0

I have wrote a code that has been working for the last past 3 month. Now suddenly, I noticed that my PHP _Session variable no longer persists between the different page for my login. Please note that the code actually works on local, but not on my server (papahost).

Here's a very simple version of what i'm trying to do (SESSION persists from class A to B):

class function.php

<?php 
function sec_session_start()
{
        //other code goes here 
        session_name('sec_session_id');
        $secure = SECURE;

        // This stops JavaScript being able to access the session id.
        $httponly = true;

        if (ini_set('session.use_only_cookies', 1) === FALSE) 
        {
           header("Location: ../error.php?err=8");
           session (ini_set)
           exit();
        }
       $cookieParams = session_get_cookie_params();
       session_set_cookie_params($cookieParams["lifetime"], 
       $cookieParams["path"], 
       $cookieParams["domain"], $secure, $httponly);
       //end of other code
    session_start();
}
?>



class a.php

<?php 
include_once 'function.php';
sec_session_start();
$_SESSION["test"] = "this is a test";
$url = "b.php";
echo '<script type="text/javascript">';
echo 'window.location.href="'.$url.'";';
echo '</script>';
echo '<noscript>';
echo '<meta http-equiv="refresh" content="0;url='.$url.'" />';
echo '</noscript>'; 
exit;
?>



class b.php

<?php 
include_once 'includes/functions.php';
sec_session_start();
echo($_SESSION["test"]); 
?>

The expected output for class b.php is "this is a test" but the actual output is "" on my server since for an unknown reason, the session data is not persistant. As I said it works perfectly on local. Anyone has a clue what could be the problem? Could it be a problem from php.it or a CPanel property I missed?

I noticed that the PHPSESSID is not created after the line session_start() is executed in function.php.

Thank you for your help!

Philippe Séguin-Boies
  • 33
  • 5

1 Answers1

1

Bring session_start() over $secure = SECURE; in sec_session_start(). You should not define and assign any vars before session_start().

Edit: Actually try to bring it step by step to upper levels and to somehow juggle in conjunction with the other session functions. Use no headers before it.

Edit: See here (point 1) the big problem caused by session_start() on second line, resolved very simple.

Community
  • 1
  • 1
  • Thank you for your help! I finally found that there was an hidden character in my code that was completely disabling my application! Furthermore, I updated my code with your proposition and it works perfectly now!! – Philippe Séguin-Boies May 17 '17 at 04:31
  • @PhilippeSéguin-Boies I'm very curious about in which position you brought the `session_start()` in relation with the other session functions and vars. Could you please somehow show me your relevant working code? Thanks. –  May 17 '17 at 11:38