So, I want to preserve a specific session variable after the user logs out. Like this:
// Save the session variable
$foo = $_SESSION["foo"];
// Terminate the session
//----------------------------------------------
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), "", time() - 3600,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
session_destroy();
session_regenerate_id();
//----------------------------------------------
// Restart the session
session_start();
// Store the variable in the session
$_SESSION["foo"] = $foo;
// Redirect the user to the same page, this time unauthenticated
header("Location: " . $_SERVER["REQUEST_URI"]);
But it doesn’t seem to be properly stored, because after the redirect, $_SESSION["foo"] is null.
Can anyone help me with this? Am I doing something ‘illegal’ here?
NOTE:
If I do var_dump($_SESSION["foo"]) right before the redirection, it does return the variable.
I always call session_start() before I retrieve $_SESSION["foo"], of course.
Also, and I don’t know if this has something to do, but $foo is an object, so I’m doing $foo = unserialize($_SESSION["foo"]) and $_SESSION["foo"] = serialize($foo);.
Depending on the PHP version you use maybe this could explain the problem https://bugs.php.net/bug.php?id=38042.
Maybe other versions may be affected as well.
This post also describes the behavior you are encountering:
A possible workaround for you may be to pass the
$foovariable to your next script as a$_GETargument in the location header like this: