I use a test domain in laravel and one subdomain is in use. Everything works fine,
test.com and user.test.com
but, Login function does not work on test domain
I have verified that the session file is generated at stoage / sessions
when I done login, it does not cognize my session. The login function works well on localhost url. how i can fix that?
i'm done config like this below
config / session.php
domain => ".test.com"
And if I set up like above, can I share login information between two domains?
Clear the cookies for the site and then try to log in again. Or If the issue still persists then try to change Session Cookie Name in config/session.php
i am relatively new to CI and working on a project. My issue is
$this->session->set_flashdata('error', 'error1');
fetched as
$this->session->flashdata('error')
works on one of my servers but not on others. I have tried checking all the code over n over but to no help, my session config is as below
on both servers the code is same, can someone help me out on what I could be missing on one server thats failing the session.
I have figured and had my issue sorted, as I went through the configs, i realized there is a cookie domain setting and when i changed that to reflect the new domain, the sessions are back and i can now set and read the session flash data
$config['cookie_domain'] = ''
changed this value in the config file and all was ok.
We are having some issues with PHP Session Cookies not allowing us to log into our *SugarCRM** application which is open source PHP application.
The problem is we have the same application installed on 2 sub-domains like below...
Main site
www.domain.com
Dev site
dev.www.domain.com
Now after logging into one, it will not allow you to login to the other!
Please view the image below to see the Cookie problem...
In the image above you can see that there is 2 PHPSESSID Cookies competing for the Session!
If I now delete one of them, it allows me to login as normal without an issue!
Because this is SugarCRM, I am hoping I can resolve this issue without making really any core file modifications to the application. But if I have to, then we will.
So does anyone have any ideas on a good solution?
Right now my idea for a "Nasty Dirty Hack" which I really do NOT want to have to do. It is to make a button on the login form, this button will use JavaScript to clear/delete the PHPSESSID Cookies but again I would really like to find a proper solution.
If anyone has any ideas, please share? Thank you
UPDATE
Thanks for the answers so far. Please do take into acocunt that this is not a simple PHP application that I built where I can easily do code changes. THis is SugarCRM which is a massive large application with thousands of files
Try to setup in .htaccess parameter on subdomain
php_value session.cookie_domain .domain.com
or use in php code, but before "session_start()"
ini_set('session.cookie_domain', '.domain.com' );
Use
session_set_cookie_params
to set the session from the subdomain, on the principal domain.
Try to use function (http://php.net/manual/en/function.session-set-cookie-params.php):
session_set_cookie_params ( $lifetime, $path, $domain, $secure, $httponly)
And set one $domain = '.domain.com'
Or if you setting session cookie manually by setcookie, then setting the same domain too
Its actually not the domain you need to change, but the "session name" (name of the cookie parameter). Both apps seem to be using the default "phpsessid" and need to be made to differ, otherwise the apps will see eachother sessions, see the wrong session, or try to unserialize classes only defined in the other project.
You need to change the cookie parameter its storing the session ID in. It can be controlled from an environment variable (php.ini, .htaccess, etc.): http://us1.php.net/manual/en/session.configuration.php#ini.session.name
This way you can have multiple PHP sessions on the same domain. For example if you had example.com/sugarcrm and example.com/foo You could have sugarCRM store it's session ID in a cookie param called "sugarsession" (instead of the default phpsessid)
It has been a while since I had this issue but I think all you have to do is write each instances session file to a different directory by editing the config.php in each SugarCRM's file system and change the line
'session_dir' => '',
to point at a different directory.
I am facing a strange scenario. basically on my every web page i am doing
session_start();
if(!isset($_SESSION['login']))
header("Location: login.php");
to ensure every user has logged in first. I am working in chrome and what happens is if I login to my web application and open any page it works fine. At the same time if, in another tab, I login to my hosting server, I am logged out of my web application. If I login to my application again, I am logged out of my hosting server!!
What am I doing wrong? is there a problem the way I am checking or setting the session variable?
I am setting the session as follows:
//if authentication successful
session_start();
$_SESSION['login'] = "1";
I have a very similar problem, and I think this happens just because two sessions with the same name, in the same place of the same domain can't coexist.
Maybe a solution should be to use session cookies. You can set a cookie just for a folder and not for the whole domain. This way I think you can manage 2 sessions at the same time, but I'm not sure.
Try this:
session_start();
setcookie(session_name(), session_id(), 0, '/public/');
Where /public/ might be the specific folder where your site is located, or the application path (thanks Paul for pointing out this).
Then you will check if session is set:
$session_cookie =
isset($_COOKIE[ini_get('session.name')]) ?
$_COOKIE[ini_get('session.name')] :
null;
Probably this won't work, since the other session might be "stored" in the root folder of your web application. But if you are able to do the thing above also for your hosting server, you should resolve your problem.
You can also try to set a different name for the session in your web application.
Hope this helps.
I think you'll find the cause is that both hosts have the same network name e.g. test.www.example.com and www.example.com
Just use a different network name for the test machine and it should work or make sure you explicitly use non-overlapping values for session.cookie_domain
I have a problem similar if not identical to the problem in this thread:
Randomly Losing Session Variables Only In Google Chrome & URL Rewriting
But all solutions in that thread don't work for me. I'm getting a strange behavior from only Google Chrome in my PHP/MySQL App. If I try it with Firefox, it works, but Chrome doesn't.
