$_SESSION reset on every refresh, cause i find is ini_set('session.name','test');

[iarp]

I'm working with this script: https://github.com/m...r/Resession.php i haven't modified it or anything yet. I'm trying to use it to get a bit better session security, today i was messing around with cookies and just copied the id from one browser to another and was magically logged in as the other browser... too insecure.

 

and i have a test page:

 

<?php
require_once('../libs/class.Resession.php');

function debug($var) {
   echo '<pre>' . print_r($var, true) . '</pre>';
}

$session = new Resession(array(
   'security' => Resession::SECURITY_HIGH,
   'cookies' => true,
   'name' => 'mysite321'
));

#$session->set('hi', 'testing');

debug($session->get());

debug($session);

 

I'm having an issue where, i $session->set a value (as commented out in code above) and then print the session information. That works all fine and dandy until i refresh the page. I'm continuously getting a new session id on every refresh, and i'm losing the session information.

 

I have commented out just about every line in that __construct function attempting to find the culprit and the ONLY thing that stops the loss of session data is commenting out

 

ini_set('session.name', $this->_config['name']);

 

I am not sure why it getting a new session id on every reload just because of that single line. I'm wondering if anyone could have a quick glance and let me know if i'm missing some type of detail here.

[iarp]

I can't explain it, but changing the session name in the _config array fixed the issue.

 

I'm guessing somewhere in my nginx or php5-fpm pool configs it also writes a session cookie and this class was simply overwriting it by accident.