ID: 49462
Updated by: [email protected]
Reported By: greg dot solak at profiletwist dot com
-Status: Open
+Status: Feedback
Bug Type: Session related
Operating System: Linux
PHP Version: 5.3.0
New Comment:
Does this happen with PHP 5.2.10 ? (hint: works just fine for me on
several sites without any problems..)
Previous Comments:
------------------------------------------------------------------------
[2009-09-03 23:01:05] greg dot solak at profiletwist dot com
Description:
------------
PHP SESSION variable $_SESSION['user_level'] is not saved after the
page is redirected using header(location: ...). Session_write_close()is
used right before redirect. After redirect die() is called. After a
second attempt at login, everything works!
Reproduce code:
---------------
<?php
// If login successfully ->
// Change session properties
$_SESSION['user_level'] = 7;
// Force session to save changes before redirection
session_write_close(); // REQUIRED
// Regenerate session id for security + fix bug in which some session
variables are lost during redirect
session_regenerate_id(true);
// Redirect to Access main page
header('Location: http://www.domain.com/access/main.php');
die();
?>
Expected result:
----------------
At the new page (the one the user was redirected to) the
$SESSION['user_level'] should == 7. However, the session variable was
not saved, as the user is redirected back to the login page. After a
second attempt at logging in, everything works as expected.
Actual result:
--------------
Redirected back to login page, because when php checked if the user had
the proper credentials
if ($_SESSION['user_level'] != 7) {
// redirect back to login page
}
Other improtant information: session_start(); is called on every page.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=49462&edit=1
