Edit report at http://bugs.php.net/bug.php?id=8809&edit=1
ID: 8809 Updated by: [email protected] Reported by: bf at ez dot no Summary: Cookieless session with Header redirects -Status: Open +Status: Bogus Type: Feature/Change Request -Package: Feature/Change Request +Package: *General Issues Operating System: All PHP Version: 4.0.4pl1 Block user comment: N Private report: N New Comment: You have to use the SID constant. To be standards compliante a Location header has to contain the complete URL. The session rewriter won't touch complete URLs, so it won't touch the Location header. Previous Comments: ------------------------------------------------------------------------ [2001-01-23 12:33:01] bf at ez dot no When PHP is compiled with --enable-trans-sid http redirects with header() does not work with cookieless sessions. This must be a bug. Here is how I fixed it with php code. The header() function should handle this if --enable-trans-sid is compiled in: function ezheader( $string ) { $sid =& $GLOBALS["PHPSESSID"]; if ( isset( $sid ) ) { $pos = strpos( $string, "?" ); if ( $pos ) { $string = $string . "&PHPSESSID=$sid"; } else { $string = $string . "?PHPSESSID=$sid"; } } header( $string ); } This code will automatically append the session id if it exists and that enables cookieless sessions with header( "Location: " ) redirects. ------------------------------------------------------------------------ [2001-01-19 14:44:53] bf at ez dot no I have code like: session_start(); if ( !isset( $Foo ) ) { session_register( "Foo" ); } else { print( $Foo ); } Header( "Location: /index.php" ); This does not work with cookieless sessions because the session information is not added to the header() if it's a redirect. The header() should add the PHPSESSIONID variable to the redirection path if it contains "Location: " like it does with other URLS and forms. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=8809&edit=1
