8

This is perhaps the same question as Session data lost in Chrome only and related to Randomly Losing Session Variables Only In Google Chrome & URL Rewriting

There are no solutions there that will work for me, I was hoping someone has some new input into this.

These are the steps I follow:

  1. I initialize a session (not a cookie) with <?php session_start();?> then set the variable later on in the same php file with $_SESSION['nu'] = $userName;

  2. Then I redirect to a new php with window.location.href = "foo.php". That php file starts the session (first thing, same as above) and then uses $_SESSION['nu']. So far all works fine in all browsers.

  3. On the second php page (the one in step 2) on Chrome (31.0.1650.26 beta):

    • I can use $_SESSION['nu'] in a php file accessed through an AJAX call.
    • If I reload the page, $_SESSION['nu'] is not set anymore. Right after the first load, it's not set.
    • If I go to another page that also needs $_SESSION['nu'], it cannot access it either.

  4. On Safari (5.1.9 and 5.1.7) and Firefox (24.0 and 18.0) I can reload and go to another page, $_SESSION['nu'] is set and all works fine.

  5. When I test this on my home environment (MAMP 1.9.6) it works fine also on Chrome.

  6. In both php.ini files (home and online) session.use_only_cookies is On (Local and Master).

Since I can access it via AJAX (no change of page) it would seem Chrome has a problem with the session when going to a new page. But why does it then work the first time? I do change pages...

I've tried the favicon.ico solution (I placed an icon-file called favicon.ico in the web root) but it didn't change anything.

Any suggestions? Thanks!

Update

  • All php files trying to access $_SESSION['nu'] sit in the root ('my' root, since I'm using a web hotel).
    • Looking in Chrome's console, into 'Resources -> Cookies', I can see the cookie is present all the time (as I move from the php file that starts the session to foo.php).
    • What's boggling my mind is that it works in FF and Safari...

Update2

Images from Console. This is what I see when I'm in foo.php (the second page):

Chrome:

enter image description here

Safari:

enter image description here

SOLUTION (hopefully): I'm not sure why it's working now, which leaves me not wholly comfortable but, for the time being... To explain what happened I need to give some more details:

  • index.php calls start_session(). Sets variable $_SESSION['nu'] = Null. Then the page waits for login button to be clicked.

  • Login button has a script, which via AJAX calls singIn.php, which calls start_session() and sets $_SESSION['nu'] = "bar". in the done() function of the AJAX call, the script calls window.location.href = "foo.php".

  • foo.php calls session_start() and retrieves $_SESSION['nu'].

In my try-anything-mode I tested removing the start_session() from index.php. I also removed the assignment $_SESSION['nu'] = Null. I wanted them in place to ensure that visiting index.php would clean the session and de facto logout the user. But the site does have a proper logout option, so I can stick to that.

Without those lines in index.php, it seems to work in Chrome. That is, the value of $_SESSION['nu'] is not lost when user navigates through other pages in the site, or reloads foo.php.

As I said earlier, this was working all the time in FF and Safari. Now also in Chrome. I'd sure appreciate if someone can find an explanation!

Community
  • 1
  • 1
gondolfier
  • 221
  • 1
  • 3
  • 11
  • Are you coding in a sub-folder (not at root)? If so, have you cleared cookies? You probably started a session in your initial development (storing a cookies at "root") and then started devving in a sub-folder. Depending on the call, you could pick up the old (defunct) session in root. Clear cookies to sort it out. (Yes, PHP stores session IDs in cookies). – Robbie Oct 21 '13 at 09:59
  • @Robbie - Thanks, checked clearing cookies, restarting Chrome and whatnot. Still same problem. Please see updated question. But I'm not sure I know what "devving" means... "developing"? – gondolfier Oct 23 '13 at 08:03
  • _"I can see the cookie is present all the time"_ - what about its _content_, the session id - does that change? – CBroe Oct 23 '13 at 08:13
  • @ CBRoe - Safari and Chrome have very similar Consoles. Looking at Resources -> Cookies I see: (Safari: PHPSESSID and two more lines, presumably the two variables I have stored in $_SESSION, crypted somehow) (Chrome: Only PHPSESSID, no more lines). The session ID does not change when I go from php file1 to foo.php (neither in Chrome nor in Safari or FF). See update for images. – gondolfier Oct 23 '13 at 09:47
  • _“presumably the two variables I have stored in $_SESSION, crypted somehow”_ – no, session values are stored on the server, not on the client. – CBroe Oct 23 '13 at 10:54
  • Check your PHP settings regarding the session cookies, and also check if chrome sends the cookie with the requests you make for your other pages and on reload (network panel). – CBroe Oct 23 '13 at 10:56
  • @ CBRoe - on the server, but of course! Yes, the Chrome sends the cookie on reload and when visiting other pages. Same ID. I found a hackaround the problem. See my update. Perhaps you can see why it's working now? – gondolfier Oct 23 '13 at 11:16

1 Answers1

0

It could be a cross domain issue. try to use sameSite option config for the cookie on the append :

   var cookieOptions = new CookieOptions
            {
                HttpOnly = true,
                Secure = true,
                Expires = DateTime.UtcNow.AddDays(7),
                SameSite = SameSiteMode.None
            };
            Response.Cookies.Append("refreshToken", token, cookieOptions);
Hamza Benarafa
  • 1
  • 2