I'm having trouble with PHP sessions with IE11 and Edge (Windows 10) connecting to a Lighttpd web-server.
Consider this code:
if (PHP_SESSION_NONE === session_status()) {
session_start();
}
$x = isset($_SESSION['bob'])? $_SESSION['bob'] : 'nothing';
echo 'The Session has started, bob is set to ' . $x .'<br/>';
$_SESSION['bob'] = 'hope';
echo 'The Session ID is ' . session_id() .'<br/>';
When I browse to test.php - containing the above code - using Chrome, shut down Chrome, reopen Chrome, and then browse back to this page it displays:
The Session has started, bob is set to hope
The Session ID is 6d2jbpmrrlrqt96h2nd19ua160
IE11 and Edge will however display:
The Session has started, bob is set to nothing
The Session ID is 35k87vgdt7t41q4lkphq815hq1
Why are IE11 and Edge dropping the session?
**This problem is also happening on WAMP Apache, so although I've seen references to Lighttpd being a potential cause (Internet Explorer, jQuery, session lost php, ) I'm not convinced.
** Also, Fiddler shows a new session ID with each IE\Edge connection.
Any thoughts?
Adding a cookie lifetime to the session using session_set_cookie_params like:
if (PHP_SESSION_NONE === session_status()) {
session_set_cookie_params(60*60*24*7);
session_start();
}
solves the problem: the session persists after the browser is closed and reopened.
The php documentation http://php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime states:
session.cookie_lifetime specifies the lifetime of the cookie in seconds which is sent to the browser. The value 0 means "until the browser is closed." Defaults to
http://php.net/manual/en/function.session-set-cookie-params.php
Which raises the question of why it works in Chrome (45.0.2454.101 m)? But that's another question...
Footnote: Although the max lifetime value for a session cookie would appear to be 2,147,483,647 the max value for "session.gc_maxlifetime" seems to be 65535; and setting lifetime to larger values stopped my sessions from working.
Related
I have cpanel based centos server.
I am facing issue of session variable not available through out the pages.
I checked all server setting but unable to get idea what i missed out.
<?php
session_start();
// index.php
echo "session id = " .session_id();
$_SESSION["username"] = "Niraj";
echo '<br />Lets see if session available in page 2 -> page 2';
if (!is_writable(session_save_path())) {
echo '<br><br><br><br>Session path "'.session_save_path().'" is not writable for PHP!';
}
else
{
echo '<br><br><br><br>Session path "'.session_save_path().'" is writable for PHP!';
}
?>
Output of above index.php as under:
session id = 5f59e48f328ef72fda877c8a9f7a07ca
Lets see if session available in page 2 -> page 2
Session path "/var/tmp" is writable for PHP!
If i refresh page, than session id remain same.
Code of page2.php as under:
<?php
session_start();
//page2.php
echo "session id = " .session_id();
echo "<br> Username = " . $_SESSION["username"];
?>
Output of page2.php as under:
session id =d99088ca0027a483301746e02282662c
Username =
Problem is Username doesn't output any session value. Temporary directory is writable and browser support cookies.
I marked that when click on page2.php, it will shows new value in session id, is it okay or session id should remain same across all pages?
I tried everything and put lots of effords since last 2 days,
same code working fine with other windows server and session id remain same until i close browser.
Thanks
session_id() must remain the same for you to query data which was set to that session id. The session id (dependent on lifetime value) will stay with you until the browser closes. I suspect that your browser is blocking session cookies which is causing PHP to regenerate a new ID each time the page loads. Download a new browser which you havent used before and test the theory and let me know how you get on.
You can check the global session cookie values and see what the lifetime is set to if you wish but I bet its the browser (0 == Lifetime -> until browser closes).
var_dump(session_get_cookie_params());
http://php.net/manual/en/function.session-get-cookie-params.php
Also....
You could just disable any plugins you have especially ones which stop ad's like Adblocker etc...
Have you seen anything strange occurring to the session files in /var/tmp? Could the server be deleting them?
MediaTemple Grid servers seem to have issues with sessions when they save to the tmp folder. I understand you may not be using MediaTemple, but their DV servers run CentOS so it could have something to do with the OS.
https://mediatemple.net/community/products/grid/204643480/why-am-i-experiencing-session-errors
The symptom of interest they list is "General problems with sessions not seeming to be carried across web requests." Their solution is to get session files out of the tmp folder and store them somewhere else by setting session.save_path in php.ini and restarting apache.
Hi
I have problems with Google Chrome, while developing a PHP website.
I start a session, and store a flag inside it. But when I reload the page, the session value is not recognized.
What can be wrong? Thanks for reply.
session_start();
if (isset($_SESSION['chrome'])) {
echo 'SESSION OK';
}
else {
$_SESSION['chrome'] = 'yes';
}
This is simple code, but it doesn't work...
I had the exact same problem with Chrome not persisting php sessions on a login system. Found the following article: https://secure.kitserve.org.uk/content/php-session-cookie-problems-google-chrome-and-internet-explorer which says:
When testing a local site in Chromium, you must either access it via IP address (e.g. 127.0.0.1) or set the cookie domain parameter to the empty string.
I hope this helps.
I had exact same problem, but on IIS and ASP.Net Mvc. An F5 would make the session recover, but moving to another page caused the problem again. I posted the answer for another SO question. Try it out and see if works.
