2

I am having some trouble with PHP sessions, but only in my browser (Google Chrome v.84.0.4147.105 64bits). It seems that the session is not being saved. For example, for this code:

 session_start();
$_SESSION['hello'] = 'world';
echo 'hello ' . $_SESSION['hello'];

echo '<br>ID: ' . session_id();

In any browser get:

hello world ID: ksr9shdsjnpenhv23ldtfqvwc2

And the same if I reload the page. But for my browser I get a different session ID every time I reload the page, and the $_SESSION['world'] variable is not available for other files.

Any idea? There is nothing before session_start(), actually those lines are the whole file

Vianick Oliveri
  • 167
  • 1
  • 9

1 Answers1

2

take a look in your PHP there is set:

php_value session.use_cookies = 1

and the both

php_value session.use_only_cookies 1
php_value session.use_trans_sid 0

are default values so you will not find them there.
then php will try to store the session ID in a cookie and will not succeed so you will end up get a new session ID each time. if you want to not depend on the cookie setting and do not mind a longer URL you can thy this:

ini_set('session.use_only_cookies', '0');
ini_set('session.use_trans_sid','1');
session_start();

now php will try to store the session as a cookie and if it fails as a get variable called PHPSESSID and your URL will get a bit longer. You can change the name of this variable by setting session.name.

In this moment you can protect yourself by using a hidden POST var that stores for example a md5 of this variable and you can control each time if the session has been manipulated ...

a good habit is also to store the sessionid and the IP in a sessions table in the database, and then check each time if GET POST and Database and the IP sing the same song.

welcome in the cookie kitchen ;-)