Does refreshing a page destroy PHP sessions?

Question

I've got a captcha command that sets the value of a Session and then refreshes the page if the captcha code isn't correct.

In verification section of the page:

$_SESSION['refresh']=1;
echo '<META HTTP-EQUIV="Refresh" Content="0"; URL="contact-test.php">';

When the page loads it runs a bit of php script to see if there is a value set for a session variable, if there is it then echos a javascript function for an alert box, which called in the in the body via an onLoad command.

At the very beginning of the code:

session_start();

if (isset($_SESSION['refresh'])) {
    echo '<script type="text/javascript">
       function loadalert ()
       {alert("Incorrect security code, please try again.")}
    </script>';}

Near as I can tell when the page refreshes the sessions value is lost, I suspect the session_start() command is clearing all previous sessions. I've tried a test echo sending out some text and the value of the session, both before the loop and in the loop; only the one before the loop gets echoed without a session value at refresh.

Answer 1

No the session is only destroyed when you call the session_destroy() function or whenever the expiry date is set.

You can also empty the SESSION array to "destroy" whatever is inside the SESSION.

Answer 2

As Josua said session is destroyed only session_destroy() is called. Check whether you are storing values in session from a form posted in previous page. If so when you refresh the page the form values from previous page are destroyed (?)

Answer 3

Something that may be vital here is that there is a trick with COOKIES. I know you are asking about session vars but this may affect you and it has caused me more than one or two headaches.

If you set a cookie on a page, you CAN NOT rely on it being there when you read the cookie. That is, in one page draw, the cookie var can't be written to and read from as if it were a variable. It is a remote thing so don't ever think you can write to it and just read it right back - the thing you just wrote won't exist as the cookie your code is seeing is "stale" at that point. I hope that makes sense.

Session vars are fantastic in that they work exactly as you'd expect.

Answer 4

if for some unknown reason ... the sequence of the code is ....

$_SESSION['refresh']=1;
echo '<META HTTP-EQUIV="Refresh" Content="0"; URL="contact-test.php">';

session_start();

if (isset($_SESSION['refresh'])) {
    echo '<script type="text/javascript">
       function loadalert ()
       {alert("Incorrect security code, please try again.")}
    </script>';}

then it wont work. if the session_start() is at the VERY top of the page , then your code should work ok.

also ..... if you have some output already started before ..

$_SESSION['refresh']=1; echo '';

you should get an error but the refresh would be too fast for you to notice i guess. use header("location: contact-test.php"); instead of that obsolete meta refresh.