Jump to content

Session is dropped after redirect?


Go to solution Solved by Jacques1,

Recommended Posts

I'm not sure why this is happening, I force an https redirect in apache could that be it?

After assigning the $hex var to $_SESSION['user'] and echoing, I see that there is a session, however when redirecting to a new page the session is dropped.

 

I have tested outside of this script/page, and sessions aren't dropped in redirecting, so I must be missing something on this page.

 

I'd appreciate any help.

 

https://www.cunninghamwebdd.com/brian-music/bad-index.html

 

I edited the $user that's missing at the top where I set $user to $_SESSION['user'];

This is for if someone's already logged in, they are redirected to the home page or whatever.

Edited by greenace92
Link to comment
https://forums.phpfreaks.com/topic/300903-session-is-dropped-after-redirect/
Share on other sites

Your session cookie is created for the domain www.cunninghamwebdd.com, but you're redirecting to cunninghamwebdd.com. Those are, in fact, two different domains. While the subdomain can theoretically create a cookie which is valid for the superdomain as well (but not the other way round), I strongly recommend you pick a single canonical domain (preferrably www.cunninghamwebdd.com) and use that exclusively. Configure your webserver to redirect all other domains to the canonical one. This will save you a lot of trouble now and in the future.

Your session cookie is created for the domain www.cunninghamwebdd.com, but you're redirecting to cunninghamwebdd.com. Those are, in fact, two different domains. While the subdomain can theoretically create a cookie which is valid for the superdomain as well (but not the other way round), I strongly recommend you pick a single canonical domain (preferrably www.cunninghamwebdd.com) and use that exclusively. Configure your webserver to redirect all other domains to the canonical one. This will save you a lot of trouble now and in the future.

 

Is this a php/apache setting? I'm in the domain without www, but you say the session cookie is created for www. Is that a default thing? I will just use the www one then, it just seems cleaner to not use www.

I fixed the redirect to use www, this is part of my apache configuration, I don't know why it is still not working.

I did restart/reload the server.

<VirtualHost *:80>
ServerName www.cunninghamwebdd.com
ServerAlias cunninghamwebdd.com http://www.cunninghamwebdd.com
DocumentRoot /var/www/html
Redirect "/" "https://www.cunninghamwebdd.com/"


# CustomLog /directory log file location not enabled
# ErrorLog /directory log not enabled
</VirtualHost>


<VirtualHost *:443>
ServerName https://www.cunninghamwebdd.com
DocumentRoot /var/www/html
# CustomLog
# ErrorLog
<IfModule mod_ssl.c>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/cunninghamwebdd_com.crt
SSLCertificateKeyFile /etc/ssl/certs/cunninghamwebdd_com.key
SSLCACertificateFile /etc/ssl/certs/cunninghamwebdd_com.ca-bundle.crt
SSLProtocol All -SSLv2 -SSLv3 +TLSv1 +TLSv1.1
</IfModule>
</VirtualHost>


<VirtualHost *:443>
ServerName https://cunninghamwebdd.com
DocumentRoot /var/www/html/
Redirect "/" "https://www.cunninghamwebdd.com/"
# CustomLog
# ErrorLog
<IfModule mod_ssl.c>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/cunninghamwebdd_com.crt
SSLCertificateKeyFile /etc/ssl/certs/cunninghamwebdd_com.key
SSLCACertificateFile /etc/ssl/certs/cunninghamwebdd_com.ca-bundle.crt
SSLProtocol All -SSLv2 -SSLv3 +TLSv1 +TLSv1.1
</IfModule>
</VirtualHost>
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.