NYCPHP Meetup

[David Krings]

Michael Southwell wrote:
> Christina Karlhoff wrote:
>> About a year ago NYPHP created a captcha form for our website.  The 
>> html has undergone quite a few changes.  Unfortunately in that process 
>> we've lost some function...when a user submits the form, forgetting a 
>> required field, the session is lost; on the redirect the data that was 
>> input by the user is gone.  Needing some guidance as to how to fix 
>> this.  Help please?
> 
> Carry the session id along as a get variable in the redirect, something 
> like this:
> header( 'Location: somewhere.php?PHPSESSID=' . session_id() );


Also, upon calling a script that is dependent on the session make sure that 
the session is picked up again before doing anything else. I use redirects 
frequently (back when I had time to code) and typically did this:

Script A
session_write_close
redirect to Script B

Script B
Session_start

I found that the session_write_close wasn't always necessary, but a few tests 
turned up that variables were still written to the file while the redirect 
already completed. The session_start is then always the first line of code to 
get executed, even before initializing variables, including files, or doing 
anything else.

My approach relies in cookies being set for passing the session_id along. I 
guess the more solid approach is to go with what Michael proposed. I am sure 
that when you use both approaches session data will be preserved and will 
remain available.

Alternatively, anything that is stored in a session can also be stored 
temporarily on the server. You can create your own random IDs and start 
stuffing data into database tables or flat files. That may have other 
disadvantages. I find session handling in PHP to be very convenient, almost 
too convenient as one is tempted to load all kinds of crap into the session 
and piggyback it through all scripts.

HTH

David