PHP session lost after redirect

Question

How do I resolve the problem of losing a session after a redirect in PHP   Recently  I encountered a very common problem of losing session after redirect  And after searching through this website I can still find no solution  although this came the closest     Update  I have found the answer and I thought I d post it here to help anyone experiencing the same problem

User · Answer

First of all  make sure you are calling session start   before using   SESSION variable   If you have disabled error reporting  try to turn in on and see the result   ini set  display errors   1   ini set  display startup errors   1   error reporting E ALL     The most common reasons that aren t mentioned in  dayuloli s answer    Disk space problem  Make sure your disk space is not full  you need some space to store session files  Session directory may not be writable  You can check it with is writable session save path

User · Answer

I also had the same issue with the redirect not working and tried all the solutions I could find  my header redirect was being used in a form   I solved it by putting the header redirect in a different php page  signin action php  and passing the variables parameters through I wanted in url parameters and then reassigning them in the  signin action php  form   signin php  if  stmt- gt num rows gt 0      SESSION  username       POST  username    echo   lt script gt window location href    http      root   includes functions signin action php username     SESSION  username       lt  script gt    error reporting E ALL     signin action php   lt  php require        config init php      SESSION  username       GET  username    if    SESSION  username       echo   lt script gt window location href    http      root   user index php   lt  script gt    exit      else   echo  Session not set        gt    It is not a beautiful work-around but it worked

User · Answer

Quick and working solution for me  was just simply double redirect  I created 2 files  fb-go php and fb-redirect php  Where fb-go php looked like   session start       SESSION  FBRLH state      some unique string for each call    header  Location  fb-redirect php      and fb-redirect   session start     header  Location  FULL facebook url with       SESSION  FBRLH state       value      Also worth to mention is Android Chrome browser behavior  Where user can see something like that     If user will chose Facebook app  then session is lost  because of opening in Facebook browser - not Chrome  which is storing user session data

User · Answer

I tried all possible solutions  but none worked for me  Of course  I am using a shared hosting service   In the end  I got around the problem by using  relative url  inside the redirecting header    header  location  http   example com index php     nullified the session cookies  header  location  index php     worked like a charm

User · Answer

Make sure session write close is not called between session start   and when you set your session   session start            session write close              SESSION  name    Bob      lt -- won t save

User · Answer

I ran into this issue on one particular page  I was setting   SESSION values in other pages right before redirecting and everything was working fine  But this particular page was not working   Finally I realized that in this particular page  I was destroying the session at the beginning of the page but never starting it again  So my destroy function changed from   function sessionKill         session destroy         to   function sessionKill         session destroy        session start         And everything worked

User · Answer

Nothing worked for me but I found what caused the problem  and solved it    Check your browser cookies and make sure that there are no php session cookies on different subdomains  like one for  www website com  and one for  website com     This was caused by a javascript that incorrectly used the subdomain to set cookies and to open pages in iframes

User · Answer

Today I had this problem in a project and I had to change this parameter to false  or remove the lines  by default is disabled    ini set   session cookie secure   1      This happened because the actual project works over http and not https only  Found more info in the docs http   php net manual en session security ini php

User · Answer

I was having the same problem and I went nuts searching in my code for the answer  Finally I found my hosting recently updated the PHP version on my server and didn t correctly set up the session save path parameter on the php ini file   So  if someone reads this  please check php ini config before anything else

User · Answer

To me this was permission error and this resolved it      chown -R nginx nginx  var opt remi php73 lib php session   I have tested a few hours on PHP and the last test I did was that I created two files session1 php and session2 php    session1 php   session start       SESSION  user     123   header  Location  session2 php      session2 php   session start     print r   SESSION     and it was printing an empty array    At this point  I thought it could be a server issue and in fact  it was   Hope this helps someone

User · Answer

This stumped me for a long time  and this post was great to find   but for anyone else who still can t get sessions between page redirects to work   I had to go into the php ini file and turn cookies on   session use cookies   1    I thought sessions worked without cookies   in fact I know they SHOULD   but this fixed my problem at least until I can understand what may be going on in the bigger picture

User · Answer

Just for the record    I had this problem and after a few hours of trying everything the problem was that the disk was full  and php sessions could not be written into the tmp directory    so if you have this problem check that too

User · Answer

I was having the same problem  All of a sudden SOME of my session variables would not persist to the next page  Problem turned out to be   in php7 1  you header location must not have WWW in it  ex https   mysite  is ok  https   www mysite  will lose that pages session variables  Not all  just that page

