On a recent project, I was submitting a web form to a page, processing the POST variables, then redirecting to the same page. The server is IIS running in a FastCGI environment. I found that the POST data existed within the PHP environment after the redirect. Here is some test code:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | <?php ob_start(); session_start(); if(isset($_GET['redirect'])){ var_dump('<pre>get set',array('post' => $_POST,'get' => $_GET,'request' => $_REQUEST),'</pre><br />'); unset($_POST); } if(isset($_POST['sub'])){ var_dump('post set<br />'); session_write_close(); header ("Location: ".$_SERVER['SCRIPT_NAME']."?redirect=1"); exit; } else { var_dump('<pre>get set',array('post' => $_POST,'get' => $_GET,'request' => $_REQUEST),'</pre><br />'); } ob_flush(); ?> <form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="post"> <input name="test1" type="text" /> <input name="test2" type="text" /> <input type="submit" value="submit" name="sub" /> </form> |
If you run this on a typical Apache installation, it will behave as expected, POST data being local to the first request. If you run this code on IIS, it will not. I am not sure if this is an IIS or PHP bug. Either way, I now check for a GET variable, redirect. If it exists, I destroy the POST data. This cost me several hours of my life. I hope it helps you more.