PHP Session Id changes between pages

Question

I have a problem where i am losing the PHP session between 2 pages.

The session_start() is included in a file called session-inc.php into every page requiring a sess

Answer 1

SOLUTION: session.auto_start = on in file: php.ini

It solved the issue of re-generating session id on page reload (page refresh / change pages).

The issue appeared after the update of CPanel (and included Multi PHP), even the php version remained the same.

The PHP.ini file didn't had that variable at all. Went in Cpanel -> MultiPHP INI Editor -> Editor Mode (not Basic, in basic you do not have this setting) and added the line. Press Save.

TIPS / WHEN TO USE THIS SOLUTION: To determine if that is the problem, put a line at the very beginning and at the very end of your index.php file to check the session id. Use function: session_id(); Navigate through pages / reload the page. If the session_id value changes the problem is not in your code and this solution should solve your problem (the session is lost outside of your code).

I also tried to verify the availability of saving session on the web server (session.save_path) but, even if it was a lead, it was not the case. I imagine this is a "feature" of Cpanel with MULTIPHP UPDATE that will happen quite often.

Answer 2

I have just encountered this problem. Interestingly, browsing via http://127.0.0.1 instead of http://localhost helped me.

Answer 3

Found the problem was a byte order mark (BOM) being ouputted at the start of the file. Got rid of it and it sorted out the session problem.

Answer 4

Found the issue

In my case it was due to Varnish Settings please check your varnish settings. PHPSESSID you can exclude the cookie from the Varnish Settings.

Answer 5

Found the issue

There was a byte order mark at the beginning of the main includes file of the second domain. as stated by ken, cant have any output before a session start, it was not setting the session correctly.

Answer 6

I just spent all day diagnosing this issue in my Ionic3 - to - PHP project. TL; DR - make sure your client is actually sending session credentials.

In the interest of helping anyone who makes this mistake, I will share how I found the problem. I used these tools to diagnose the session on both the client and server:

1) Add a test file with phpinfo() to the server to review PHP session options.

2) Review the PHP code to make sure that no output, intentional or un-intentional occurs before the session_start() line. Check the status bar of Visual Studio Code to make sure the Byte Order Mark (BOM) is absent from the PHP files.

3) Review server PHP logs (in /var/log/nginx/error.log for me). Add error_log() lines to the php file to dump the session_id() or $_SESSION array.

4) Use tcpdump -An 'port 80 or port 443' to view the actual HTTP requests and replies. (That's where I discovered the missing cookies).

For an Ionic3 data provider the correct syntax for the client is:

    var obsHttp = this.http.post(url, body,
  { headers: new HttpHeaders({
    'Content-Type':'application/x-www-form-urlencoded'
  }),withCredentials: true }).timeout(this.timeoutTime);

Notice the withCrentials:true One needs to call subscribe on the obsHttp() observable to send the request.