Why is session variable not being saved after redirect in Chrome only?

Question

In Firefox, the session variable is saved and retrievable after the redirect but in Chrome, after redirect, it says it doesn't exist.

Redirect code:

session_start();
$_SESSION[ "test" ] = "exists";
session_write_close();
header( "HTTP/1.1 301 Moved Permanently" ); //Removing this 301 line doesn't help
header( "Location: http://" . $_SERVER[ "HTTP_HOST" ] . "/" );
exit();

Retrieving the session:

session_start();
if ( isset( $_SESSION[ "test" ] ) )
{
    echo $_SESSION[ "test" ];
    unset( $_SESSION[ "test" ] );
}

Why doesn't this work in chrome?

EDIT: I think I found the answer but it doesn't make sense. If I remove the line unset( $_SESSION[ "test" ] ) then it saves the session after the redirect! But why does this occur? The session should be server-side. And I unset it after the "echo" statement! How does it not echo the value just because I unset the variable after that?!

Does anyone know what's going on?

Answer 1

I am not sure if your case is similar to mine. But for me the reason was the formation of URL.

With chrome, when typing the URL as "http://www.domainname.com" and setting the session variables there.

and redirecting with "http://domainname.com" without the WWW. the sessionid is not reused.

This resolved my issue hope this is helpful to someone.

Answer 2

WE can fix this issue by two way

i . in Firefox browser setting change character Encoding to "UTF-8"

ii . By PHP code at the page add "header('Content-Type: text/html; charset=utf-8');" which you going to post

Thanks, Suresh Ramakrishnan

Answer 3

It may be a problem with the way the redirect is being handled. You're presently telling the browser to redirect offsite (even though we're not really going offsite) by specifying http:// in the header for location.

header( "Location: http://" . $_SERVER[ "HTTP_HOST" ] . "/" );

If you replace it with this it may help the browser to keep the SESSION alive since it believes it is on the same site:

header("Location: /");

Also, what happens if you do something like this:

if (!empty( $_SESSION[ "test" ] ) ){
$test = $_SESSION[ "test" ];
unset( $_SESSION[ "test" ] );

echo $test;
}

PHP if I'm not mistaken will perform all server side functions first, then return the code to the user from the print and echo statements.

If I'm right, then that bit of code would work for both of the browsers if it was indeed the unset command that was making the code not work (since we're saving the var to something that can be echoed after the SESSION was destroyed.

If it doesn't work, then its a difference in browser session handling more than likely due to the redirect.

Update

Also note that 301 redirects can be cached. You're performing these functions on a page that you've already told your browser permanently moved. It may not even be seeing the page that sets the SESSION at all if it's relying on the cache on subsequent attempts.

Update 4/22

After checking the headers. In the versions of Chrome I'm running (Version 26.0.1410.64 m on Windows and Version 26.0.1410.65 on Mac OS) I do not experience this particular issue. Whether the local URLs vs Offsite URLs are there and regardless of the existence of the unset() command.

You can open Developer Tools in Chrome (Tools > Developer Tools or Ctrl-Shift-i on Windows or Command-Shift-i on Mac) and see the header output under the Network tab. There may be something going on with your domain redirecting causing a SESSION to be dropped.

It might be specific to a setting on your local machine or your Chrome build for your particular OS (if it's different than my own). Additionally it might be a configuration setting in PHP and how you're actually passing SESSIONs. I simply pasted your code directly from the question into a new page and created a page for it to redirect to. Upon testing, all of the browsers (Chrome, Firefox, IE (7,8,9), Opera, Safari, and Mozilla) on my machines say "exists."

Here are my test machine's SESSION settings (from phpinfo()):

Answer 4

The problem was due to multiple requests of the same page by Chrome. No other browser does this the same way so the issue only shows up for Google Chrome.