Redirection and Sessions...

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
LonelyProgrammer
Forum Contributor
Posts: 108
Joined: Sun Oct 12, 2003 7:10 am

Redirection and Sessions...

Post by LonelyProgrammer »

I have been tearing out my hair out over this.

I have this login code in one page, login_loginuser.php :

(start_session is called way at the beginning...)

Code: Select all

if ($b_isLoginSuccess)
{
  // Extract all the needed information from the database
  $query_data = mysql_fetch_array($result);

  $username = $query_dataї"username"];
  $userid   = $query_dataї"userid"];

  // Register a new session
  $_SESSIONї"currentuser"] = $username;
  $_SESSIONї"userid"]      = $userid;

  // Display a message to inform the user in case the connection is tooooo slow
  echo "<b>Hi $username! Please wait while E-Knowledge Hub loads...</b>";
  
  header("refresh: 1; url=$rootDirectory/welcome.php");

 exit;
&#125;
And here's the recieving code -- welcome.php:

Code: Select all

session_start();

include "common_db.php";
include "common_inc.php";
include "interface_include.php";

// Begin rendering the page

htmlHeader();
renderMenuBar();

// Render the menu and welcome barrenderStatusBar();

echo "<P>Welcome to MyHub, ".$_SESSION&#1111;"currentuser"]."</P>";

htmlFooter();
Somehow the sessions are not working. However, if I attempt to log-in again, after ending the current session, it will work! I also realise that this sequence of code creates two session cookies in the sessiondata folder.

Out of frustration, I remove the redirection code, so after logging in I type in the url to welcome.php myself and to my disbelief, it works! I got output buffering turned on. I also got cahce disabling on. I tried using JavaScript to redirect the page but the result is still the same.

Help me. I am cluelesss

PS. I am using MS Windows 98 with PWM. Could this be the cause of my problems?
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

echo "<b>Hi $username! Please wait while E-Knowledge Hub loads...</b>";
header("refresh: 1; url=$rootDirectory/welcome.php");
I'm not sure what the point of this is if nothing is happening between the message and the refresh. Why not just do

Code: Select all

header("Location: /welcome.php");
?

If you realy want the message then try

Code: Select all

echo "<b>Hi $username! Please wait while E-Knowledge Hub loads...</b>";
sleep(1);
header("Location: /welcome.php");
User avatar
TLPD
Forum Newbie
Posts: 7
Joined: Mon Jun 30, 2003 10:14 am

hi

Post by TLPD »

you never use echo before you use header() function
LonelyProgrammer
Forum Contributor
Posts: 108
Joined: Sun Oct 12, 2003 7:10 am

Post by LonelyProgrammer »

Output buffering is turned on; that why I could use header to redirect the pages.

I tried header("location: ....") it still doesn't work.

The problem is not with the page not re-directing. The problem is after the page is re-directed, when PHP comes across "session_start()" in welcome.php, it creates a new session instead of resuming the prior session started by login_loginuser.php

If I create a link <a href=\"....\">, the session data get carried over with no problem. I just couldn't redirect and perserve the session data at the same time...

Help~
User avatar
Kriek
Forum Contributor
Posts: 238
Joined: Wed May 29, 2002 3:46 am
Location: Florida
Contact:

Post by Kriek »

markl999 wrote:I'm not sure what the point of this is if nothing is happening between the message and the refresh.
Mark, his refresh response-header is a delay equivalent to your sleep() function use; both are set on a one second delay.

