, how would i format the cookie? the way i understand it that seems like it would work, but then again why wouldnt the anchor tag take care of this problem?

what we see depends mainly on what we're looking for.
--John Lubbock
 
Upvote 0 Downvote
yea, normal cookies are ok. another script i have on this machine uses some non-session cookies without a problem. and i set ie to prompt on every cookie download, and the squirrelmail script im having problems with sends to cookies when sending data from index.php to redirect.php, but not when going from redirect.php to webmail.php, which is where the session is lost. i more or less know how to set a cookie, but i dont know how to manually set the session cookie. it doesnt seem too difficult, but how do i format it to contain all the session data?

what we see depends mainly on what we're looking for.
--John Lubbock
 
Upvote 0 Downvote
just to make sure i answer your question correctly, here is the sequence of events from the index page to the page with the error:

1. request index.php, enter login/pass
2. submit data to redirect.php
3. redirect.php sends 2 cookies: one for language setting,
and session cookie.
4. redirect.php calls header(&quot;Location: webmail.php&quot;);
5. webmail.php calls a subroutine to check the var
$_SESSION[&quot;user_is_logged_in&quot;] which fails because
there are no registered vars because the vars are
registered to a different session.
6. error is displayed telling me im not logged in with a
link back to index.php
7. clicking this link takes me to index.php?SID,
by which i mean that the SID is appended to the end of
the url from the link produced by the error
(automatic). this is the SID from the newly created
session w/o any vars however

also, im wondering what exactly is the difference between a normal cookie and a session cookie? how does a browser know the difference?

what we see depends mainly on what we're looking for.
--John Lubbock
 
Upvote 0 Downvote
There is no difference between a session cookie and a regular cookie, execpt that a session cookie is normally set to expire when the browser is closed.

When your script sets the cookies in step 3, do you get one complaint or two from IE?

Have you tried removing your use of session_write_dump() from your script?

Want the best answers? Ask the best questions: TANSTAAFL!
 
Upvote 0 Downvote
2 seperate cookies are sent, so ie ask permission for both. i havent verified this with netscape, but i am still unable to log in, so its definately a server-side issue. and the script behaves the same with or without the session_write_close() call.

what we see depends mainly on what we're looking for.
--John Lubbock
 
Upvote 0 Downvote
sleipnir214:
session.cookie_path = /
session.cookie_domain = mydomain.com

danielhozac:
the session files are there. after a whole trip through this procedure i end up with 2 seperate session files, one that contains the data and a new one that is empty.

what we see depends mainly on what we're looking for.
--John Lubbock
 
Upvote 0 Downvote
ok ive finally nailed this one down. i added the SID to the url in the redirection and voila i finally logged in. im still confused as to why the hard link didnt work, since trans_sid was set on. but in any case its working now (atleast THAT part is, im not too excited to see what the future holds) thanks many times over for your help.

what we see depends mainly on what we're looking for.
--John Lubbock
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

PeDa
  • Locked
  • Question
php constant in mail header 1
Replies
2
Views
349
PeDa
PeDa
c0deM0nK424
  • Locked
  • Question
Gutenberg Block Editor - page edits and updates not working since wp site migration
Replies
1
Views
853
spamjim
spamjim
lexer
  • Locked
  • Question
Fetching Data from Mysql and filling Inputs in a Form
Replies
0
Views
261
lexer
lexer
Gerrit Broekhuis
  • Locked
  • Question
PHP form with captcha and file upload
Replies
4
Views
430
Gerrit Broekhuis
Gerrit Broekhuis
PeDa
  • Locked
  • Question
PHP and CSS media queries 1
Replies
2
Views
643
PeDa
PeDa

Part and Inventory Search

Sponsor

Back
Top