PHPSESSID changes between requests
1,382 views
Skip to first unread message
Maarten Bicknese
Jan 22, 2014, 4:36:13 PM1/22/14
to f3-fra...@googlegroups.com
I have my form POST the login data to the "POST /user/login" route, this route handles login functionality.
The route ends in rerouting to "GET /user/login". First thing it does is check if the user is already logged in, and if so reroute to "GET /user/overview".
In the "GET /user/login" my SESSION is fine and the system will go on with the reroute. But when it runs the "GET /user/overview" route in succession the PHPSESSID changes and I get a 500 (since my expected session data is not available).
I have no idea what's happening. I neither use
session_regenerate_id()
nor
session_id('randomid here')
Something caught my attention. The last route returns these headers: (yes four times)
Set-Cookie:PHPSESSID=ks0u5j2o4pvmbmonut7u9v58b5; path=/; domain=stool.local; HttpOnlySet-Cookie:PHPSESSID=ks0u5j2o4pvmbmonut7u9v58b5; path=/; domain=stool.local; HttpOnlySet-Cookie:PHPSESSID=ks0u5j2o4pvmbmonut7u9v58b5; path=/; domain=stool.local; HttpOnlySet-Cookie:PHPSESSID=ks0u5j2o4pvmbmonut7u9v58b5; path=/; domain=stool.local; HttpOnly
Sn0opy
Jan 22, 2014, 4:40:20 PM1/22/14
to f3-fra...@googlegroups.com
Please post the code which sets the session. I don't see any reason why it's not working properly.
Maarten Bicknese
Jan 23, 2014, 12:59:25 AM1/23/14
to f3-fra...@googlegroups.com
The framework handles session starting for me.
All I do is setting and getting a couple of variables through:
$f3->get("SESSION.$domain.login_level");
OR
$f3->set("SESSION.warning_msg", 'Hello World!');
ikkez
Jan 23, 2014, 1:57:34 AM1/23/14
to f3-fra...@googlegroups.com
Maybe the cookie path or domain settings are wrong, so F3 fails to read the cookies again. Try playing with the JAR settings. http://fatfreeframework.com/quick-reference#jar
xfra35
Jan 23, 2014, 3:03:51 AM1/23/14
to f3-fra...@googlegroups.com
Concerning the multiple "set-cookie" headers, this looks like a bug. I just created an issue for it (#533).
Anyway, this shouldn't confuse the browser. If you want to check however if it does, just use the syntax $f3->set('SESSION.var','data') once and check if the bug persists or no.
Anyway, this shouldn't confuse the browser. If you want to check however if it does, just use the syntax $f3->set('SESSION.var','data') once and check if the bug persists or no.
Maarten Bicknese
Jan 23, 2014, 2:43:04 PM1/23/14
to f3-fra...@googlegroups.com
I commented out the 2 lines I posted in your issue fixing the multiple headers. But still giving me a new PHPSESSID anyway. Meaning it are unrelated issues.
Maarten Bicknese
Jan 23, 2014, 3:40:40 PM1/23/14
to f3-fra...@googlegroups.com
ugh, found it. It was my code after all (could have guessed).
This line cleared the whole session when I didn't set the value just yet.
\F3::clear('SESSION.' . array_search($domain, \F3::get('SESSION')));
Reply all
Reply to author
Forward
0 new messages