Lonely, in most cases the header() function's location response-header field requires scheme, hostname and absolute path. You might need to call the session_write_close() function prior to a header() function call to redirect properly without destroying sessions data.
TLPD wrote:You never use echo before you use header() function
As Lonely previously stated output buffering is turned on. You can use output buffering with ob_start() and ob_end_flush() which will allow you to place headers and content in any order you want to. Note output buffering was originally designed to solve HTTP header errors. Although ob_end_flush() isn't needed in MOST cases because it is called automatically at the end of script execution by PHP itself when output buffering is turned on either in the php.ini or by calling ob_start().
Last edited by Kriek on Mon Oct 20, 2003 7:26 am, edited 1 time in total.
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

Mark, his refresh response-header is a delay equivalent to your sleep() function use
Not quite true. The reason i used a sleep with header location is that some clients treat the refresh differently to a location so any cookie set in the same request will be ignored, even the PHP session cookie.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

but then what difference makes a one second delay? output buffers are enabled and header are always sent before the response body (or they not sent at all)
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

Yeah, i didn't actually notice he was using buffering and my statement about doing echo/sleep was wrong, my bad, sorry ;)
But it's still true that some clients treat a refresh differently than a location and in some cases cookies won't be set with a refresh.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

as a sidenote: there is no refresh field defined for the response header by http1.1, though most browsers do support it ...somehow.
LonelyProgrammer
Forum Contributor
Posts: 108
Joined: Sun Oct 12, 2003 7:10 am

Post by LonelyProgrammer »

Thanks Kriek, and everyone else, for trying to help...

Kriek, I tried "session_write_close" but still it doesn't work. I suspect the problem is not PHP not storing the session data correctly, but somehow not resuming the created session and starting another one in the redirected page. I don't know if this is a damned property (or feature!?) of Personal Web Manager...I better switch to Apache and find out.

I am putting my header as

Code: Select all

header("location: http://localhost/blah.php");
I even tried passing the PHESSID over. Still no cigar. I tried using Javascript to redirect (window.location = "blahblah") but still nothing.

The strange thing, the werid thing, is that it works if I try to login a second time. I did destroy an existing session if an user try to re-login.

Code: Select all

if (isset($_SESSION&#1111;"currentuser"]))
&#123;
	// We destroy the current session and call this page again so
   	// that a new session will be started

   	// ...Clear the all the data in the session
   	$_SESSION=array();

   	// ...Destroy the session
   	session_destroy();

   	// ...Display a message in case the connection is toooooooooo slow
   	echo "<b>Logging out current user...please wait!</b>";

   	// ...Refresh the page
   	redirectToURL($PHP_SELF);

    return;

&#125;
I have no clue whatsoever. The session works fine if I go to the next page via a link, but not if I redirect. Worse to worse I can begin the session in welcome.php, but I still hate to be stuck on puzzlers like this...

Talking about Client side...I am using Opera. Does that matter?
User avatar
Kriek
Forum Contributor
Posts: 238
Joined: Wed May 29, 2002 3:46 am
Location: Florida
Contact:

Post by Kriek »

Hmm, interesting comment via the PHP Manual ...
All session data is lost after a header redirect from the first page on which the session is initialized. The problem is, the PHPSESSID cookie is not being sent to the browser (ANY browser, IE or Mozilla) on the initial session page with the header("Location: ...") redirect. This is unrelated to client cookie settings - the set-cookie: header just isn't sent.
.. and a comment via the PHP Bugs.
This is actually not a bug at all but rather behavior of HTTP. For PHP to be able to "find" a previously set session variable, it must be able to identify the client, right? Well, the default method used to accomplish this is via a cookie set when you initiate the session. Since it appears you are redirecting the user to the member's only page using the Location header on the same page the session is initiated, the PHPSESSID cookie will not be set. Thus, once the user arrives at the member's only page, PHP won't be able to identify the user. Their session variable is still there, but PHP won't give it to a stranger. Basically, in your HTTP reponse that includes the Set-Cookie header, it needs to be a regular 200 OK response and not a protocol level redirection. If you absolutely have to have the behavior you're going for here, you're going to have to use a meta refresh for the redirection. Yes, it's not as cool, but it's the only way to set a cookie and redirect the client in the same response. Otherwise, you'll have to pass the value of the cookie on the URL, which might be a good option for you actually.
LonelyProgrammer
Forum Contributor
Posts: 108
Joined: Sun Oct 12, 2003 7:10 am

Post by LonelyProgrammer »

Well..that explains a lot...thanks again, Kriek...

Stupid question...

What is a meta-refresh?

So the solution for me is to the user verification in welcome.php...
Post Reply