PHP: SESSION partly deleted after header() + exit

Question

I am having some trouble with setting up a pretty small application. It's going to be a little survey.

The form is split into two pages. After submitting the first one, the data is stored in the $_SESSION array with this:

save_items(array('my_data' => $my_data_oject));

The function save_items() looks like this:

function save_items(array $array) {
    foreach ($array as $name => $item) {
        $_SESSION[$name] = $item;
    }
}

Then I unset($_POST) and redirect like this:

header('Location: index.php?action=survey_part2');
exit;

My problem is: After redirection, the previously stored login data is still in the $_SESSION, but my_data_object is not. If I avoid the redirection, I can see that my_data_object is stored in the $_SESSION array before the redirection starts. So the combination of header() and exit seems to destroy the session in part. Does anybody know how this can happen?

Finally, parts of my controller:

<?php
error_reporting(E_ALL);
session_start();

require_once 'models/functions.php';
require_once 'models/classes.php';

$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : NULL;
$view = $action;
$language = isset($_REQUEST['lang']) ? $_REQUEST['lang'] : 'de';

switch ($action) {
    case 'login' :
        if ((!empty($_POST['email'])) && (!empty($_POST['password']))) {
            $user = new User();
            $login = $user->find_user($_POST);
            if (!empty($login)) {
                set_message('Welcome ' . $login['Firstname'] . ' ' . $login['Lastname'] . '!');
                save_items(array('user_id' => $login['CID']));
                unset($_POST);
                redirect("index.php?action=survey&lang=de"); //<- works fine. Login is kept, Message is kept.
            } else {
                set_message('Please try again.');
                unset($_POST);
            }
        } else {
            unset($_POST);
            set_message('Try again.');
        }
    break;

/* ... shortage */
    case 'survey' :
        check_login(); //<- doesn't matter
        if (empty($_POST)) {
            /* ... shortage */
        } else {
            /* ... creation of my_data_object + setting one more message */
            save_items(array('my_data' => $my_data_object));
            unset($_POST);
            save_items(array('test' => 'you see me?')); //<- index.php?action=survey_2 won't get it
            //var_dump($_SESSION);
            header('Location: index.php?action=survey_2&lang=de'); //<- does not work. Login is kept in $_SESSION, but not my_data
            exit;
        }
    break;

Thanks!

This topic is maybe similar to that one here, but my $_SESSION is not empty after header(), but partly deleted.

Answer 1

Now I catched the problem. I tried to serialize a PDO with save_items() and after 1 day I've found the error message. My hint of the day: if you can, take a look into the php_error_log, because sometimes a very important error message is not shown on screen.

So my issue was relate to that one!

Solution: Put data as an Array into $_SESSION or use __sleep() and __wakeup() to specify which attributes (not: $db = new PDO();) should be serialized and which not.