SESSION variable seems to be being overwritten

[Matt Gogerly]

In my login method I setup a session like so:

$session = new DB\SQL\Session($db);
$f3->set('SESSION.csrf', $session->csrf());

The issue I have is then when I go into a controller and run

var_dump($f3->get('SESSION'));

the CSRF attribute isn't there. I suspect this is because my session is being overwritten by the cached version. If I go to tmp/ I see a session file with identical contents to what is being output by the var_dump. What I don't understand is why this is happening - I've grepped "new Session(" and there's no results. The only place I can find a new session being created is what I've written above. But f3->get('SESSION') doesn't seem to use the DB session.

Any ideas? Thanks!

[ved]

Hi,

If you can please post the code for your login method and code up to where you're using var_dump.

Maybe session auto start on php.ini? Or calling $f3->SESSION or $_SESSION somewhere before initializing the database session handler?

Many things could be at play here but without looking at the code preceding the issue we can't really help you that much.