0

I recently built a Content Management System, and I'm using session variables throughout my code. However, I just switched over to HTTPS, and now it appears the session variables aren't working.

I've done a lot of research, but unfortunately I haven't found a solution to this problem yet. I'm thinking there has to be a setting in the "php.ini", or the IIS Manager (I'm currently using IIS 7.5) that I'm not seeing.

I found that in ISS Manager, under ASP -> Session Properties -> New ID On Secure Connection defaults to True - I can definitely see that being a problem if it's doing the same thing somewhere with PHP, but I can't find it if that's an option.

I'm initializing the session_start(); at the very beginning of the document (nothing comes before it), and it works fine over HTTP, just not HTTPS. Additionally, I've updated the base_url to include the https:// on any redirects, so it's not going from HTTP to HTTPS, it's strictly going over HTTPS.

Thanks in advance for any suggestions of where I might look.

TecHalo
  • 51
  • 9
  • Why do you think they aren't working? Please elaborate (errors, changes to $_SESSION don't apply across pages, etc.) (https://stackoverflow.com/questions/1053424/how-do-i-get-php-errors-to-display) Also, what changes were made to switch to HTTPS? Server changes? – pepperjack Jul 19 '18 at 23:01
  • Thanks for the reply. No changes were made to the server.. I simply moved this from 1 directory, to another directory that had the SSL cert already configured on it - The only thing I did script wise, was update the base url to include the `HTTPS` - They're using the same host, and using the same ISS Manager. My login script assigns session variables, and then redirects to the dashboard. However, after logging in, it redirects back to the login page, because I'm checking if `$_SESSION['sid']!==session_id()` - To check if it's not a valid session. – TecHalo Jul 19 '18 at 23:21
  • Please try doing a simple test with just a single file, just setting a session variable and loading it again after a page reload. – pepperjack Jul 20 '18 at 00:21
  • I can get this to work on a single page.. I'm using `
    ` which directs them to the login script that then fetches some data for the session variables. I've tried using the full URL, with the `HTTPS` in the `action=""`, but that didn't seem to work.. Additionally, just for the sake of testing, I used some javascript to force the form in HTTPS, but that didn't work either. Any ideas?
     – TecHalo Jul 20 '18 at 15:48
  • I also added a static session just under my `session_start();` on the `loginaction.php` script - I then tried to echo that on the login page, as it also starts with `session_start();` and should be carried over, but it isn't. I feel like it has to be something with the way the form is being posted.. – TecHalo Jul 20 '18 at 16:07

0 Answers0