[SOLVED] Passing $_SESSION with header()

[dougcollins]

I'm new to this PHP game, but what I'm trying to do is pretty simple.  I've read a number of posts with similar problems, but so far I haven't found what must be a simple solution.

 

I'm just trying to validate a username and password entered on a form and send the validated user to another page, but the $_SESSION variable will not transfer - first time. That's the puzzle - it only fails on the first try. If I immediately go back to the validating page and try again, it works second time?!

 

I've stripped down the code to the basic core of the problem.

 

validating page:

<?php
session_start();
$_SESSION['pass'] = 1;
header("Location: http://domain.com/targetfile.php");		
?>

 

target file:

<?php
session_start();
echo $_SESSION['pass'];
?>

 

Surely there is a simple solution... something to be added?

 

Thanks in advance,

 

Doug Collins

[Cosizzle]

Hmm is this what you mean? sorry if i miss read what your after...

 

session_start();
if ($_SESSION['pass'] = 1) {
header("Location: http://domain.com/targetfile.php");
}
else {
// do whatever
}

[dougcollins]

Yes, that would be the logical continuation of the code, but this is just a stripped down test file. In this test the "if" statement will always be true, because $_SESSION is set as "1", so there is no need for an }else{ .

 

I just want to be able to successfull pass $_SESSION['pass'] to the target file - first try.

[PFMaBiSmAd]

Add the following two lines of code immediately after your first opening <?php tag on both pages -

 

ini_set("display_errors", "1");
error_reporting(E_ALL);

[dougcollins]

I have added that code, and it returns an error:

Notice: Undefined index: pass in D:\Hosting\3555192\html\targetfile.php on line 6

 

This makes sense because line 6 is trying to "echo" $_SESSION, which is not being passed - first time.  If I immediately rerun the "validating page" then there is no error and $_SESSION['pass'] displays properly as "1".

 

Thanks,

 

Doug

 

[PFMaBiSmAd]

It sounds like you are switching between www.domain.com and domain.com and/or the session id is being passed on the end of the url instead of in a cookie.

 

What are the two URLs? xxxxx out any information you don't want to post but don't change any of the www. or any paths or GET parameters that are part of the two URL's.

 

What does a phpinfo() statement show for the session.xxxxxx parameters?

 

 

[dougcollins]

It sounds like you are switching between www.domain.com and domain.com

 

Bingo!  I had left off the "www"!  I knew it was something simple, but you know what... I don't think I ever would have figured it out on my own.

 

Thank you so much,

 

Doug

[PFMaBiSmAd]

You can set the session cookie domain setting so that both www. and non-www. will work -

 

session.cookie_domain string

session.cookie_domain specifies the domain to set in session_cookie. Default is none at all meaning the host name of the server which generated the cookie according to cookies specification. See also session_get_cookie_params() and session_set_cookie_params().

 

The domain that the cookie is available. To make the cookie available on all subdomains of example.com then you'd set it to '.example.com'. The . is not required but makes it compatible with more browsers. Setting it to www.example.com will make the cookie only available in the www subdomain.