发表新帖
发表新帖

PHP creating new session with each reload

后端 未结
关注
5 664
无人及你
无人及你 2021-01-18 06:02

For my website, session management mostly works ok. Sessions are created, saved and used later without problems.

But when the code is using session_start(), it alway

相关标签:
5条回答
  • 死守一世寂寞
    2021-01-18 06:45

    Use session_start() as first session command, before all other session_*() methods!

    0 讨论(0)
  • 春和景丽
    2021-01-18 06:55

    Cookies are only returned to the vhost / path where they were set from.

    Since your path is '/', that implies that the pages are not being requested via $domain . "." . $tld;

    e.g. user requests page via www.example.com

    cookie is set for example.com

    user access subsequent page from www.example.com - the cookie is not in scope.

    From RFC 2965

    x.y.com domain-matches .Y.com but not Y.com.

    Actually, if you read on, the spec does say that the user agent should prefix the host with a dot if none is supplied however you getting into the realm where browser behavuiour varies.

    If you simply return the cookie with a vhost matching the request it will work as expected.

    0 讨论(0)
  • 耶瑟儿~
    2021-01-18 07:02

    I think powtac is right in a way, but session_start(); should be your first operation you do, even before the header('Content-Type: text/html; charset=UTF-8');

    0 讨论(0)
  • 感情败类
    2021-01-18 07:07

    I'd hate to be the stick in the mud, but have you checked that /tmp is both readable and writeable by PHP (in most cases, this means the www-data user)? If not, move the session save location to a location that you can write to.

    0 讨论(0)
  • 无人及你
    2021-01-18 07:09

    This is not exactly about the original cause, but the resolution is exactly same: new session ids gets defined with each reload.

    In this case, fault was Varnish, which was set to put every request to pass mode (return (pass)) instead of caching everything. As consequence, every request made it to the backend, where session_start() was called every time.

    But when the response was sent through Varnish to the client, cookies were removed from the response. This is due that backend sets cookies (session id, along with others) even when we want to have the site be cached. Anyway, cookies get removed, client does another request and does not pass any cookies (it never received any!) and there PHP goes again calling session_start() without any session id present...

    This is more of fault in recognization of error in this case, which appeared as multitude of unnecessary sessions created. Those would’ve not been created in first place if caching was enabled in first place.

    There is also another way to manage to create these sessions: have browser not to accept cookies at all. Stupid reason, I know, but it does happen...

    For the original problem, I haven’t stumbled it since moving from original development machine away.

    0 讨论(0)
 看不清?
提交回复
热议问题