My php sessions keep being lost after login

Question

I have read alot about the php security best practices on so, and I am trying hard to employ those on my xampp server.

I have an include that does all my security, d

Answer 1

Take a look at the cookie(s!) you're setting. I had the same problem with the same function, and fixed it by explicitly stating my domain in session_set_cookie_params(). For some reason cookies for both www.example.com and example.com were being set.

The comments regarding session_regenerate_id(true) seem like a red herring, since that should copy over any existing session variables... and it also works.

function sec_session_start() {
    $domain = 'example.com'; // note $domain
    $session_name = 'sec_session_id'; // Set a custom session name
    $secure = true; // Set to true if using https.
    $httponly = true; // This stops javascript being able to access the session id. 
    ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies. 
    $cookieParams = session_get_cookie_params(); // Gets current cookies params.
    session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $domain, $secure, $httponly); // note $domain
    session_name($session_name); // Sets the session name to the one set above.
    session_start(); // Start the php session
    session_regenerate_id(true); // regenerated the session, delete the old one.     
}

Answer 2

Drop the session_regenerate_id(true);

This is uncessary and won't overwrite previous cookies, but the "true" is the real problem as that cleans out the previous session details.