PHP: session isn't saving before header redirect

Question

I have read through the php manual for this problem and it seems quite a common issue but i have yet to find a solution. I am saving sessions in a database. My code is as f

Answer 1

You should start the session before using the session array.

PHP Code,
session_start();
$_SESSION['userID'] = $user->id;

header('Location: /subdirectory/index.php');

Answer 2

Another option than killing your script forcefully with exit is to use session_write_close to force the changes to be written to the session store.

This should however not happen if your script is terminating correctly.

As the documentation about session_write_close states:

End the current session and store session data.

Session data is usually stored after your script terminated without the need to call session_write_close(), but as session data is locked to prevent concurrent writes only one script may operate on a session at any time. When using framesets together with sessions you will experience the frames loading one by one due to this locking. You can reduce the time needed to load all the frames by ending the session as soon as all changes to session variables are done.

In my case this only happened during debugging with Xdebug, when I triggered the same script multiple times and thus multiple process tried to manipulate the same session. Somehow the session could then no longer be unlocked.

Answer 3

@Matt (not able to comment yet...): If:
a) It appears in the session before redirect
b) other keys work

80% of the time the problem is register_globals, and use of a equally named variable $userID somewhere (the other 19% is just overwriting in places one doesn't expect, 1% is unable to write/lock session before redirect and stale data, in which case you could try session_write_close() before the redirect). It goes without saying register_globals should be off :P

Answer 4

I haven't heard of this issue, but I haven't used sessions all that much.

With sessions you MUST do a few things and have a few setting setup:

• cookies enabled on client side
• session_start(), before anything happens
• make sure you don't destroy the session(unless they want to logout)
• The PHP session id must be the same (relates to cookies)

Another issue could be the $user->id is returning a reference to an object that doesn't exist on the next page. Most likely not, but make sure.

If I saw your code I could help you a lot more. But when debugging check the session key with session_id() and make sure it's the same. If you could try that then tell me I could keep helping.

I too would like to know how this ends up for when I get back into sessions.

Answer 5

Make sure both pages are the same php version (php5, php4 sometimes have different session paths)

Answer 6

userID does not have any keyword status.

Only reason to me, is $_SESSION['userID'] is being overwritten or deleted somewhere.

Make sure you use session->start() in all the files you want to add/access the session.

One important thing ( which may not be applicable in your case ) is, if the session is being handled using cookie, cookie can be made to be accessible only under certain directory and subdirectories under that. In your case anyhow, subdirectory will have access to the session.