tags:

views:

667

answers:

5
Q: 

PHP redirection problem in IE when using session variables

I have a small website that works like below

1) User goes to the login page and enters the credentials (call it page1)
2) The form gets posted to page2, which authenticates the user, calls  
   session_start and then sets a session variable with $_SESSION['somevar'] and 
   redirects to the page3
3) On page3 , I check if the $_SESSION['somevar'] is set if not send the user back to the login page
 //here's the code on the top of the page3 
<?php
 session_start();
 if (!isset($_SESSION['somevar'])) { header("Location:http://somesite") }
 ...other code follows

The problem is while this works in FireFox, even with correct user credentials IE 7 keeps on redirecting back to page1 instead of displaying the contents of page3.

Some pointer please to solve this?

EDIT : A very weird solution but it works. I changed 

 if (!isset($_SESSION['somevar'])) { header("Location:http://somesite") }

to

 if ($_SESSION['somevar'] == '' ) { header("Location:http://somesite") }

and IE is happy now. But I am still clueless as to why isset didn't work in IE

Many Thanks

A: 

Does your IE7 accept cookies? Maybe the session fails being created at all.

Alex  2010-01-04 15:08:23
Yes IE7 is set to accept cookies
Anand  2010-01-04 15:14:09
Try to echo your session_id() in all your files and compare it then.
Alex  2010-01-04 15:15:50
Comment out your redirect and open the files directly in your browser - let's see whats happening.
Alex  2010-01-04 15:17:01
@Alex, a very good point wrt echoing session_id. Will investigate a bit more.
Anand  2010-01-04 15:22:47
A: 

Your script needs to exit() or die() after calling the header function.

header() doesn't end the script. Some browsers will go ahead and move on to the new location, while others will wait while the rest of the script runs and display that output. Unless you call exit(), the script will run whether the output is shown or not.

Scott Saunders  2010-01-04 15:22:15
I have tried using die() and exit() after the header call, but it only works in Frefox, IE does not work at all. I also tried dumping the $_SESSION using var_dump. FF shows the data `array(1) { ["somevar"]=> string(9) "somevalue" } ` but IE shows `array(0) { }`
Anand  2010-01-04 17:46:15
A: 

Indeed, you must die right after the header. If not, the code below will be executed and can lead to sercurity issues as not all clients actually follow the redirection header (cf the search engine spiders for instance).

You can check what is actually in session just var_dumping its content. The redirection won't be taken into account during the test as an output is sent to the browser before the call to header().

<?php
  session_start();

  /* To test: */
  var_dump($_SESSION);

  if (!isset($_SESSION['somevar'])) 
  { 
      header("Location: http://somesite");
      die();
  }
Benoit Vidis  2010-01-04 15:45:26
Using var_dump FF shows the data `array(1) { ["somevar"]=> string(9) "somevalue" }` but IE shows `array(0) { }`
Anand  2010-01-04 17:51:29
It then means that you do not have any session running IE. Most probable case is that cookies are disables in IE security settings.
Benoit Vidis  2010-01-04 20:21:04
A: 

Use iehttpheasers or wireshark to find out if IE is sending back the cookie. I expect you'll find that either it isn't, or it is caching pages it shouldn't.

C.

symcbean  2010-01-11 12:10:29
A: 

header('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"');

header("Set-Cookie: SIDNAME=ronty; path=/; secure");

header('Cache-Control: no-cache');

header('Pragma: no-cache');

use this on top of the page to fixed IE7

header('location: land_for_sale.php?phpSESSID='.session_id());

use ?phpSESSID='.session_id() to your location : to fixed IE6

RAT  2010-06-02 07:22:02

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases