SESSION lost after redirect. (was working fine from hosted server)

Question

I use to have my website hosted on 1and1 server for years and it was working fine (php 7.4).

Since, i decided to switch to a dedicated server w/Linux ubuntu OS for my webserver (php 8.1.2).

All is working fine after the migration but I have a weird issue: when I get a redirection from an Ajax/php query I usualy redict (using JS) the client to a desired web page and the session is lost.

I do have the session_start(); and ensure that it do not switch from www.mywebsite.com to mywebsite.com.

I am confused as it is 100% the code that is working on the hosted server.

other clue, I see that the approval of cookies always prompt. so there is clearly a session issue that un_sync the client/server session_id.

Any config to ensure on a new apache server ? I can see in my "/var/lib/php/sessions" folder a new session every time i trigger the redirection ...

I would appreciate any advise.

here is my SESSION config from php.ini:

Session Support enabled
Registered save handlers    files user
Registered serializer handlers  php_serialize php php_binary
Directive   Local Value Master Value
session.auto_start  Off Off
session.cache_expire    180 180
session.cache_limiter   nocache nocache
session.cookie_domain   no value    no value
session.cookie_httponly no value    no value
session.cookie_lifetime 0   0
session.cookie_path /   /
session.cookie_samesite no value    no value
session.cookie_secure   0   0
session.gc_divisor  1000    1000
session.gc_maxlifetime  1440    1440
session.gc_probability  0   0
session.lazy_write  On  On
session.name    PHPSESSID   PHPSESSID
session.referer_check   no value    no value
session.save_handler    files   files
session.save_path   /var/lib/php/sessions   /var/lib/php/sessions
session.serialize_handler   php php
session.sid_bits_per_character  5   5
session.sid_length  26  26
session.upload_progress.cleanup On  On
session.upload_progress.enabled On  On
session.upload_progress.freq    1%  1%
session.upload_progress.min_freq    1   1
session.upload_progress.name    PHP_SESSION_UPLOAD_PROGRESS PHP_SESSION_UPLOAD_PROGRESS
session.upload_progress.prefix  upload_progress_    upload_progress_
session.use_cookies 1   1
session.use_only_cookies    1   1
session.use_strict_mode 0   0
session.use_trans_sid   0   0

Answer 1

1. session_start(); should be declared at the top of the script before any html output, including white spaces.

     <?php
     session_start();
     // code
   

2. Do you also use session_name()? https://www.php.net/manual/en/function.session-name.php

3. Check the cookie name PHPSESSID and see if it's changing.

4. You could try to store the sessions in Redis for example, maybe it's a cron that is deleting the contents of your /var/lib/php/sessions?

Answer 2

Sometimes the default session path may not be writeable or a custom session handler might be used by the new server you're using.

In this case I usually try override the session storage path and see if the session sticks between requests.

The below code should be placed at the earliest point in the request lifecycle. (before any other code is executed)

<?php

    //DEFINE THE CUSTOM SESSION STORAGE PATH
    $session_save_path = '/path/to/custom/session/storage';

    //MAKE THE FOLDER IF NEEDED
    if(!file_exists($session_save_path)) mkdir($session_save_path, 0755, true);

    //SET THE SESSION TO USE THE CUSTOM PATH
    session_save_path(realpath($session_save_path));

    //START THE SESSION IF POSSIBLE
    if(!session_id()) session_start();

    ...

See the PHP documentation https://www.php.net/manual/en/function.session-save-path.php

Another possible problem is that the session cookie isnt being sent with your ajax request.

If that is the case you might want to see this answer: Why is jQuery's .ajax() method not sending my session cookie?

Answer 3

Ok Guys,

I have find what was wrong, and I feel stupid but need to share the reason in case it happens to anyone.

Before, when using the 1and1 webhosting server, I was using a structure like this: mysiteweb.com subDomainWebApp.mysiteweb.com

if i wasnt logged on the webapp, i am redirected to the website with an iframe that opens the webapp login page.

After logging, i open the index in subdomainofwebapp.mysiteweb.com

So cookies are shared between website and subdomain.

But now I moved the subDomainWebApp.mysiteweb.com to a dedicated server with its own domain WebApp.com

so the iframe call in the initial website do not share the cookies with the new WebApp.com domain.

I had to restructure the logging to manage it directly on the new domain.

Sorry for that, but all your hints guided me to that conclusion after i put a close look to the cookie session data.

Thanks guys

Answer 4

What I understand is that session data is lost. If I understood correctly you can try updating your server's write permissions.

it look like;

sudo chmod 1777 -R /home/your_user_path/tmp/