I was having the same problem. All of a sudden SOME of my session variables would not persist to the next page. Problem turned out to be ( in php7.1) you header location must not have WWW in it, ex https://mysite. is ok, https://www.mysite. will lose that pages session variables. Not all, just that page.

I had a similar problem, although my context was slightly different. I had a local development setup on a machine whose hostname was windows and IP address was 192.168.56.2.

I could access the system using either of:

• http://localhost/
• http://127.0.0.1/
• http://windows/
• http://192.168.56.2/

After logging in, my PHP code would redirect using:

header('http://windows/');

If the previous domain name used to access the system was not windows, the session data would be lost. I solved this by changing the code to:

header('http://'.$_SERVER['HTTP_HOST'].'/');

It now works regardless of what local domain name or IP address the user puts in.

I hope this may be useful to someone.

For me, Firefox has stored session id (PHPSESSID) in a cookie, but Google Chrome has used GET or POST parameter. So you only have to ensure that the returning script (for me: paypal checkout) commit PHPSESSID in url or POST parameter.

Now that GDPR is a thing, people visiting this question probably use a cookie script. Well, that script caused the problem for me. Apparently, PHP uses a cookie called PHPSESSID to track the session. If that script deletes it, you lose your data.

I used this cookie script. It has an option to enable "essential" cookies. I added PHPSESSID to the list, the script stopped deleting the cookie, and everything started to work again.

You could probably enable some PHP setting to avoid using PHPSESSID, but if your cookie script is the cause of the problem, why not fix that.

First, carry out these usual checks:

1. Make sure session_start(); is called before any sessions are being called. So a safe bet would be to put it at the beginning of your page, immediately after the opening <?php declaration before anything else. Also ensure there are no whitespaces/tabs before the opening <?php declaration.
2. After the header redirect, end the current script using exit(); (Others have also suggested session_write_close(); and session_regenerate_id(true), you can try those as well, but I'd use exit();)
3. Make sure cookies are enabled in the browser you are using to test it on.
4. Ensure register_globals is off, you can check this on the php.ini file and also using phpinfo(). Refer to this as to how to turn it off.
5. Make sure you didn't delete or empty the session
6. Make sure the key in your $_SESSION superglobal array is not overwritten anywhere
7. Make sure you redirect to the same domain. So redirecting from a www.yourdomain.com to yourdomain.com doesn't carry the session forward.
8. Make sure your file extension is .php (it happens!)

Now, these are the most common mistakes, but if they didn't do the trick, the problem is most likely to do with your hosting company. If everything works on localhost but not on your remote/testing server, then this is most likely the culprit. So check the knowledge base of your hosting provider (also try their forums etc). For companies like FatCow and iPage, they require you to specify session_save_path. So like this:

session_save_path('"your home directory path"/cgi-bin/tmp');
session_start();

(replace "your home directory path" with your actual home directory path. This is usually within your control panel (or equivalent), but you can also create a test.php file on your root directory and type:

<?php echo $_SERVER['SCRIPT_FILENAME']; ?>

The bit before 'test.php' is your home directory path. And of course, make sure that the folder actually exists within your root directory. (Some programs do not upload empty folders when synchronizing)

I tried all possible solutions, but none worked for me! Of course, I am using a shared hosting service.

In the end, I got around the problem by using 'relative url' inside the redirecting header !

header("location: http://example.com/index.php")

nullified the session cookies

header("location: index.php")

worked like a charm !