Firefox Losing Session Variables on Redirect

So I’ve been attempting to deal with an issue on a CMS I made for quite sometime. When People logged into the CMS they would be redirected to the Homepage from the Login page. They would get a first glimpse of the homepage then once they clicked a link they would be redirected back to the login page as the SESSION variables would disappear.

The problem was firefox feels that http://www.mysite.com is a totally separate site to http://mysite.com so it resets the SESSION variables.

I changed my links which i had prepended the domain to for some unknown reason (I’m sure there was a logical reason when i wrote it), so I changed it to /pageNames.html and all was well in the world again.

While researching this bug I found some other solutions

  • Call session_write_close() before using a header redirect in PHP
  • The worst possible solution would be to pass the SESSION Id (SID) in the url (not recommended) but nevertheless if worse comes to worse it is a solution.

Hope this helps someone. Until next bug.. keep up the good work.

You can leave a response, or trackback from your own site.

5 Responses to “Firefox Losing Session Variables on Redirect”

  1. BSG says:

    Thanks so much!!!! That solved a problem that I had struggled with.

  2. bretto36 says:

    Woot

  3. Chris says:

    Firefox also sees a redirect from http://www.host.com/page1.html to http://www.host.com/page2.html as a totally separate site. the solution as posted here is to only use relative links so “page2.html” really sucks for off site credit card payments when they redirect you back to the original site. I still consider this a bug.

  4. bretto36 says:

    Generally with redirecting to a off site credit card payment system and back as long as it was the same main domain no change to www then the session variables would remain active. I will do some testing of this. Thanks for the comment Chris

  5. Dan says:

    Thanks for posting this, you are a God amongst Men!!!! I had to deal with this issue today. I did notice one thing that lead to different solution for me. After the first redirect to http://www.website.com the session variable was lost. However after the second redirect to http://www.website.com the session variable held its value. So as a solution i force an initial redirect to http://www.website.com before the user can input any data. I have tested it out with off site credit transactions and it seems to do the trick.

Leave a Reply