Friday, February 16, 2018

Session disappear after page refresh

By Hường Hana 3:30 AM , Leave a Comment

This is the first time that I'm using sessions on PHP. Getting some info from StackOverflow and other websites I'm into to build my first PHP Login but I'm getting a problem and don't know how to resolve it.

Basically at the moment that I set a session, after the page refresh, this session disappear. Is not supposed to remain for an amount of time? (that can be set with set_cookie_params etc, but this is another topic)

I have at the beginning of my page (global) this code:

ini_set('session.cookie_httponly', 1); ini_set('session.entropy_file', '/dev/urandom'); ini_set('session.hash_function', 'whirlpool'); ini_set('session.use_only_cookies', 1); ini_set('session.cookie_secure', 1);  session_name("RANDOMID"); session_start();  if (isset($_SESSION['uid'])) {     if ($_SESSION['ipremote'] !== getUserIP() && $_SESSION['useragent'] !== getUserAgent())     {         session_unset();         session_destroy();          session_regenerate_id(true);     } } else {     session_regenerate_id(true);      $_SESSION['ipremote'] = getUserIP();     $_SESSION['useragent'] = getUserAgent(); }

then in my login.php file, when the user insert the right infos:

$_SESSION['uid'] = 3;  header("Location: index.php"); exit;

The problem that after the redirect the uid session disappear: I put at the end of the index.php page a var_dump of the $_SESSION variable, and I see just the IP and user-agent that is set everytime in the else condition.

EDIT: I tried to replace all the content of the session initialization with just session_start(); and it works, I don't understand why this secure session initialization it doesn't working and making the session disappear.

6 Answers

Answers 1

Are you calling your page via https:// when you are testing this ...?

Otherwise, the explanation is simple:

ini_set('session.cookie_secure', 1);

This makes PHP set the session cookie with the secure flag, meaning the browser is only allowed to send this cookie back with requests made over a secure connection.

So if you are actually testing this via HTTP only, then the session cookie will not be send back with the next request, so PHP does not find any session id, and therefor starts a fresh, new session when you call session_start ...

Answers 2

that RANDOMID may change when you refresh/change your page depending on how you generate it!
so make sure you use the same 'session_name' in all youre pages before starting the session, like this.

login page 

session_name("SAME_NAME"); session_start(); $_SESSION['uid'] = 3; header("Location: index.php"); exit;

index page 

session_name("SAME_NAME"); session_start(); var_dump($_SESSION['uid']); exit;

Answers 3

Please try the following, slightly altered snippet below, to replace your global code being in the beginning of every page.

ini_set('session.cookie_httponly', 1); ini_set('session.entropy_file', '/dev/urandom'); ini_set('session.hash_function', 'whirlpool'); ini_set('session.use_only_cookies', 1); ini_set('session.cookie_secure', 1);  // start session session_start(); // if session just started and uid is not set, add initial information such as user agent and ip address if (!isset($_SESSION['uid'])) {     $_SESSION['ipremote'] = getUserIP();     $_SESSION['useragent'] = getUserAgent(); } else {     // uid is set in session variables. User gets logged out in case of changed ip address and user agent.       if ($_SESSION['ipremote'] !== getUserIP() && $_SESSION['useragent'] !== getUserAgent())     {         session_unset();         session_destroy();                 }     // if client information has not changed just regenerate the session     session_regenerate_id(true); }

Answers 4

try to check session.save_path

  1. find session.save_path from phpinfo()
  2. check if it exists or not. if not, make it with mkdir.
  3. check its permission. change it to others can read/write(chmod 707)

when I installed new php extension(SOAPClient) via yum on my dev server(AWS EC2 Linux AMI), experienced session disappearing when refresh or page move like you.

The reason was my session directory's permission changed to 500, even though i didn't anything. so php couldn't write session file to disk.

hope this can help you :)

Answers 5

This happens because session_start() must be the first line of your code.

You can see this in an old answer of mine too.

Good luck.

Answers 6

Please use session_start() on top of each page, it is required to access the session data on the page.

If You Enjoyed This, Take 5 Seconds To Share It

0 comments:

Post a Comment