keep session active when going to other website

Question

Ok, so here is the problem.

I have a website with a member login and a payment module. The member can buy stuff, but only when he's logged in (with sessions).

When the member wants to pay, he is redirected to another page of the payment provider (mollie). So for a brief amount of time, he leaves my website.

When the payment is done, he is automatically sent back to my website. And that's where the problem occurs: he is logged out.

How can I keep the sessions alive?

<?php
    if(isset($_SESSION['member']) && $_SESSION['time']+300 > time()){
        // logged in
    }
?>

Anyone an idea?

Answer 1

By default, PHP keeps a user's session open until their browser is closed. You can override that behaviour by changing the session.cookie-lifetime INI setting:

When you are creating the session for first time use this code, it will set the cookie time for a year (use your own time as its needed).

ini_set('session.cookie_lifetime', 60 * 60 * 24 * 365);
ini_set('session.gc-maxlifetime', 60 * 60 * 24 * 365);
session_start();

That should set the PHPSESSID cookie and your session will be safe... but is not the most secure way, so use it if you don't mind security issues

i would also try something with using the session_set_cookie_parameters() to give the session cookie a non-zero lifetime before starting the session, or set session.cookie_lifetime to non-zero.

i think the easiest way for you is that instead of just session_start we should input this on each page there is a session

 $expire = 365*24*3600; // We choose a one year duration

  ini_set('session.gc_maxlifetime', $expire);

 session_start(); //We start the session 

 setcookie(session_name(),session_id(),time()+$expire); 
//Set a session cookies to the one year duration

Answer 2

The problem is solved! It was an issue with 'www' and 'non-www'.

I added the following code:

session_set_cookie_params(0, '/', '.mydomain.com');