0

I'd like to store the session when I redirect to another PHP file using javascript's window.location. But somehow, the session is always missing on the server while it's fine on my localhost. The server is still using an IP Address like this: http://1.1.1.1/app/check_session.php. The server is using CentOS. What I used here as the root path is the /app, is it cause the problem?

UPDATE:

  • session_id() changed after redirect to check_session_submit.php before > after, even refresh the check_session.php it keeps changing

Here's my code:

check_session.php

<?php

session_start();
echo "Session Path: ".session_save_path()."<br>";
echo "Session ID: ".session_id()."<br>";

$_SESSION["test"] = "test";
?>

<html>
<head>
    <script>
        function delayer(){
            window.location = "check_session_submit.php";
            exit();
        }
    </script>
</head>

<?php
if(isset($_POST["field_1"])){
    $_SESSION["field_1"] = $_POST["field_1"];
    ?>
    <body onLoad="setTimeout('delayer()', 1)">
    <?php
}

?>
        <form method="POST">
            <input type="text" name="field_1">
            <input type="submit">
        </form>
    </body>
</html>

check_session_submit.php

<?php

session_start();
echo "Session Path: ".session_save_path()."<br>";
echo "Session ID: ".session_id()."<br>";
echo "Session Data: ".json_encode($_SESSION);

?>

I have followed the instructions given here: https://stackoverflow.com/a/17242347/9858781 but still no luck. Tried to save the session into the specified path as mentioned in that comment .../app/cgi-bin/tmp and add the permission to directories by using chmod 777, but still, the session is not saved. I tried to check the Apache error log from /var/log/httpd/error_log and there's no error reported. Is there anything else that I can look into?

Here's my server session configuration:

session.save_path = "/tmp"
session.save_handler = files
session.use_strict_mode = 0
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.serialize_handler = PHP
session.gc_maxlifetime = 1440
session.gc_divisor = 1000
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.sid_length = 26
session.trans_sid_tags = "a=href,area=href,frame=src,form="
session.sid_bits_per_character = 5

These are the HTTP headers from the server response: server response HTTP header

tri samsul
  • 11
  • 1
  • Session handling is largely defined by the various [session configuration settings](https://www.php.net/manual/en/session.configuration.php) so in order to investigate this question, you will need to post those details. It would also be helpful to supply the HTTP headers that the server responds with (particularly any `Cookie` headers). Without this information, it will be very hard for anyone to answer this question. – HappyDog Nov 06 '21 at 12:53
  • Hi, thank you for your response, I added the session configs above and the screenshot of server response HTTP header, is there something that I can fix? – tri samsul Nov 09 '21 at 08:01
  • the order of your code is problematic. Your `` tag might appear AFTER your `
    ` and `
     – Raptor Nov 09 '21 at 09:07
  • I updated the `check_session.php` code above, but the issue still persists. – tri samsul Nov 09 '21 at 09:28
  • Your cookie header have secure flags which said that your session id is valid only for https. How thats happen ? – cakyus Nov 10 '21 at 13:40
  • I tried to add `ini_set("session.cookie_secure", 0);` and `ini_set("session.cookie_httponly", 1);` within the file, but the result still the same – tri samsul Nov 10 '21 at 15:47

1 Answers1

0

The issue solved when I use domain with https, however if anyone can have other solution when it's still on server IP address, please write the answer below, thank you!

tri samsul
  • 11
  • 1