PHP redirection in IE when using session variables

I have a small website that works like below

1. User goes to the login page and enters the credentials (call it page1)
2. The form gets posted to page2, which authenticates the user, calls session_start and then sets a session variable with $_SESSION['somevar'] and redirects to the page3
3. On page3, I check if the $_SESSION['somevar'] is set if not send the user back to the login page

Code:

//here's the code on the top of the page3 
<?php
    session_start();
    if (!isset($_SESSION['somevar'])) 
    { 
        header("Location:http://somesite") 
    }
    ...other code follows

The problem is while this works in FireFox, even with correct user credentials IE 7 keeps on redirecting back to page1 instead of displaying the contents of page3.

Some pointer pl开发者_如何学Goease to solve this?

EDIT : A very weird solution but it works. I changed

 if (!isset($_SESSION['somevar'])) { header("Location:http://somesite") }

to

 if ($_SESSION['somevar'] == '' ) { header("Location:http://somesite") }

and IE is happy now. But I am still clueless as to why isset didn't work in IE

Many Thanks

Your script needs to exit() or die() after calling the header function.

header() doesn't end the script. Some browsers will go ahead and move on to the new location, while others will wait while the rest of the script runs and display that output. Unless you call exit(), the script will run whether the output is shown or not.

Indeed, you must die right after the header. If not, the code below will be executed and can lead to sercurity issues as not all clients actually follow the redirection header (cf the search engine spiders for instance).

You can check what is actually in session just var_dumping its content. The redirection won't be taken into account during the test as an output is sent to the browser before the call to header().

<?php
  session_start();

  /* To test: */
  var_dump($_SESSION);

  if (!isset($_SESSION['somevar'])) 
  { 
      header("Location: http://somesite");
      die();
  }

Use iehttpheasers or wireshark to find out if IE is sending back the cookie. I expect you'll find that either it isn't, or it is caching pages it shouldn't.

C.

header('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"');

 header("Set-Cookie: SIDNAME=ronty; path=/; secure");

 header('Cache-Control: no-cache');

 header('Pragma: no-cache');

use this on top of the page to fixed IE7

header('location: land_for_sale.php?phpSESSID='.session_id());

use ?phpSESSID='.session_id() to your location : to fixed IE6