2

I have a website with a php log in. Everytime a page is visited, I call on session_start().

I've been having this unusual problem where 1 in 5 times (or so), my session_start will fail to recognize the existing PHPSESSID cookie and instead creates a new one, so that I have 2 of them, and stops using all of the data stored in the first session.

It goes as such: I log in successfully, and am successfully redirected to the same page I was on but now logged in, and I am assigned a session id cookie, and the session successfully stores its data (all checked and confirmed)

Then I click any link on the page (even the link that takes me to the same page I'm on) and instead of continuing the session, it creates a new session, giving me a second session cookie and effectively logging me out.

This only happens 1 in 5 times, and only when I first visit the website. On successful trials, when I log in, navigating to another page leaves me with 1 session id cookie instead of 2.

I've been banging my head on the wall with this problem, and would love any help!

Mike Mackintosh
  • 13,917
  • 6
  • 60
  • 87
Josh
  • 137
  • 1
  • 9
  • Hint (Offtopic)! Bang your head a little bit less to the wall, it should allow you to figure out problems faster in future. Also, it can cause serious damage to your body. – y2ok Aug 06 '12 at 13:50
  • 1
    Can we see your code? Are you including any files that are also calling `session_start();`? – Dale Aug 06 '12 at 13:59
  • The code is really long unfortunately. I do have a second session_start() for my search mechanism, but when i disabled that, the problem still remained. – Josh Aug 06 '12 at 14:11

3 Answers3

2

Call: echo session_id();. What is returned?

This is your session ID. If it changes during the flow of your script, you will lose your $_SESSION data.

Mike Mackintosh
  • 13,917
  • 6
  • 60
  • 87
  • Yes, this is the problem. The session ID changes when I click a link, after having succesfully logged in. But it still has the old cookie with the old Session ID, so I don't understand why it's creating a new session. – Josh Aug 06 '12 at 14:12
  • I did a test where at the end of the succesful login and redirect I check all of my session variables and IDs, which are all fine, and then as soon as I redirect, I try again and all the variables are gone and the ID is different. – Josh Aug 06 '12 at 14:14
  • Could be a timeout for the session. Try to manually set the session ID. Call: `session_id('TEST');` before you call `session_start();` on all your pages. Then try again. – Mike Mackintosh Aug 06 '12 at 14:14
  • That did fix the problem. That got me to really analyze the cookies, and I realized that the system works when I go to www.example.com, or to http://example.com, but if I'm on http://example.com and I click a link to www.example.com then in that switch to www it doesn't recognize the old cookie. Anyone know how to deal with this? – Josh Aug 06 '12 at 14:47
  • 1
    That's the issue with the subdomain. Take a look here: http://stackoverflow.com/questions/644920/allow-php-sessions-to-carry-over-to-subdomains – Mike Mackintosh Aug 06 '12 at 14:47
  • Works perfectly. Thank you so much sixeightzero. – Josh Aug 06 '12 at 15:03
1

You may be destroying and recreating the session. Make sure that the session doesn't exist before you create it.

if(!$_SESSION)
   session_start();
aynber
  • 22,380
  • 8
  • 50
  • 63
1

obviously you will have sorted this, but for others who struggle with the same thing, i used this method in my logout.php file. the session_regenerate_id() resets the session variable used. hope this helps others

<?php   
session_start(); //to ensure you are using same session
session_unset($_SESSION['currentUser']);
session_destroy(); //destroy the session
$_SESSION = array();
session_regenerate_id(TRUE);
header("location:/final/index.html"); //to redirect back to "index.php" after logging out
exit();
?>
Daniel Parkin
  • 59
  • 10