6

the PHPSESSID variable that holds the session id is not being saved into the client cookie. This results in a new session id being generated every time I call the session_start() function.

This is true when i'm using FireFox, Opera and Chrome. With safari, for some reason, this variable is being successfuly saved into the cookie and everything works fine.

EDIT: Here is my session settings via phpinfo():

session settings via phpinfo

My website has a subdomain, and I want to use the same session acorss all subdomains.

2nd EDIT: when I check var_dump($_COOKIE); on my main domain I get the session id under the name PHPSESSID but when I do that on the subdomain I get an empty array().

Yoav Kadosh
  • 4,807
  • 4
  • 39
  • 56
  • Check the various session/cookie settings in your php.ini. Then use an http debugger (e.g. httpfox or firebug's net tab on firefox) to see what's going across the wire. You've provided no useful information at all to properly help you. – Marc B Apr 21 '12 at 00:51
  • I dont think this is a php.ini issue, because it only happens on some browsers. What information do you need? – Yoav Kadosh Apr 21 '12 at 00:54
  • 2
    No, it'd be a .ini issue, and safari is simply the only browser that's lenient enough to accept what your server is sending. – Marc B Apr 21 '12 at 00:55
  • I've updated my question with the `phpinfo()`. – Yoav Kadosh Apr 22 '12 at 02:04
  • can it be you login in https and then redirect to http? – Itay Moav -Malimovka Apr 22 '12 at 02:04
  • 1
    `session.cookie_lifetime` needs to be > 0. verify this with [ini_set](http://php.net/manual/en/function.ini-set.php). put `ini_set('session.cookie_lifetime', 3600);` before your `session_start();`. if that works, fix your php.ini file. – Shea Apr 22 '12 at 02:15
  • Thank you, @andrewjackson, but it did'nt fix the issue... however I have noticed that all the changes are only made to the `local value` and not to the `master value`. could that be an issue? – Yoav Kadosh Apr 22 '12 at 02:23
  • How about pass session by GET, or have a database session handler? – Gabriel Santos Apr 22 '12 at 06:06
  • thanks @GabrielSantos, but I dont wanna do that. – Yoav Kadosh Apr 22 '12 at 15:19

3 Answers3

3

It looks like the cookie's domain is being set to localhost. This will only work if you're actually running your website from localhost. You need the session.cookie_domain to match your domain name, optionally with a . in front of it (as in .example.com) to also include subdomains.

Niet the Dark Absol
  • 320,036
  • 81
  • 464
  • 592
  • You're right, it works fine in my main domain (localhost) but even after setting `ini_set('session.cookie_domain', '.localhost' );` im still having an issue with the subdomain (forum.localhost) – Yoav Kadosh Apr 22 '12 at 02:10
1

It is not used for Yoav's case, but maybe used for other people who got similar issue:

don't forget to call session_start()

It sounds like session_start() would create the PHPSESSID and save it in cookie if it's not sent from client cookie.

from php.net

When a visitor accesses your site, PHP will check automatically (if session.auto_start is set to 1) or on your request (explicitly through session_start()) whether a specific session id has been sent with the request. If this is the case, the prior saved environment is recreated.

some good examples about session_start() http://php.net/manual/en/function.session-start.php

gonglong
  • 582
  • 7
  • 14
0

The same thing happened to me, I couldn't log in to my users in Safari and Mac Os browsers, not even Firefox, only on Chrome (pc, not Mac). The reason turned out to be a combination, in php.ini, of

  1. session.cookie_lifetime=0
  2. session.cookie_domain=mydomain

Where 0 I changed to 3600 (reasonable) as said by Shea and "mydomain" was (all my fault) wrong because it was missing the ".com", the right name of the domain!

So I ended up changing the config to

  1. session.cookie_lifetime=3600
  2. session.cookie_domain=mydomain.com
Marcello B.
  • 4,177
  • 11
  • 45
  • 65
Lorenz Baermann
  • 1