PHP session variable set on page (verified) does not exist after redirect or page change

Question

PHP 7.1.7 on Windows Server 2008 Enterprise

... I noticed there were 5 other questions here just like this with no answer. I'm getting frustrated trying to do something that's always been so easy to accomplish in other languages for me. I just want to set a session variable and then read it on another page after a redirect. That should be simple basic functionality and I do not get why I've been sitting here for 2 hours trying everything I can think of and I still can't figure it out.

Each page of my application starts with: session_start();

I have a form edit processing page I'm starting with, where on a successful edit, the user is redirected back to the index page. Before the redirect, I'm setting a session variable ('success'). At this point, the session variable is set. If I comment out the header and exit() lines and echo the session["success"] variable.

$_SESSION["success"] = "The record was inserted successfully.";
header( 'Location: index.php');
exit();                                 
}   

Register Globals does not exist in my PHP.ini file (register_globals). I tried adding "register_globals=0;" to the PHP.ini file and restarting the server but I still doid not see a "register_globals" listing on the PHP info page.

No matter what I have tried, after the redirect to the index.php page, that session variable does not exist after the redirect ($_SESSION["success"]). I'm staying inside the same domain (same folder on the server really)

After setting the session variable ('success') and proving that it is set by echoing it on the edit proccessing page followed by an exit, I can not figure out how to get the session variable to persist after a redirect or page change:

If I try and echo that 'success' session variable after a redirect, I get this:

Notice: Undefined index: success

I'm not understanding why this is so difficult? What else could I try?

Thanks for any help.

Answer 1

Test whether the session cookie is set properly.

$_SESSION["success"] = "The record was inserted successfully.";
// header( 'Location: index.php');
echo session_name() .': '.session_id(); // print session cookie name & value
echo '<pre>' . print_r(session_get_cookie_params() ) . '</pre>';
exit();  

What do you see? Open your browser's dev tools and look at cookies set when the server echoes the info above. If there is no cookie with the name (typically PHPSESSID) and session ID value above, then either your browser is not accepting cookies or the server isn't setting them. Either one will break cookie-based sessions.

If these seem to work ok, then re-establish your redirect. On the next page (index.php in your example), take a look at which cookies are received:

// Notice: this won't work on the page setting the cookie.
// Cookie should show up on the next page
echo '<pre>' . print_r($_COOKIE) . '</pre>';

Does the session id cookie exist?

If all this works, I would then look at whether PHP is actually storing session files properly. Session data is serialized and saved to files in a folder on the server's hard drive. Take a look at your php.ini, where you should see something like:

session.save_handler = files
session.use_cookies = 1

; where on server the files should be stored. the folder should be
; readable/writeable to the PHP process. Maybe '/tmp'?
session.save_path = 

If you edit your php.ini, remember to restart the server.

Update

From your comments, everything seems to be setup correctly. Remove all other code. and just have this:

page1.php

<?php
session_start();
$_SESSION = []; //start with an empty array
$_SESSION['success']= 'record saved';
$_SESSION['id'] = session_id();
header('Location: index.php');
exit;

index.php

<?php
session_start();
var_dump($_SESSION);
if(isset($_SESSION, $_SESSION['id'])):
  echo 'Session ids ' . ($_SESSION['id']===session_id()? 'match' : 'do not match');
endif;

What gets var-dumped in index.php after you get redirected from page1.php?