KillGorack Posted August 18, 2022 Share Posted August 18, 2022 Basically, it's about a login that is persistent. On the host I use it works well no errors, but on my computer, I can log in, then after a page load, it's gone. part of a class. session_name('__Secure-PHPSESSID'); session_set_cookie_params([ 'lifetime' => 0, 'path' => '/', 'domain' => $_SERVER['SERVER_NAME'], 'secure' => true, 'httponly' => true, 'samesite' => 'Strict', ]); session_start(); header("Content-Security-Policy: default-src 'self'"); header("strict-transport-security: max-age=31536000"); header('X-Frame-Options: sameorigin'); header("X-XSS-Protection: 1; mode=block"); header('X-Content-Type-Options: nosniff'); header("Feature-Policy: vibrate 'none'"); header("Referrer-Policy: no-referrer"); header('Access-Control-Allow-Origin: *'); header("Expect-CT: max-age=86400, enforce"); header_remove("X-Powered-By"); date_default_timezone_set($this->pdo->getSetting('timezone')); I can re arrange the code above and it works but get some warnings. like "Session name cannot be changed when a session is active" admittedly I'm kind of lost. Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted August 18, 2022 Share Posted August 18, 2022 are you making a https request on your localhost system? Quote Link to comment Share on other sites More sharing options...
KillGorack Posted August 18, 2022 Author Share Posted August 18, 2022 1 minute ago, mac_gyver said: are you making a https request on your localhost system? Egad! no I'm not. never thought of that. Could that be the issue? Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted August 18, 2022 Share Posted August 18, 2022 15 minutes ago, KillGorack said: 'secure' => true, Quote secure If true cookie will only be sent over secure connections. Quote Link to comment Share on other sites More sharing options...
KillGorack Posted August 18, 2022 Author Share Posted August 18, 2022 Just now, mac_gyver said: Thanks, I'll do some testing with that one, and let you know. Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted August 19, 2022 Share Posted August 19, 2022 (edited) i played with this some, and the session_name should only contain alphanumeric characters. for the value shown, no session was started. i suspect that on the host where this 'doesn't fail', a session has already been started, the posted code actually does nothing, but php's error related settings are not setup to display/log errors that would be alerting you to the problem. Edited August 19, 2022 by mac_gyver Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.