Using Session Variables in Google App Engine creates Infinite Redirect

Question

I have an app that works on a local server. Proof can be found here: http://the-geographic-personality-project.org/inventoryapp/

I pushed the same files to Google App Engine at this domain (http://inventoryapplication.appspot.com/), and I get an infinite loop redirect error. Basically, it is jumping from index.php to sign_in.php because, I suspect, the session variables are not being set or saved in a place that my conditionals would recognize, so they redirect.

Here is redirect logic for index.php

<?php 
session_start();

if (isset($_SESSION['username']) && $_SESSION['permissions']==0) {
    $_SESSION['logged_in_inventory_app_obnoxiously_long_name_to_avoid_collisions_with_other_sites'] = 1;
    header('Location: ./admin/admin.php');
} else if (isset($_SESSION['username']) && $_SESSION['permissions']==1) {
    $_SESSION['logged_in_inventory_app_obnoxiously_long_name_to_avoid_collisions_with_other_sites'] = 1;
    header('Location: ./user/user.php');
} else {
    $_SESSION['logged_in_inventory_app_obnoxiously_long_name_to_avoid_collisions_with_other_sites'] = 0;
    unset($_SESSION['username']);
    unset($_SESSION['password']);
    unset($_SESSION['create_username']);
    unset($_SESSION['create_password']);
    unset($_SESSION['password_verify']);
    header('Location: sign_in.php');
}
?>

Here is redirect logic for sign_in.php

<?php
session_start();

// Check if user entered name and password
if ((!empty($_POST["username"])) && (!empty($_POST["password"]))) {
    //... 
    //authentification checks occur here if passed, the following variables are set
    //...

    $_SESSION['username'] = $username;
    if ($_SESSION['username'] == "myemailaddress@gmail.com") {
        $_SESSION['permissions'] = 0;
    } else {
        $_SESSION['permissions'] = 1;
    }
    $_SESSION['logged_in_inventory_app_obnoxiously_long_name_to_avoid_collisions_with_other_sites'] = 1;
    }
}
//echo '<pre>' . htmlspecialchars(print_r(get_defined_vars(), true));
//var_dump($_SESSION);
if (isset($_SESSION['username']) && isset($_SESSION['logged_in_inventory_app_obnoxiously_long_name_to_avoid_collisions_with_other_sites'])) {
    if ($_SESSION['logged_in_inventory_app_obnoxiously_long_name_to_avoid_collisions_with_other_sites'] == 1) {
        echo '<META HTTP-EQUIV="Refresh" Content="0; URL=index.php">';
        exit;
    }
}
?>

Remember it WORKS on one server but no on GAE, so this leads me to believe this is a CONFIGURATION issue, not a coding issue. Please humble me if I am mistaken.

I do not understand which session php.ini configuration settings I need to override. Here is the list of default settings for GAE found here: https://developers.google.com/appengine/docs/php/#PHP_Directives_with_new_initialization_defaults

Here is proof that they use session variables in memcache (don't fully know what consequences this bears for my set up) and it gets flushed periodically: https://developers.google.com/appengine/docs/php/#PHP_Sessions

EDIT:: I forgot to include .yaml code, which I admit I don't know a TON about, just that it specifies a "welcome-file". I basically just redirect to index.php which should do the redirect to sign_in.php. Here is code below:

application: ***name goes here***
version: 1
runtime: php
api_version: 1
threadsafe: true
handlers:
- url: .*
  script: main.php

And then my main.php is just a simple (and a little redundant) code of:

<?php
header('Location: index.php');
?>

Answer 1

The app.yaml file is completely wrong to start with.

Change your app.yaml to something like this and see how you go.

application: ***name goes here***
version: 1
runtime: php
api_version: 1
threadsafe: true

handlers:
- url: /(.+)\.php
  script: \1.php

- url: /.*
  script: main.php