Lost SESSION variables on same page redirect. 1

[max2474]

Hi.

I cannot work out what I've missed as I am using pretty much the same code as elsewhere in my site. I have a login check, which has been working fine, regenerating sessions and writing them to the database as needed.

I have just added a header redirect and my session contents vanished, although I cannot work out why.

Scripts are as follows:

<?php
	session_start();
	require("phpsnips/connectdb.php");
	require("memfunction/checklogin.php");
	require("memfunction/memberjobs.php");
	require("dochead.php");
?>

<body>
	<?php
		include("layouts/memlayout.php");
		mysql_close($con);
	?>
</body>
</html>

<?php
	$newsjob = filter_var(mysql_real_escape_string($_POST[newsjob]), FILTER_SANITIZE_NUMBER_INT);
	$mnews = filter_var(mysql_real_escape_string($_POST[mnews]), FILTER_SANITIZE_SPECIAL_CHARS);
	$nmnews = filter_var(mysql_real_escape_string($_POST[nmnews]), FILTER_SANITIZE_SPECIAL_CHARS);
	$activebon = filter_var(mysql_real_escape_string($_POST[activebon]), FILTER_SANITIZE_NUMBER_INT);
	$planu = filter_var(mysql_real_escape_string($_POST[planu]), FILTER_SANITIZE_NUMBER_INT);

	if ($newsjob == "1")
	{
		mysql_query("UPDATE info SET mnews = '$mnews' WHERE inforow = 1 LIMIT 1")or die(mysql_error());
	}
	if ($newsjob == "2")
	{
		mysql_query("UPDATE info SET nmnews = '$nmnews' WHERE inforow = 1 LIMIT 1")or die(mysql_error());
	}
	if ($newsjob == "3")
	{
		mysql_query("UPDATE info SET activebonus = '$activebon' WHERE inforow = 1 LIMIT 1")or die(mysql_error());
	}
[COLOR=red]	if ($newsjob == "4")
	{
				header("location:members.php?menutabs=3");
		
	}[/color]
?>

<?php
	$clsessionid = session_id();
	$clisloggedin = "0";
	$clresult = mysql_query("SELECT loggedin FROM members
		WHERE email = '$_SESSION[email]' AND password = '$_SESSION[userpass]' AND loggedin = '1' AND sessionid = '$clsessionid' LIMIT 1")or die(mysql_error());
		while($clrow = mysql_fetch_array($clresult))
		{
			$clisloggedin = "1";
		}
	if ($clisloggedin == "1")
	{
		session_regenerate_id(false);
		$clsessionid = session_id();
		mysql_query("UPDATE members SET sessionid = '$clsessionid' WHERE email = '$_SESSION[email]' LIMIT 1")or die(mysql_error());
	}
	else
	{
	[COLOR=red]echo "session is ".session_id();[/color]
		/*
		require("phpsnips/sessiondestroy.php");
		header("location: index.php?menutabs=21&&r=1005");
		*/
	}
?>

the final echo is how i found out the session data was missing.. the output was - Array ( ).

In use:
- Hitting F5 or refreshing the page regenerates the session fine, updates the database and user stays logged in. All information retained.
- "POSTS" for $newsjob 1, 2 and 3 regenerates the session fine and all info retained.

For $newsjob 4, the header redirect gives me the lost session info and logs user out. I have compared this with the redirects I have in my non-member scripts and cannot see any difference (session_start() for first line, etc) :/

 

[max2474]

CORRECTION:

The final echo does output the correct session id. I used <?php print_r($_SESSION); ?> at the top of the memlayout.php page (from members.php) to find out that the session was empty.

 

[jpadie]

it is possible that you are suffering from a race condition. test this by expressly closing the session at the end of the script.

session_write_close();

also after using the header() method it is advisable to call die() expressly (unless you intend the script to continue)

 

[max2474]

strange..

I have session_write_close(); on my logout already (sessiondestroy.php), but did add die() after all my headers. I believe all is working as it should do now, but need to do some more testing. Thanks for info