0

I have a login page, from where i submit my form data and whilst doing so, i create a self made session function, in which i check if (ini_set('session.use_only_cookies', 1)). While the data is passed on, the session gets created and i check if the login data is correct, then i redirect to index.php. In index.php i run the session function again and run into an error, that session.use_only_cookies is not set to 1, but it is. I checked with phpinfo()

Previously worked with XAMPP and it worked there. Recently switched to Docker with php:7.2-fpm-alpine3.7 image

My session function:

protected function sec_session() {
  define("SECURE", true);
  $session_name = 'sec_session_id';   // vergib einen Sessionnamen
  $secure = SECURE;
  $httponly = true;
  if (!ini_set('session.use_only_cookies', 1)) {
    //header("Location: /error.php?err=Could not initiate a safe session (ini_set)");
    //The above doesn't work
        echo("<script>location.href = '/error.php?err=Could not initiate a safe session (ini_set)';</script>");
//here is where i always land and i'm not sure why?
            exit();
        }
  $cookieParams = session_get_cookie_params();
  session_set_cookie_params($cookieParams["lifetime"],
  $cookieParams["path"],
  $cookieParams["domain"],
  $secure,
  $httponly);
  session_name($session_name);
  session_start(); 
  session_regenerate_id();
    }
tmzafar
  • 180
  • 3
  • 15
  • You use default `php.ini`? If customized, please afford it as your issue cannot reproduce with `php:7.2-fpm-alpine3.7` – atline Sep 05 '19 at 07:33
  • @atline i think the issue here is that localhost needs to run on https and not on http, which also seems to be a challenge – tmzafar Sep 07 '19 at 17:16

1 Answers1

0

The problem here was the $secure variable. It was designed to function only with an https request. The settings worked fine with the php:7.1-apache Docker Image

tmzafar
  • 180
  • 3
  • 15