Firefox Losing Session Variables on Redirect
So I’ve been attempting to deal with an issue on a CMS I made for quite sometime. When People logged into the CMS they would be redirected to the Homepage from the Login page. They would get a first glimpse of the homepage then once they clicked a link they would be redirected back to the login page as the SESSION variables would disappear.
The problem was firefox feels that http://www.mysite.com is a totally separate site to http://mysite.com so it resets the SESSION variables.
I changed my links which i had prepended the domain to for some unknown reason (I’m sure there was a logical reason when i wrote it), so I changed it to /pageNames.html and all was well in the world again.
While researching this bug I found some other solutions
- Call session_write_close() before using a header redirect in PHP
- The worst possible solution would be to pass the SESSION Id (SID) in the url (not recommended) but nevertheless if worse comes to worse it is a solution.
Hope this helps someone. Until next bug.. keep up the good work.
May 21st, 2008 at 8:11 am
Thanks so much!!!! That solved a problem that I had struggled with.
June 13th, 2008 at 10:39 am
Woot
December 19th, 2008 at 5:02 am
Firefox also sees a redirect from http://www.host.com/page1.html to http://www.host.com/page2.html as a totally separate site. the solution as posted here is to only use relative links so “page2.html” really sucks for off site credit card payments when they redirect you back to the original site. I still consider this a bug.
December 19th, 2008 at 9:44 am
Generally with redirecting to a off site credit card payment system and back as long as it was the same main domain no change to www then the session variables would remain active. I will do some testing of this. Thanks for the comment Chris
December 24th, 2008 at 3:08 am
Thanks for posting this, you are a God amongst Men!!!! I had to deal with this issue today. I did notice one thing that lead to different solution for me. After the first redirect to http://www.website.com the session variable was lost. However after the second redirect to http://www.website.com the session variable held its value. So as a solution i force an initial redirect to http://www.website.com before the user can input any data. I have tested it out with off site credit transactions and it seems to do the trick.
December 1st, 2009 at 6:33 am
You have rocked hugely. thank you.
“I changed my links which i had prepended the domain to for some unknown reason (I’m sure there was a logical reason when i wrote it), so I changed it to /pageNames.html and all was well in the world again.”
December 9th, 2009 at 9:12 pm
I had a similar problem but I found that it was the YSlow! plugin that caused it. Once I disabled it, my problems went away.
March 2nd, 2010 at 11:00 am
A good way to fix this problem is using a .htaccess redirect. I inserted the following lines of code:
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www.yourdomain.ca$ [NC]
RewriteRule ^(.*)$ http://www.yourdomain.ca/$1 [L,R=301]
March 2nd, 2010 at 11:06 am
Thanks Ryan – that’s a good point, that would certainly solve this stuff.
Would doing that redirect cause slightly larger overheads. Because its a 301 redirect, if you were transferring people to the wrong page (non www) and then having them redirected each time (to www) would it cause larger overheads on requests or an increase in requests? Cause i’m not totally sure.
Either way, aiming to make sure redirects aren’t www or non www specific is good, and having that redirect as a fail safe would be the optimum solution.