From: [EMAIL PROTECTED]
Operating system: Linux
PHP version: 4.2.3
PHP Bug Type: Session related
Bug description: session file cleared after execution of header("location ...
After execution of header("Location:otherfile.php?".SID);
the session file previously created does not contain all the items posted
by a form.
My configuration:
Linux RH6.2 (tested also RH7.2 and RH 7.3)
Apache 1.3.27
PHP 4.2.3 compiled as a CGI
'./configure' '--enable-shared' '--with-system-regex'
'--with-gd=/usr/local' '--enable-ftp' '--with-mysql' '--enable-track-vars'
'--with-ttf=/usr' '--enable-gd-native-ttf' '--with-jpeg-dir'
'--with-png-dir' '--with-zlib' '--enable-force-cgi-redirect'
'--enable-dbase' '--with-config-file-path=/usr/local/apache/conf'
register_globals=1
session_trans_sid=1 (tested also =0)
I have 2 files index.php and lib1.inc
When I start index.php a session file is created (under /tmp) and contains
the variable name ( !sessione| ).
When I post the form (in index.php), the session file under /tmp does not
get updated.
If I comment out the line header("Location:otherfile.php?".SID); instead,
the session file is updated with the values posted by the form.
It behaves as if execution of header("location ... cleared the session
file.
These are the files involved:
LIB1.INC
<?
session_start();
session_register("sessione");
[....other functions here ....]
function SessioneUtente($fusern,$fpassw,$fnome,$fcognome,$fpriv,$femail)
{
global $sessione;
$sessione[nome]=$fnome;
$sessione[cognome]=$fcognome;
$sessione[username]=$fusern;
$sessione[password]=$fpassw;
$sessione[priv]=$fpriv;
$sessione[email]=$femail;
$sessione[loggato]=true;
}
?>
############################################
INDEX.PHP
<?
include("lib1.inc");
$messaggio="";
if (isset($azione) && $azione=="vai")
{
if(empty($logon[username]) || empty($logon[password]))
$messaggio.="devi riempire tutti i campi";
//DEFINISCO l'ARRAY CU che conterr� i dati utente
(username,password,priv, ecc.)
$cu=checkUser( $logon[username], $logon[password]);
if(!empty($logon[password]) && $logon[password]!=$cu[password])
$messaggio .= "utente o password errati, riprova";
if ($messaggio=="")
{
SessioneUtente($cu[username],$cu[password],$cu[nome],$cu[cognome],$cu[priv],$cu[email]);
header("Location:otherfile.php?".SID);
}
}
?>
<html>
<head>
<title>login</title>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1">
<meta name="GENERATOR" content="Quanta Plus">
</head>
<body>
<?
if($messaggio!="")
echo $messaggio;
?>
<form action="<?echo $PHP_SELF; ?>" method="post">
<input type="hidden" name="azione" value="vai">
<div align=center>
<table border=1 cellpadding=0 cellspacing=0>
<tr>
<td colspan=2>
Login
</td>
</tr>
<tr>
<td>
Username
</td>
<td>
<input type="text" name="logon[username]" value="<?echo
$logon[username]; ?>">
</td>
</tr>
<tr>
<td>
Password
</td>
<td>
<input type="password" name="logon[password]" maxlength=8>
</td>
</tr>
<tr>
<td align=right colspan=2>
<input type="submit" value=accedi>
</td>
</tr>
</table>
</div>
</form>
</body>
</html>
--
Edit bug report at http://bugs.php.net/?id=20425&edit=1
--
Try a CVS snapshot: http://bugs.php.net/fix.php?id=20425&r=trysnapshot
Fixed in CVS: http://bugs.php.net/fix.php?id=20425&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=20425&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=20425&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=20425&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=20425&r=support
Expected behavior: http://bugs.php.net/fix.php?id=20425&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=20425&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=20425&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=20425&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=20425&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=20425&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=20425&r=isapi
