session_id() & cookie not going to 2nd script
Posted: Wed Mar 18, 2015 9:20 am
For some reason the session_id and cookie are not carried through from the test-from script to the test-to script.
Note: I need to use session cookies as opposed to persistent cookies. The whole site is SSL. This happens in firefox, chrome and IE10. In firefox, firebug shows there is no cookie present.
And the session folder shows two session_ids instead of only one (I believe).
Can anyone see what I'm doing wrong here?
Here is the data in the php.ini file:
session.use_cookies = 1
session.cookie_secure = On
session.use_only_cookies = 1
session.name = "name"
session.auto_start = 0
session.cookie_path = /
session.cookie_domain = .example.com
session.cookie_httponly = true
Here's the test-from script that calls test-to.php below it:
And the test-to.php script:
Here's the output from test-to.php:
_session[id] not set
_cookie[session_name] not set
And here are the two session_id()s - there should only be one, I believe:
sess_oadi8hn601nabgck8k13cm1g518qd4ho
sess_pq90ht1untugn8aptft0557u4iele4o1
Note: I need to use session cookies as opposed to persistent cookies. The whole site is SSL. This happens in firefox, chrome and IE10. In firefox, firebug shows there is no cookie present.
And the session folder shows two session_ids instead of only one (I believe).
Can anyone see what I'm doing wrong here?
Here is the data in the php.ini file:
session.use_cookies = 1
session.cookie_secure = On
session.use_only_cookies = 1
session.name = "name"
session.auto_start = 0
session.cookie_path = /
session.cookie_domain = .example.com
session.cookie_httponly = true
Here's the test-from script that calls test-to.php below it:
Code: Select all
<?php
ob_start();
session_name();
$session_name = session_name();
session_start();
session_id();
if (ini_get("session.use_cookies"))
{
$params = session_get_cookie_params();
setcookie($session_name, session_id(), 0, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
$_SESSION['id'] = session_id();
$url = "https:/www.example.com/test-to.php";
ob_end_clean();
header("Location: $url");
mysqli_close($dbc);
exit();
}
ob_end_flush();
?>
Code: Select all
<?php
ob_start();
session_name();
$session_name = session_name();
session_start();
session_id();
if(isset($_SESSION['id']))
{
echo "_session[id] = ".$_SESSION['id']."<br>";
}
else
{
echo "_session[id] not set<br>";
}
if(!isset($_COOKIE[$session_name]))
{
echo "_cookie[session_name] not set<br>";
}
else
{
echo "_session[id] = ".$_SESSION['id']."<br>";
echo "cookie is set<br>";
echo "cookie = ".$_COOKIE[$session_name]."<br>";
echo "session_name() = ".session_name()."<br>";
echo "old session_id = ".$_SESSION['id']."<br>";
}
ob_end_flush();
?>
_session[id] not set
_cookie[session_name] not set
And here are the two session_id()s - there should only be one, I believe:
sess_oadi8hn601nabgck8k13cm1g518qd4ho
sess_pq90ht1untugn8aptft0557u4iele4o1