$_SESSION variable does not persist beyond first page when using a $_GET

Question

I have searched many answers across many forums in regard to this issue. Many state to be sure to use session_start() others deal with hosting platforms, and even one stated they had used $_GET and the session variable did not persist beyond the first page, but there were no definite solutions that seemed to match my scenario.

I have debugged it to the point that I know it is in the $_GET and does the same thing if I use $_REQUEST (there is no post at this point), so I am posting in hopes of getting some resolution to this problem. Here is my code, simplified for posting purposes, but it does work and demonstrates how the $_SESSION['test'] variable persists, but the $_SESSION['sp'] variable instantiated by the $_GET does not.

index2.php

<?php
/*some comments*/
session_start();
session_unset();

//define some variables here

?>

<!DOCTYPE HTML>
<html>
<head>
    <link rel="stylesheet" type="text/css" href="includes/style.css">
</head>
<body>
<table>
    <tr>
        <td width-"750">
        <p>
            Make a choice:<br><br>
            <a href="first_page.php?page=third_page">Get the third page after first and second pages</a><br>
            <a href="first_page.php?page=fourth_page">Get the fourth page after first and second pages</a><br>
        </p>
        </td>
    </tr>
</table>
</body>
</html>

first_page.php

<?php
/*some comments*/
session_start();

$s=$_GET['page'];
$_SESSION['sp']=$s;
$_SESSION['test']="test123";

echo "s variable from get is set to " . $s . "<br>";
echo "session variable for page is set to " . $_SESSION['sp'] . "<br>";
echo "session variable for test is set to " . $_SESSION['test'] . "<br>";

if (isset($_POST['submit']) && !empty($_POST['submit']))
{
    header('Location: second_page.php');
}

?>

<!DOCTYPE HTML>
<html>
<head>
    <link rel="stylesheet" type="text/css" href="includes/style.css">
</head>
<body>
<table>
    <tr>
        <td width="750px">
            <form method="post" action='first_page.php'>
                <p>
                    HTML text and a select tag here for choices
                </p>
                <input type="submit" name="submit" value="Submit">
            </form>
        </td>
    </tr>
</table>
</body>
</html>

second_page.php

<?php
/*some comments*/
session_start();

echo "session variable for page is set to " . $_SESSION['sp'] . "<br>";
echo "session variable for test is set to " . $_SESSION['test'] . "<br>";


//Test if submit button named submit was clicked and not empty
if (isset($_POST['submit']) && !empty($_POST['submit']))
{
        if($_SESSION['sp']=="third_page") {
            header('Location: third_page.php');
        }
        if($_SESSION['sp']=="fourth_page") {
            header('Location: fourth_page.php');
        } else {
            header('Location: index2.php');
        }
}

?>

<!DOCTYPE HTML>
<html>
<head>
    <link rel="stylesheet" type="text/css" href="includes/style.css">
</head>
<body>
<table>
    <tr>
        <td width="750px">
            <form method="post" action='second_page.php'>
                <p>
                    HTML text and a select tag here for choices
                </p>
                <input type="submit" name="submit" value="Submit">
            </form>
        </td>
    </tr>
</table>
</body>
</html>

Any help on this "head balding" situation would be greatly appreciated!!

Answer 1

You cannot modify header() once an output has already been sent, e.g. in your case through an echo.

You might want to comment out these lines in first_page.php

echo "s variable from get is set to " . $s . "<br>";
echo "session variable for page is set to " . $_SESSION['sp'] . "<br>";
echo "session variable for test is set to " . $_SESSION['test'] . "<br>";

and these in second_page.php:

echo "session variable for page is set to " . $_SESSION['sp'] . "<br>";
echo "session variable for test is set to " . $_SESSION['test'] . "<br>";

Taken from php.org: Note:

Session ID is not passed with Location header even if session.use_trans_sid is enabled. It must by passed manually using SID constant.

You might want to store the session ID in a cookie (or pass it along through your query string).

Answer 2

RESOLVED:

Thanks everyone for your assistance!

It was in the form action calling the first_page again prior to the redirect to the second_page and when the form was submitted, the get was blank, which makes sense. Here is the solution in case anyone else runs into this issue. I've left some of the debug in place to help others as well as it helped me.

index2.php --

<?php
session_start();
?>

<!DOCTYPE HTML>
<html>
<head>
    <link rel="stylesheet" type="text/css" href="includes/style.css">
</head>
<body>
<table>
    <tr>
        <td width-"750">
        <p>
            Make a choice:<br><br>
            <a href="first_page.php?page=third_page">Get the third page after first and second pages</a><br>
            <a href="first_page.php?page=fourth_page">Get the fourth page after first and second pages</a><br>
        </p>
        </td>
    </tr>
</table>
</body>
</html>

first_page.php --

<?php error_reporting(E_ALL); ini_set('display_errors', 1);
session_start();

// is the page parameter present at all?
if (!isset($_GET['page']))
{
    http_response_code(400);
    exit('Missing URL parameter: page');
}

/* is the parameter valid?  - this will fail if the page= is not all numeric
if (!ctype_digit($_GET['page']) || $_GET['page'] == 0)
{
    http_response_code(400);
    exit('Invalid URL parameter: page');
}
*/


$s=$_GET['page'];
$_SESSION['sp']=$s;
$_SESSION['test']="test123";

echo "s variable from get is set to " . $s . "<br>";
echo "session variable for page is set to " . $_SESSION['sp'] . "<br>";
echo "session variable for test is set to " . $_SESSION['test'] . "<br>";

if (isset($_POST['submit']) && !empty($_POST['submit']))
{
    header('Location: second_page.php');
}

?>

<!DOCTYPE HTML>
<html>
<head>
    <link rel="stylesheet" type="text/css" href="includes/style.css">
</head>
<body>
<table>
    <tr>
        <td width="750px">
            <form method="post" **action="first_page.php?page=<?php echo $_SESSION['sp']?>">**
                <p>
                    HTML text and a select tag here for choices
                </p>
                <input type="submit" name="submit" value="Submit">
            </form>
        </td>
    </tr>
</table>
</body>
</html>

second_page.php --

<?php error_reporting(E_ALL); ini_set('display_errors', 1);
session_start();

echo "session variable for page is set to " . $_SESSION['sp'] . "<br>";
echo "session variable for test is set to " . $_SESSION['test'] . "<br>";

if (isset($_POST['submit']) && !empty($_POST['submit']))
{
        if($_SESSION['sp']=="third_page") {
            header('Location: third_page.php');
        } else {
            if($_SESSION['sp']=="fourth_page") {
                header('Location: fourth_page.php');
            } else {
                header('Location: index2.php');
            }
        }

}

?>

<!DOCTYPE HTML>
<html>
<head>
    <link rel="stylesheet" type="text/css" href="includes/style.css">
</head>
<body>
<table>
    <tr>
        <td width="750px">
            <form method="post" action="second_page.php">
                <p>
                    HTML text and a select tag here for choices
                </p>
                <input type="submit" name="submit" value="Submit">
            </form>
        </td>
    </tr>
</table>
</body>
</html>

third_page.php --

<!DOCTYPE HTML>
<html>
<head>
    <link rel="stylesheet" type="text/css" href="includes/style.css">
</head>
<body>
Congrats, you made it to the third page!
</body>
</html>

fourth_page.php --

<!DOCTYPE HTML>
<html>
<head>
    <link rel="stylesheet" type="text/css" href="includes/style.css">
</head>
<body>
    Congrats, you made it to the fourth page!
</body>
</html>