I navigate to some place in my shopping cart and at several places in the code I'll store session data. Don't worry about me starting the session or anything related to that, I've got 11 years in webapp dev, all is done fine.
In all browsers, I can var_dump($_SESSION) and get my data back, but in Chrome it doesn't keep the data. Also note that the session does get passed on, I can look in the network monitor and I see the cookie being sent and many other things related to session work but that one $_SESSION['last_viewed_element'] is not kept. I also can't seem to set anything else, all gets lost.
EDIT:
Problem resolved by switching from SESSIONS TO COOKIES...
I had a very similar problem, in my case the problem was a 404 called due to a missing favicon.ico in Chrome only. The 404.php called the footer which altered the Session Variables.
I hope that helps someone.
The issue could be your server is looking for favicons, if it is not found the server throws out a 302 redirect, which kills the session variables.
I had this issue and was able to fix it. Chrome keeps looking for a .ico file and for some reason it was affecting it. Once I placed the .ico file in the root of the site everything started working. Crazy but true.
I faced same problem, but on IIS with ASP.Net MVC. IE and Firefox were doing fine, but on Chrome I was losing session data. Eventually found out that a 404 error was clearing a cookie in Chrome. Below are the steps I followed to find the problem and resolve. I suggest others to try:
On Chrome, Use Tools -> Developer Tools. Refresh the page so "Developer Tools" starts showing data.
On Developer tools, Check Resources -> Cookies. Right after a successful log in, I had 2 cookies for the domain I was testing. On navigating to the page where I lost session, one of the cookies did not show up anymore. The screenshot was taken after the fix, showing both cookies:
Now check Network tab. Look carefully for any resource (html/image/css/js/...) which has any error. I had a 404 error for a font file. The 404 error was caused by missing mime type in IIS.
fixing the 404 error cleared the problem in Chrome. The screenshot, again taken after fix, had all resources with OK status:
The bonus was, investigating this problem helped me find out missing mime type in IIS, which was affecting more pages on all browsers.
Had same problem and finally solved. Login set session with domain.com but in the redirect it was www.domain.com. IE and FF seem to assume www and no www are same but Chrome doesn't. Found by checking Host in network log for each page load.
Just try this before wasting your time
If you are already logged in your webspace ( control panel / Cpanel / Plesk Panel )
in the same browser. Then logout from that control panel and clear the
cookies and try Again
In case of
session data lost in chrome only
In my case I just reset chrome browser
Go to chrome://settings/ then click advanced then reset
The code I was working with had the same issue. Solved by removing the following:
session_id($_GET['sid']);
session_write_close();
I solved the problem by removing the line:
base href="http://mysite/"
from the head tag in the HTML code.
Looking on the following link:
http://code.google.com/p/chromium/issues/detail?id=45582
I belive the issue is with PHP getting the request that did not match a file and then not properly handling 404's correctly. I had to tell Nginx to match any URL with favicon.ico and then return a 404.
Here is my line for Nginx:
if ($request_uri ~ 'favicon') {
return 404;
}
HA! i finally solved it!
When doing a header() redirect in PHP, you must do a die() right after it. THAT only solves it for all browsers except for Chrome.
For Chrome you also gotta do a session_write_close() right before the header()
Sweeeeeeeeet success
In your php ini file try setting
session.save_path = /path/to/your/tmp
On some servers, sometimes the session needs an explicitly direct session file to save in a local directory or otherwise some weirdness happens.
This solved my problem instantly: go to chrome://settings/cookies then locate your localhost then remove its cookies. The solution is so simple, it's worth a try
We had the same issue yesterday the whole day.
What (seemingly) solved it (for us) was a chrome update.
We had Version 45.0.2454.93 und since the update to version 45.0.2454.99 the problem didn't occure again ...
I had similar problem, I discovered the reason which was very strange.
In my case one image url inside a css class was wrong!! The browser coudn't load the image and because the page was a sign up form with password field, the browser reset the session for security reasons.
I am not sure if your case is similar to mine. But for me the reason was the formation of URL.
With chrome, when typing the URL as "http://www.domainname.com" and setting the session variables there.
and redirecting with "http://domainname.com" without the WWW. the sessionid is not reused.
This resolved my issue hope this is help
You are probably loosing sessions only on your development environment, and it may be most probably because of 'same origin policy' of Chrome. If so, then this is your solution Disable same origin policy in Chrome
I found my version of the issue was exactly as described here and here and so I want to add a further qualifier to the above that
Google Chrome (v.59, stable) Inspector does not tell you that the favicon.ico is inaccessible and does not tell you the page is 302 redirected.
I my case it was just ini_set('session.cookie_secure','1');. I was checking site locally on XAMPP. On FF no problem but when accessing chrome it just kept loosing session.
After all, no answer, problem still exists, i just made a switch to using cookies instead, if anyone ever gets that problem with chrome+wordpress at the same time, dont lose more time, switch to cookies...
I found a "solution" (is not a problem but only effects!!) ...
if in your page use ajax, ajax is asyncronus ...
If I call a function that working on SESSION than i call another page that working on session, some times the first call is not finish before second start and effect of the first overwrite response of the second.
I resolve problem with async:false in every ajax call.
Ext.Ajax.request({
url: '/io/resetsession.php',
**async: false**
});
Ext.Ajax.request({
url: '/io/loaddata.php',
**async: false**,
.....
});