16

I've got a script that sets some session values before redirecting to / using header().

I've read many posts about the $_SESSION variable being destroyed / lost after header(), even after I implemented this:

// set session here

session_regenerate_id(true);
session_write_close();
header("Location: /");

session_start() is set in the correct places, does anyone know of anything that I might be missing?

On the index.php page I have this:

session_start();
print_r($_SESSION);

// outputs nothing :'(

The code is pretty complex so will not post it all, just snippets.

Ben Everard
  • 13,652
  • 14
  • 67
  • 96

8 Answers8

12

I've never seen any session related issues due to using location headers - are you sure you're calling session_start on both pages?

Hmm... this answer made a lot more sense before you added the session_start bits above, and mentioned the fact that you were sure you were using session_start. :-)

John Parker
  • 54,048
  • 11
  • 129
  • 129
  • Even after removing the `session_regenerate_id` line the same problem persists. – Ben Everard Jan 10 '10 at 14:51
  • And yes, I'm sure `session_start()` is being called in all the correct places. – Ben Everard Jan 10 '10 at 14:51
  • If you take out the header location re-direct and simply change the URL (in the browser) is the session data available? – John Parker Jan 10 '10 at 14:57
  • Hmmmm... it still isn't set, perhaps it's not a `header()` problem then? – Ben Everard Jan 10 '10 at 15:18
  • I'd recommend using session_start as close to the start of any PHP includes as possible, and make the include the first item (i.e.: pre doctype/HTML headers, etc.) on all pages. – John Parker Jan 10 '10 at 15:20
  • Straw clutching thought - I presume the disk area PHP is using for session data isn't full? – John Parker Jan 10 '10 at 15:31
  • The server is reporting it has loads of space spare... shame I can't get SSH access to the box :-( – Ben Everard Jan 10 '10 at 15:37
  • When I upload the same build to my web server the session works perfectly aft6er the header. – Ben Everard Jan 10 '10 at 15:38
  • Sounds like a fun one. Incidentally, do *all* the partitions on the server have sufficient disk space? (Also, are quotas in use, etc.) Hope you manage to get it sorted anyhow. :-) – John Parker Jan 10 '10 at 15:45
  • I only have access to the one partition... shared hosting blows. Any way thanks for your help... +1 – Ben Everard Jan 10 '10 at 15:48
  • Dear @JohnParker, after few days of "self-torture", thousands and after implementing thousands of different answers and tips on solutions I finally found out your answer. I never thought session_start() must be called on both pages. – LowLevel Apr 13 '17 at 17:49
  • ... as it's not the case for Java (I usually use Java). Thank you very very much!!! – LowLevel Apr 13 '17 at 17:50
5

header must be sent before session close

session_regenerate_id(true);

header("Location: /");
// the header must be sent before session close
session_write_close(); // here you could also use exit();
jackJoe
  • 11,078
  • 8
  • 49
  • 64
streetparade
  • 32,000
  • 37
  • 101
  • 123
4

After the Header redirect you need to exit the PHP script:

header("Location: /");
exit();
Tiago Sippert
  • 1,324
  • 7
  • 24
  • 33
vivek goyal
  • 41
  • 2
  • 7
    Since `exit` is a language construct you can just use `exit;` (no parentheses). Just e useful tip to save 2 characters of code. :-) – Dzhuneyt May 27 '14 at 08:21
4

just put exit; after header :D I solved by this

junaid
  • 41
  • 1
3

In the interest of closing this question, we had concluded it was a problem with the server configuration, not surprising considering the host is well known for this kind of thing.

Ben Everard
  • 13,652
  • 14
  • 67
  • 96
  • 1
    Could you be more precise? – o0'. Feb 18 '13 at 17:55
  • 1
    No, unfortunately I cannot. The host at the time didn't allow developers to modify the `php.ini` file, move to different host where we could control this and the problem was solved. – Ben Everard Feb 19 '13 at 10:11
  • 1
    To any one reading this, I think I might have the solution. It is the accepted answer posted at http://stackoverflow.com/questions/17242346/php-session-lost-after-redirect – dayuloli Jun 21 '13 at 19:13
0

One possible option that was not mention here and happened to me is that I was creating another session. When you're using session in php you can use only one session at a time. If you create a new session the old one is lost. This is more likely to happen when you create a session for login and maybe you want another session for something else(It's not that recommended anyway). My case was a flash() method which I used to create a session only once a post was added/updated/deleted. And use that session in the views to display a message then destroy it. Every time I created a new session while adding/updating/deleting the other session that I used for login was destroyed. This is not something that happens to often but it's possible.

PMekuli
  • 90
  • 8
  • Review: I don't get it. I'm not native english, but your sentence confuses me. Would it require some text formatting with code blocks? – H.Hasenack Jan 30 '21 at 20:31
  • 1
    @H.Hasenack Yes I agree to you it was a short answer to understand anything from it. So I edited and expanded it. Hopefully now makes more sense. – PMekuli Feb 01 '21 at 13:14
-1

I had the same problem, I found that using a function related to Session helps to ensure if you started a session or not

if(session_status == PHP_SESSION_NONE)
   session_start();
BsHr Алвани
  • 37
  • 3
-4

You don't need to start session_start() in each page. cuz untill your browser is closed the same session remains for the entire path you have specified in php.ini

Shivaram Mahapatro
  • 127
  • 11