Firefox Losing Session Variables on Redirect
So I’ve been attempting to deal with an issue on a CMS I made for quite sometime. When People logged into the CMS they would be redirected to the Homepage from the Login page. They would get a first glimpse of the homepage then once they clicked a link they would be redirected back to the login page as the SESSION variables would disappear.
The problem was firefox feels that http://www.mysite.com is a totally separate site to http://mysite.com so it resets the SESSION variables.
I changed my links which i had prepended the domain to for some unknown reason (I’m sure there was a logical reason when i wrote it), so I changed it to /pageNames.html and all was well in the world again.
While researching this bug I found some other solutions
- Call session_write_close() before using a header redirect in PHP
- The worst possible solution would be to pass the SESSION Id (SID) in the url (not recommended) but nevertheless if worse comes to worse it is a solution.
Hope this helps someone. Until next bug.. keep up the good work.
May 21st, 2008 at 8:11 am
Thanks so much!!!! That solved a problem that I had struggled with.
June 13th, 2008 at 10:39 am
Woot
December 19th, 2008 at 5:02 am
Firefox also sees a redirect from http://www.host.com/page1.html to http://www.host.com/page2.html as a totally separate site. the solution as posted here is to only use relative links so “page2.html” really sucks for off site credit card payments when they redirect you back to the original site. I still consider this a bug.
December 19th, 2008 at 9:44 am
Generally with redirecting to a off site credit card payment system and back as long as it was the same main domain no change to www then the session variables would remain active. I will do some testing of this. Thanks for the comment Chris
December 24th, 2008 at 3:08 am
Thanks for posting this, you are a God amongst Men!!!! I had to deal with this issue today. I did notice one thing that lead to different solution for me. After the first redirect to http://www.website.com the session variable was lost. However after the second redirect to http://www.website.com the session variable held its value. So as a solution i force an initial redirect to http://www.website.com before the user can input any data. I have tested it out with off site credit transactions and it seems to do the trick.