On a recent project, I was submitting a web form to a page, processing the POST variables, then redirecting to the same page. The server is IIS running in a FastCGI environment. I found that the POST data existed within the PHP environment after the redirect. Here is some test code:
<?php
ob_start();
session_start();
if(isset($_GET['redirect'])){
var_dump('<pre>get set',array('post' => $_POST,'get' => $_GET,'request' => $_REQUEST),'</pre><br />');
unset($_POST);
}
if(isset($_POST['sub'])){
var_dump('post set<br />');
session_write_close();
header ("Location: ".$_SERVER['SCRIPT_NAME']."?redirect=1");
exit;
}
else {
var_dump('<pre>get set',array('post' => $_POST,'get' => $_GET,'request' => $_REQUEST),'</pre><br />');
}
ob_flush();
?>
If you run this on a typical Apache installation, it will behave as expected, POST data being local to the first request. If you run this code on IIS, it will not. I am not sure if this is an IIS or PHP bug. Either way, I now check for a GET variable, redirect. If it exists, I destroy the POST data. This cost me several hours of my life. I hope it helps you more.