ID: 49462
Comment by: wouter at prepaidwebhost dot nl
Reported By: greg dot solak at profiletwist dot com
Status: No Feedback
Bug Type: Session related
Operating System: Linux
PHP Version: 5.3.0
New Comment:
Same problem, however not on the 5.3 version of PHP, but using PHP
5.2.10-2.2 on Debian Squeeze.
Previous Comments:
------------------------------------------------------------------------
[2009-09-12 01:00:01] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
------------------------------------------------------------------------
[2009-09-04 11:26:41] j...@php.net
Also, your example script really can't work since it does not have
session_start() called at all. It's not enough that you say it's there
when it clearly isn't.
------------------------------------------------------------------------
[2009-09-04 11:25:33] j...@php.net
Does this happen with PHP 5.2.10 ? (hint: works just fine for me on
several sites without any problems..)
------------------------------------------------------------------------
[2009-09-03 23:01:05] greg dot solak at profiletwist dot com
Description:
------------
PHP SESSION variable $_SESSION['user_level'] is not saved after the
page is redirected using header(location: ...). Session_write_close()is
used right before redirect. After redirect die() is called. After a
second attempt at login, everything works!
Reproduce code:
---------------
<?php
// If login successfully ->
// Change session properties
$_SESSION['user_level'] = 7;
// Force session to save changes before redirection
session_write_close(); // REQUIRED
// Regenerate session id for security + fix bug in which some session
variables are lost during redirect
session_regenerate_id(true);
// Redirect to Access main page
header('Location: http://www.domain.com/access/main.php');
die();
?>
Expected result:
----------------
At the new page (the one the user was redirected to) the
$SESSION['user_level'] should == 7. However, the session variable was
not saved, as the user is redirected back to the login page. After a
second attempt at logging in, everything works as expected.
Actual result:
--------------
Redirected back to login page, because when php checked if the user had
the proper credentials
if ($_SESSION['user_level'] != 7) {
// redirect back to login page
}
Other improtant information: session_start(); is called on every page.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=49462&edit=1
