I have just migrated my application from a local WAMP to the actual online server. This has caused trouble with the session ID not being saved as it appears.
These are my session settings:
session.auto_start Off Off
session.bug_compat_42 Off Off
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 1000 1000
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 5 5
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path /tmp /tmp
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies On On
session.use_trans_sid 0 0
Error code is as simple as:
$sId = session_id();
if ($sId == '') { session_start(); }
When using cookie-based session state, ASP.NET does not allocate storage for session data until the Session object is used. As a result, a new session ID is generated for each page request until the session object is accessed.
Every time an Internet user visits a specific Web site, a new session ID is assigned. Closing a browser and then reopening and visiting the site again generates a new session ID.
It must be on every page you intend to use. The variables contained in the session—such as username and favorite color—are set with $_SESSION, a global variable. In this example, the session_start function is positioned after a non-printing comment but before any HTML.
PHP allows us to track each visitor via a unique session ID which can be used to correlate data between connections. This id is a random string sent to the user when a session is created and is stored within the user's browser in a cookie (by default called PHPSESSID).
You should first start session to use session_* functions. So first thing you need to do is:
session_start();
then you can ask for session id like this
$id = session_id();
Note that its not recommended to save sessions in public folder that is available to public since visitors could find folder where you save sessions and list all of them. Then they could inject session cookie into their browser and take control of other visitors user accounts. If you really need to do this, limit access to your /tmp folder. For example put .htaccess file in that folder with this code
Deny from all
Or find any other way to disable users to browser your /tmp folder since this can be security problem.
If you want to change session id on every request, for security reasons, you can use session_regenerate_id function
You would do something like this:
session_start();
session_regenerate_id();
// Do other things you want with sessions.
This way, even if someone steals your session cookie, session id would be changed on every request. And this could be your problem. There is a way for PHP to regenerate new session id on every request, so this might be the thing that bothers you.
As far as setting php.ini directives, you should check if your hosting provider allowed you to change .ini directive you are trying to change. It depends on server setup if you can change .ini directive or not. And the way sessions behave can be different from hosting to hosting, depending on how their server setup. Most of the things can be changed using php functions or using ini_set with this list of directives php.ini directives
I just had and solved the exact same problem.
It turns out that the cookie PHPSESSID (that keeps record of the session) was been send but it was ignored by the server, so the session was not maintained and the server restarted the session every time the page reloads or changes.
The problem was that I had in my wp-config.php this line:
@ini_set('session.cookie_secure','On');
This means that if the connection is not secure, every cookies is to be ignored, therefore the server the PHPSESSID cookie and the session was restarted.
Check your wp-config.php or your init.php. Is a problem with cookies.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With