ID: 18708
Updated by: [EMAIL PROTECTED]
Reported By: andywright28 at hotmail dot com
Status: Bogus
Bug Type: HTTP related
Operating System: Win2000 sp6a
PHP Version: 4.2.2
New Comment:
to bandit_109 at hotmailc dot om:
it is your code that is doing something wrong,
as it is relying on client behaviour that
simply doesn't exist (besides the fact that
your Location: header violates RFC2616 anyway)
Location: and Set-Cookie: handlers within a
single reply just don't work, there's *nothing*
PHP can do about it ...
what you can do is using the SID constant to
add the session id to the Location: redirect
URL as a GET parameter (and change the relative
URL to an absolute one)
Previous Comments:
------------------------------------------------------------------------
[2003-02-25 18:04:31] bandit_109 at hotmailc dot om
I have the same problem except this is an BAD issue for me because my
code looks like this:
<?
session_name("woot");
session_start();
if (isset($_SESSION["access"]))
echo "Session was registered with: " . $_SESSION["access"];
else
{
$access = "session variable";
$_SESSION["access"]=$access;
}
header("Location: test2.php");
?>
Now obviously if the cookie does not get sent, then I cannot send the
session id. I'm trying to migrate an application to IIS and this borks
the entire site. I suppose I can get away with replacing all my header
redirects with
echo "<meta http-equiv='refresh' content='0;test2.php'>";
but I wish there was some way that was better than that.
------------------------------------------------------------------------
[2002-08-05 05:03:44] [EMAIL PROTECTED]
php sends both the SetCookie: and the Location: header,
and changes the HTTP status code to 302 to indicate
the redirect
the actual redirect may happen on the server or the
client side depending on server api and server settings,
in which case the client will never know about the
SetCookie: header as it doesn't even see it
and even if the redirect is processed on the client
side the client might just look for the Location:
line due to the redirect status of the request result
and not process any other headers like esp. SetCookie:
as a redirect is not supposed to have any other payload
than the redirection target address
(i won't comment on the code quality of phpnuke here ;)
------------------------------------------------------------------------
[2002-08-02 11:56:58] andywright28 at hotmail dot com
Does Header() not use echo() to print text out? Essentially doing the
same thing (with a few checks)? I'm just guessing, as I haven't looked
at the source. It just seems strange not to work on a server like IIS.
I ran the code originally on Linux/Apache (Mandrake 8.0) and it all
worked fine out of the box, using the same machine/browser
(Win2k/IE5.5) to browse the web site.
And thanks on the info for the Location: header. I think the guys doing
<a href="www.phpnuke.net">PHPNuke</a> should take note since its their
code I'm quoting from!
------------------------------------------------------------------------
[2002-08-02 11:33:28] [EMAIL PROTECTED]
this is not a PHP issue, it is either the webserver or the browser that
ignores the SetCookie header on HTTP redirects
btw: your Location: header usage is dangerous, the RFC
clearly says that you have to use *absolute* URLs
in Location: headers
------------------------------------------------------------------------
[2002-08-02 10:57:38] andywright28 at hotmail dot com
<?
//some processing
$info = base64encode("$information");
setcookie("user",$info,time()+15552000);
Header("Location: file.php");
?>
The cookie doesn't get set if a Header() function is used straight
after it. If I comment out the header function then the cookie is set
ok. I can also replace the Header() function with an echo() as in:
echo "<meta http-equiv='refresh' content='0;file.php'>";
and this works fine also.
The PHP installed is the 4.2.2 precompiled binary for Windows, running
php.exe from IIS version 5. The piece of code is actually used in
PHPNuke. Line 502 of /modules/Your_Account/index.php.
Am I missing something?
Andy
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=18708&edit=1