I think the answer to this is to use session_name before session_set_cookie_params. For example...
session_name('MySession');
session_set_cookie_params( 3600*24, '/', $_SERVER['HTTP_HOST'], is_https() );
session_cache_expire(60*24); // cache expire 60 mins
Check to see if you deactivated cookies in your browser.
I am pulling my hair out on this. It works on chrome and Firefox but not in safari. What am I doing wrong?
I am setting up a temp cookie and then check if it is set or not. When I clear all the cookies from safari, and then I run this file, it thinks that cookie is still there.
here is the code
setcookie("testcookie", 'cookiesetting temporary');
if(isset($_COOKIE['testcookie'])){
echo "cookie set":
}else{
echo "no cookie set";
}
In safari only, after disabling the cookies and removing all the cookies , when I run the code above, it still echoes cookie set.
Just to make sure, I also looked in the dev tools in safari under resources and I see no cookie there.
What am I missing here?
I had the same problem with Safari (couldn't unset a cookie).
You should solve setting the path
setcookie('testcookie', 'cookiesetting temporary', time()+3600, '/path/'); // set
setcookie('testcookie', '', time()-3600, '/path/'); // delete
Hope this works ;)
Simply clearing them client side isn't the proper way to test this .. Have you tried actually "unsetting" the cookie Server Side?
I have a 'loginStatus' session variable that gets set on the first page load. I have an if/else to echo 'setting for the first time' comments to the browser when this 'loginStatus' is being set for the very first time. The 'setting for the first time' NEVER APPEARS! I have cleared the cache, I have tried navigating to the index.php page in a browser window outside of my Netbeans development environment -- doesn't matter. It's as if the session is staying alive permanently on my localhost web server.
Here is the code that detects for the un-initialized 'loginStatus' session variable for the first time the page is loaded and creates/initilizes the session variable just once.
if ( isset($_SESSION['loginStatus']))
{
// we get here ONLY if the 'loginStatus' session variable has already been
// created for this user's session.
$_SESSION['loginStatus'] = "loginStatus already set!";
echo '<br />Just set the loginStatus to: ' . $_SESSION['loginStatus'] . '<br /><br />';
}
else
{
// we only get here the first time this is sent by the server
// to the user's browser -- so we need to create the 'loginStatus' session
// variable because the user just came to our site
// and has not yet logged in.
$_SESSION['loginStatus'] = "First-time initialization of loginStatus";
echo '<br />Just set the loginStatus for the first time!<br /><br />';
}
I never see in the browser window "Just set the loginStatus for the first time!"
All I see in the browser window is: "Just set the loginStatus to: loginStatus already set!"
In other words -- isset() is wrongly returning true the very first time my page loads!
I see NO justification for a session variable that is magically already there when I first load the page in the browser!
Although I have loaded the above page several times tonight while writing the code, it was my understanding that when you leave the final page the session gets destroyed. So why is my $_SESSION['loginStatus'] variable hanging around like a relative who has worn out their welcome?
Session get destroyed when and by the rules set to it (to the session GC) in the php.ini file.This does not happen necessarily when you close the browser or browse to other pages.
Read the session manual in php.net and set the session rules the best way that fits you.
For example, on high security sites, I give the session a time out of few minutes. Means, if the user does no action that makes a request to the server within that time limit, the session will expire.
not sure,
but it may because you have save this values in your cookies,
try to clear cookies, and reload the page
I am trying to setup a session management with cookies in PHP.
My code is as follows:
if(empty($_COOKIE )) {
setcookie('session_id', md5(uniqid()), time()+(EXPIRE CONSTANT));
}
$session_id = isset($_COOKIE['session_id']) ? $_COOKIE['session_id'] : 0;
I will then check session_id for 0 and print an error message if cookies are disabled.
This works fine if cookies are really disabled.
The problem is, if a user clears his history the first time he visits
the site he will get the error message even if cookies are enabled.
Anyone have any clues about this ?
Thank you in advance
When you do the setcookie call, the cookies will be sent when the header is output to the browser. This means the cookie won't be available until the next page load (when the client sends the cookie back to the server). This is mentioned in the php manual for setcookie http://php.net/manual/en/function.setcookie.php:
setcookie() defines a cookie to be sent along with the rest of the HTTP headers. Like other headers, cookies must be sent before any output from your script (this is a protocol restriction). This requires that you place calls to this function prior to any output, including and tags as well as any whitespace.
Once the cookies have been set, they can be accessed on the next page load with the $_COOKIE or $HTTP_COOKIE_VARS arrays. Note, superglobals such as $_COOKIE became available in PHP 4.1.0. Cookie values also exist in $_REQUEST.
You won't be able to determine if cookies are enabled/disabled until the page has reloaded (from php). I think you'll have to do this check with javascript, or to stay in php do a redirect after setting the cookie for the first time, something like:
if(empty($_COOKIE)) {
if (isset($_GET['cookieset'])) {
// do error message, cookie should be set
}
setcookie('session_id', md5(uniqid()), time()+(EXPIRE CONSTANT));
header('location: http://mysite.com/index.php?cookieset=1');
exit;
}
$session_id = isset($_COOKIE['session_id']) ? $_COOKIE['session_id'] : 0;
#bencoder : I have done the test on iPad and Chrome/PC : you are right for iPad, you do need to refresh the page before you can read the cookie data, but on Chrome/PC, after deleting all cookies, if you set a new one from PHP, you can perfectly get the values directly on the first page load. Why ? There must be a more precise explanation. Why two different behaviors? Does the order of this output/availability of the data depend on the browser request to the server? Interesting to know...