PHP: header() function not redirecting. When redirecting with HTML or JavaScript, Session information is lost

Question

This is a PHP/Apache question...

1. I have the following code. In particular I would like to emphasize the following:

     // store email in session variable $_SESSION["jobseeker_email"] = $_POST["jobseeker_email"]; // perform redirect $target = util_siblingurl("jobseekermain.php", true); header("Location: " . $target); exit; /* ensure code below does not executed when we redirect */ 

which is where the problem lies. When I execute this code on localhost it works fine, but then when I execute it on the remote server (which is an ipage.com hosted site), I do not get the desired outcome. In fact, when the header("Location: $target); part runs I see a blank page (and no redirect). It's as though something was being output before the call to header(), but this is not the case, as I've checked it. So why is it not working?

1. If I comment out the part that invokes header() and then exit, I am able to perform either an html redirect or a javascript redirect. However, when I do this I lose my session variable $_SESSION["jobseeker_email"]. I cannot understand why this happens.

Any help with these issues would be greatly appreciated as I need to perform a redirect and still retain the session state from the former page, and all of this on a server (not just on localhost).

    <?php

      session_start();

      require_once('include/connect.php');
      require_once('include/util.php');

      util_ensure_secure();

      if (isset($_GET['logout'])) {

        session_destroy();

        // restart session

        header("Location: " . util_selfurl(true));

      }

      function do_match_passwords($password1, $password2) {

        return strcmp($password1, $password2) == 0;

      }

      function valid_employer_login($email, $password) {

        global $mysqli;

        global $employer_error;

        $query = "SELECT passwd FROM Employer WHERE email = '" . $mysqli->escape_string($email) . "'";

        $result = $mysqli->query($query);

        util_check_query_result($query, $result);

        $invalid_credentials = false;

        if ($result->num_rows == 0) {

          $invalid_credentials = true;

        } else {

          $row = $result->fetch_assoc();

          $retrieved_password = $row["passwd"];

          if (!do_match_passwords($password, $retrieved_password))

        $invalid_credentials = true;

        }

        if ($invalid_credentials) {

          $employer_error = "Invalid credentials.";

          return false;

        }

        return true;

      }

      function valid_jobseeker_login($email, $password) {

        global $mysqli;

        global $jobseeker_error;

        $query = "SELECT passwd FROM JobSeeker WHERE email = '" . $mysqli->escape_string($email) . "'";

        $result = $mysqli->query($query);

        util_check_query_result($query, $result);

        $invalid_credentials = false;

        if ($result->num_rows == 0) {

          $invalid_credentials = true;

        } else {

          $row = $result->fetch_assoc();

          $retrieved_password = $row["passwd"];

          if (!do_match_passwords($password, $retrieved_password))

        $invalid_credentials = true;

        }

        if ($invalid_credentials) {

          $jobseeker_error = "Invalid credentials.";

          return false;

        }

        return true;

      }

      if (isset($_POST["employer_submitted"])) {

        global $error;

        // check whether specified username and password have been entered correctly

        if (valid_employer_login($_POST["employer_email"], $_POST["employer_password"])) {

          // store email in session variable

          $_SESSION["employer_email"] = $_POST["employer_email"];

          // perform redirect

          $target = util_siblingurl("jobseekermain.php", true);

          header("Location: " . $target);

          exit; /* ensure code below does not executed when we redirect */

        }

      }

      if (isset($_POST["jobseeker_submitted"])) {

        global $error;

        // check whether specified username and password have been entered correctly

        if (valid_jobseeker_login($_POST["jobseeker_email"], $_POST["jobseeker_password"])) {

          // store email in session variable

          $_SESSION["jobseeker_email"] = $_POST["jobseeker_email"];

