Issues

ZF-47: session_commit() before header redirect (TRAC#48)

Issue Type: Bug Created: 2006-06-20T00:47:00.000+0000 Last Updated: 2007-07-05T14:43:08.000+0000 Status: Resolved Fix version(s): - 0.6.0 (16/Dec/06)

Reporter: Zend Framework (zend_framework) Assignee: Matthew Weier O'Phinney (matthew) Tags: - Zend_Controller

Related issues: Attachments:

Description

http://framework.zend.com/developer/ticket/48

If you are writing things to the session and then call Zend_Controller_Action::_redirect() occasionally your changes to the session variables will not be saved. This is due to the fact that header redirects occasionally happen before the php saves the session to permanent storage on the server. This happens intermittently and is a vexing problem to fix.

This could easily be remedied if _redirect added a session_commit() before sending a redirection header.

The only other way to fix this is to have the developer call session_commit() every time they alter a session variable, or have them call session_write_close() before making a call to Zend_Controller_Action::_redirect(). Those are inferior solutions in my opinion because the proposed alteration to _redirect() is so simple and non-intrusive.

Comments

Posted by Simon Mundy (peptolab) on 2006-06-20T18:37:33.000+0000

Wouldn't this be handled by the Controller's plugin handler instead? Whilst I can see the convenience for this method, it's not strictly the Controller's job to handle session shutdowns/commits.

It may pay instead to have a pre-made plugin that interacts with the Zend_Session component so that it will be trivial to add this to the Controller chain.

Posted by Jayson Minard (jayson) on 2006-07-09T00:22:57.000+0000

I agree, would be best to make this pluggable behavior either via a plugin or on/off switch. But I do also agree it is useful to have and simplifies the process.

Posted by Matthew Weier O'Phinney (matthew) on 2006-11-09T14:57:50.000+0000

The issue is that Zend_Controller_Action::_redirect() actually calls exit() as its last argument, meaning that no plugins are then called.

A simple check for $_SESSION can determine if the session is started, and then a session_write_close() prior to the header will fixate it.

Posted by Matthew Weier O'Phinney (matthew) on 2006-11-09T14:59:47.000+0000

Resolved with revision 1519 in subversion.

Have you found an issue?

See the Overview section for more details.

Copyright

© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.

Contacts