0

I have cloud Ubuntu server, with ispmanager. PHP version used 7.4.3

The following php code set session cookie params, and session_start generates new session on each call, so broke authorization and other things depending on session. If remove session_set_cookie_params - leave just session_start - session working fine. Also I have local development server with php version 7.2.24 - there all working fine.

    $maxlifetime = 0;
    $path = '/';
    $domain = '.'.$_SERVER['HTTP_HOST'];
    $secure = true;
    $httponly = true;
    $samesite = 'Strict';
    
    if(PHP_VERSION_ID < 70300) {
      session_set_cookie_params($maxlifetime, $path.'; samesite='.$samesite, $domain, $secure, $httponly);
    } else {
      session_set_cookie_params(array(
          'lifetime' => $maxlifetime,
          'path' => $path,
          'domain' => $domain,
          'secure' => $secure,
          'httponly' => $httponly,
          'samesite' => $samesite
      ));
    }
  session_start();

Looks like php developers broke session cookie, between 7.2 and 7.4

LeonidMew
  • 420
  • 5
  • 24
  • Use the answer here to check if session is already started or not. If not, then set the cookie params, else leave it as is. https://stackoverflow.com/questions/6249707/check-if-php-session-has-already-started – nice_dev May 11 '22 at 07:29
  • @nice_dev session not started before code in question. It set session cookie, but session token is different every request – LeonidMew May 11 '22 at 07:33
  • See https://www.php.net/manual/en/function.session-set-cookie-params.php#100657 – nice_dev May 11 '22 at 07:42

0 Answers0