          // perform redirect

          $target = util_siblingurl("jobseekermain.php", true);

          header("Location: " . $target);

          exit; /* ensure code below does not executed when we redirect */

        }

      }

    ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
      <head>
        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
        <title>Work Net: Sign In</title>
        <link href="css/style.css" rel="stylesheet" type="text/css" />
      </head>
      <body>
        <div id="container">
          <h1>Work Net: Sign In</h1>
          <div id="content">
        <ul>
          <li>
            <h2>Employers</h2>
            <p><a href="accountcreate.php?accounttype=employer">Create new employer account.</a></p>
            <form method="post" action="<?php util_selfurl(true); ?>">
              <table>
            <tr>
              <td>E-mail:</td>
              <td><input type="text" name="employer_email" value="<?= htmlentities(util_setvalueorblank($_POST['employer_email'])); ?>" />
            </tr>
            <tr>
              <td>Password:</td>
              <td><input type="password" name="employer_password" value="<?= htmlentities(util_setvalueorblank($_POST['employer_password'])); ?>" /></td>
            </tr>
              </table>
              <?php if (isset($employer_error)) echo "<p style=\"color: red;\">" . htmlentities($employer_error) . "</p>"; ?>
              <input type="hidden" name="employer_submitted" />
              <input type="submit" value="Sign In" />
            </form>
            <p><a href="forgottenpassword.php?accounttype=employer">Forgotten Employer Password.</a></p>
          </li>
          <li>
            <h2>Job Seekers</h2>
            <p><a href="accountcreate.php?accounttype=jobseeker">Create new job seeker account.</a></p>
            <form method="post" action="<?php util_selfurl(true); ?>">
              <table>
            <tr>
              <td>E-mail:</td>
              <td><input type="text" name="jobseeker_email" value="<?= htmlentities(util_setvalueorblank($_POST['jobseeker_email'])); ?>" />
            </tr>
            <tr>
              <td>Password:</td>
              <td><input type="password" name="jobseeker_password" value="<?= htmlentities(util_setvalueorblank($_POST['jobseeker_password'])); ?>" /></td>
            </tr>
              </table>
              <?php if (isset($jobseeker_error)) echo "<p style=\"color: red;\">" . htmlentities($jobseeker_error) . "</p>"; ?>
              <input type="hidden" name="jobseeker_submitted" />
              <input type="submit" value="Sign In" />
            </form>
            <p><a href="forgottenpassword.php?accounttype=jobseeker">Forgotten Job Seeker Password.</a></p>
          </li>
        </ul>
          </div>
          <div id="footer">
        <p>
          <?php include('markup/footer.php'); ?>
        </p>
          </div><!-- end #footer -->
        </div><!-- end #container -->
      </body>
    </html>

Answer 1

With out seeing the code for util_siblingurl() my guess would be that your problem is a pathing issue. The combination of your util_siblingurl() function and Apache settings could be causing inconsistent pathing.

For example, on localhost you may be redirected to http://example.com/some/path/to/jobseekermain.php and on the remote host you may be redirected to http://example.com/some/different/path/to/jobseekermain.php

The fact that you're seeing a white screen and not a 404 causes me some hesitation in this hypothesis but it would still be helpful to see the code for that function.

Answer 2

I would probably do 2 things to find out what the problem is:

1. Use Wireshark. See exactly what headers you receive. This may tell you exactly what causes the problem (maybe the hosting always prints something at the top of the page, like some free hostings do?)
2. Check if other header redirections work. Create a php script which simply does the redirection, with values hard coded in it, and see that it works. If it does, it means something in your code either does some printing to the page, or that you don't build your target URL successfully for some reason.

Here's an example script:

<?php
    session_start();

    // I added the require just to make sure nothing is being printed there
    // (an error for example)
    require_once('include/connect.php');
    require_once('include/util.php');

    header("Location: " . SOME_LOCATION);
    exit;
?>

and of course have some web page that prints OK when you redirect to it...

Answer 3

I believe there is is no problem with your code. Actually, ipage like hosting systems cause some issues. I have also used ipage hosting plans and faced same problems.

So buddy, try to find another hosting server which is better then these.

Thanks

Answer 4

I faced the same issue. Ipage hosting, redirection does not work and server reports that headers have already been sent. Turns out the issue whas whitespace.

Make sure there is no whitespace nor any other character outside the <?php code ?> tags. Manually select and delete everything before the opening tag and after the closing tag in all files included prior to the redirection.