PHP Session Id changes between pages

2020-02-07 00:02发布

I have a problem where i am losing the PHP session between 2 pages.

The session_start() is included in a file called session-inc.php into every page requiring a session to be set. This works for all pages on the site except one particular page, member-profile.php. When this page is visited a new session with a different id (same session name) is set and used instead.

A few more details:

  • Session name is set manually
  • All pages are on the same server under the same domain name
  • If i put an additional session_start() above the include('session-inc.php') in the member-profile.php file, the session is carried over correctly
  • I have tried setting the session_cookie_domain and session.session_name in the .htaccess, this worked for this domain but it stopped the session being passed over to out payment domain
  • We are running apache 2.2.6 with php 5.2.5

Putting the session_start() above the include('session-inc.php') in the member-profile.php file is the quick and dirty fix for this problem, but i am wondering if anybody know why this would be happening.

Cheers

Will

标签: php session
10条回答
甜甜的少女心
2楼-- · 2020-02-07 00:17

Found the issue

In my case it was due to Varnish Settings please check your varnish settings. PHPSESSID you can exclude the cookie from the Varnish Settings.

查看更多
爱情/是我丢掉的垃圾
3楼-- · 2020-02-07 00:23

Found the problem was a byte order mark (BOM) being ouputted at the start of the file. Got rid of it and it sorted out the session problem.

查看更多
我只想做你的唯一
4楼-- · 2020-02-07 00:29

I had this problem, and the cause was that PHP was ignoring all cookies after the first 100. (I asked this question to try to find out why, but so far nobody has figured it out). The browser was sending the PHPSESSID*, but since it was the 110th cookie, PHP was ignoring it.

To figure out if this problem is what's affecting you, use your browser's dev tools to look at the cookies that the browser is sending with the request, and compare that list to the $_COOKIE array in PHP. They should be the same. But if the browser is sending a PHPSESSID*, and there's no PHPSESSID* in $_COOKIE, then that would explain why sessions aren't working.

I solved the problem by not having my site use so many cookies, which is good practice anyway.

*PHPSESSID is the default session name. Your site may use a different name.

查看更多
劳资没心,怎么记你
5楼-- · 2020-02-07 00:29

To solve the session_id change after each request, you change the parameter session.auto_start and session.cookie_httponly into the php configuration file.

to find the used php configuration file

php -i | grep "php.ini"

then you open it, and try to find the parameter session.auto_start . you set

session.auto_start = 1
session.cookie_httponly = 0

finally you restart your httpd/apache service.

查看更多
Evening l夕情丶
6楼-- · 2020-02-07 00:33

I just spent all day diagnosing this issue in my Ionic3 - to - PHP project. TL; DR - make sure your client is actually sending session credentials.

In the interest of helping anyone who makes this mistake, I will share how I found the problem. I used these tools to diagnose the session on both the client and server:

1) Add a test file with phpinfo() to the server to review PHP session options.

2) Review the PHP code to make sure that no output, intentional or un-intentional occurs before the session_start() line. Check the status bar of Visual Studio Code to make sure the Byte Order Mark (BOM) is absent from the PHP files.

3) Review server PHP logs (in /var/log/nginx/error.log for me). Add error_log() lines to the php file to dump the session_id() or $_SESSION array.

4) Use tcpdump -An 'port 80 or port 443' to view the actual HTTP requests and replies. (That's where I discovered the missing cookies).

For an Ionic3 data provider the correct syntax for the client is:

    var obsHttp = this.http.post(url, body,
  { headers: new HttpHeaders({
    'Content-Type':'application/x-www-form-urlencoded'
  }),withCredentials: true }).timeout(this.timeoutTime);

Notice the withCrentials:true One needs to call subscribe on the obsHttp() observable to send the request.

查看更多
我只想做你的唯一
7楼-- · 2020-02-07 00:34

Found the issue

There was a byte order mark at the beginning of the main includes file of the second domain. as stated by ken, cant have any output before a session start, it was not setting the session correctly.

查看更多
登录 后发表回答