greenace92 Posted February 28, 2016 Share Posted February 28, 2016 (edited) I'm not sure why this is happening, I force an https redirect in apache could that be it? After assigning the $hex var to $_SESSION['user'] and echoing, I see that there is a session, however when redirecting to a new page the session is dropped. I have tested outside of this script/page, and sessions aren't dropped in redirecting, so I must be missing something on this page. I'd appreciate any help. https://www.cunninghamwebdd.com/brian-music/bad-index.html I edited the $user that's missing at the top where I set $user to $_SESSION['user']; This is for if someone's already logged in, they are redirected to the home page or whatever. Edited February 28, 2016 by greenace92 Quote Link to comment https://forums.phpfreaks.com/topic/300903-session-is-dropped-after-redirect/ Share on other sites More sharing options...
Jacques1 Posted February 28, 2016 Share Posted February 28, 2016 Your session cookie is created for the domain www.cunninghamwebdd.com, but you're redirecting to cunninghamwebdd.com. Those are, in fact, two different domains. While the subdomain can theoretically create a cookie which is valid for the superdomain as well (but not the other way round), I strongly recommend you pick a single canonical domain (preferrably www.cunninghamwebdd.com) and use that exclusively. Configure your webserver to redirect all other domains to the canonical one. This will save you a lot of trouble now and in the future. Quote Link to comment https://forums.phpfreaks.com/topic/300903-session-is-dropped-after-redirect/#findComment-1531540 Share on other sites More sharing options...
greenace92 Posted February 28, 2016 Author Share Posted February 28, 2016 Wow thanks a lot, I will do that. Let me see if this works, should. Quote Link to comment https://forums.phpfreaks.com/topic/300903-session-is-dropped-after-redirect/#findComment-1531541 Share on other sites More sharing options...
greenace92 Posted February 28, 2016 Author Share Posted February 28, 2016 Your session cookie is created for the domain www.cunninghamwebdd.com, but you're redirecting to cunninghamwebdd.com. Those are, in fact, two different domains. While the subdomain can theoretically create a cookie which is valid for the superdomain as well (but not the other way round), I strongly recommend you pick a single canonical domain (preferrably www.cunninghamwebdd.com) and use that exclusively. Configure your webserver to redirect all other domains to the canonical one. This will save you a lot of trouble now and in the future. Is this a php/apache setting? I'm in the domain without www, but you say the session cookie is created for www. Is that a default thing? I will just use the www one then, it just seems cleaner to not use www. Quote Link to comment https://forums.phpfreaks.com/topic/300903-session-is-dropped-after-redirect/#findComment-1531542 Share on other sites More sharing options...
greenace92 Posted February 28, 2016 Author Share Posted February 28, 2016 I fixed the redirect to use www, this is part of my apache configuration, I don't know why it is still not working. I did restart/reload the server. <VirtualHost *:80> ServerName www.cunninghamwebdd.com ServerAlias cunninghamwebdd.com http://www.cunninghamwebdd.com DocumentRoot /var/www/html Redirect "/" "https://www.cunninghamwebdd.com/" # CustomLog /directory log file location not enabled # ErrorLog /directory log not enabled </VirtualHost> <VirtualHost *:443> ServerName https://www.cunninghamwebdd.com DocumentRoot /var/www/html # CustomLog # ErrorLog <IfModule mod_ssl.c> SSLEngine on SSLCertificateFile /etc/ssl/certs/cunninghamwebdd_com.crt SSLCertificateKeyFile /etc/ssl/certs/cunninghamwebdd_com.key SSLCACertificateFile /etc/ssl/certs/cunninghamwebdd_com.ca-bundle.crt SSLProtocol All -SSLv2 -SSLv3 +TLSv1 +TLSv1.1 </IfModule> </VirtualHost> <VirtualHost *:443> ServerName https://cunninghamwebdd.com DocumentRoot /var/www/html/ Redirect "/" "https://www.cunninghamwebdd.com/" # CustomLog # ErrorLog <IfModule mod_ssl.c> SSLEngine on SSLCertificateFile /etc/ssl/certs/cunninghamwebdd_com.crt SSLCertificateKeyFile /etc/ssl/certs/cunninghamwebdd_com.key SSLCACertificateFile /etc/ssl/certs/cunninghamwebdd_com.ca-bundle.crt SSLProtocol All -SSLv2 -SSLv3 +TLSv1 +TLSv1.1 </IfModule> </VirtualHost> Quote Link to comment https://forums.phpfreaks.com/topic/300903-session-is-dropped-after-redirect/#findComment-1531543 Share on other sites More sharing options...
Solution Jacques1 Posted February 28, 2016 Solution Share Posted February 28, 2016 You're also terminating the session with session_destroy() and then try to write data to it. This of course makes no sense. Get rid of the statement. I guess what you actually want is session_regenerate_id(true). Quote Link to comment https://forums.phpfreaks.com/topic/300903-session-is-dropped-after-redirect/#findComment-1531544 Share on other sites More sharing options...
greenace92 Posted February 28, 2016 Author Share Posted February 28, 2016 That was it! Thank you for the help as always. Quote Link to comment https://forums.phpfreaks.com/topic/300903-session-is-dropped-after-redirect/#findComment-1531545 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.