User · Answer

Here s my 2 cents on this problem as I don t see anyone mentioned this case    If your application is functioning thru a load balancer on a multiple nodes you can t save session into files or need to share this path for all nodes otherwise each node will have its own session files and you will run into inconsistency     So I m refactoring my app to use database instead of file system

User · Answer

you should use  exit  after header-call  header  Location  http   www example com  blabla blubb    exit

User · Answer

When i use relative path  dir file php  with in the header   function in works for me  I think that the session is not saved for some reason when you redirect using the full url       Does retain the session info for some reason header  Location  dir       Does not retain the session for some reason header  Location  https   mywebz com dir

User · Answer

For me  Firefox has stored session id  PHPSESSID  in a cookie  but Google Chrome has used GET or POST parameter  So you only have to ensure that the returning script  for me  paypal checkout  commit PHPSESSID in url or POST parameter

User · Answer

If you re using Wordpress  I had to add this hook and start the session on init   function register my session         if   session id              session start            add action  init    register my session

User · Answer

I had the same problem  I worked on it for several hours and it drove me crazy   In my case the problem was a 404 called due to a missing favicon ico in Chrome and Firefox only  The other navigators worked fine

User · Answer

Now that GDPR is a thing  people visiting this question probably use a cookie script  Well  that script caused the problem for me  Apparently  PHP uses a cookie called PHPSESSID to track the session  If that script deletes it  you lose your data   I used this cookie script  It has an option to enable  essential  cookies  I added PHPSESSID to the list  the script stopped deleting the cookie  and everything started to work again   You could probably enable some PHP setting to avoid using PHPSESSID  but if your cookie script is the cause of the problem  why not fix that

User · Answer

I fixed by giving group write permissions to the path where PHP store session files  You can find session path with session save path   function

User · Answer

I fixed this problem after many days of debugging and it was all because my return URL coming from PayPal Express Checkout didn t have a  www   Chrome recognized that the domains should be treated the same but other browsers sometimes didn t  When using sessions cookies and absolute paths  don t forget the  www

User · Answer

KEY POINT S  Do not start a session on the return page  Don t use session variable and not include header php which user session variable Just make a link go to home page or profile page after insert payment info and status

User · Answer

session start    error reporting E ALL    E NOTICE   E WARNING    if  isset   SESSION  name session          unset   SESSION  name session         session destroy             if isset   SESSION  name session           username     SESSION  name session

User · Answer

I ve been struggling with this for days  checking trying all the solutions  but my problem was I didn t call session start    again after the redirect  I just assumed the session was  still alive    So don t forget that

User · Answer

First  carry out these usual checks    Make sure session start    is called before any sessions are being called  So a safe bet would be to put it at the beginning of your page  immediately after the opening  lt  php declaration before anything else  Also ensure there are no whitespaces tabs before the opening  lt  php declaration  After the header redirect  end the current script using exit     Others have also suggested session write close    and session regenerate id true   you can try those as well  but I d use exit     Make sure cookies are enabled in the browser you are using to test it on  Ensure register globals is off  you can check this on the php ini file and also using phpinfo    Refer to this as to how to turn it off  Make sure you didn t delete or empty the session Make sure the key in your   SESSION superglobal array is not overwritten anywhere Make sure you redirect to the same domain  So redirecting from a www yourdomain com to yourdomain com doesn t carry the session forward  Make sure your file extension is  php  it happens     Now  these are the most common mistakes  but if they didn t do the trick  the problem is most likely to do with your hosting company  If everything works on localhost but not on your remote testing server  then this is most likely the culprit  So check the knowledge base of your hosting provider  also try their forums etc   For companies like FatCow and iPage  they require you to specify session save path  So like this   session save path   your home directory path  cgi-bin tmp    session start       replace  your home directory path  with your actual home directory path  This is usually within your control panel  or equivalent   but you can also create a test php file on your root directory and type    lt  php echo   SERVER  SCRIPT FILENAME      gt    The bit before  test php  is your home directory path  And of course  make sure that the folder actually exists within your root directory   Some programs do not upload empty folders when synchronizing

User · Answer

After trying many solutions here on SO and other blogs    what worked for me was adding  htaccess to my website root   RewriteEngine on RewriteCond   HTTP HOST   yoursitename com  RewriteRule       http      www  yoursitename  com   R 301 L

User · Answer

ini set  session save path  realpath dirname   SERVER  DOCUMENT ROOT           session     session start      Too late to reply but this worked for me

User · Answer

I had the same problem and found the easiest way  I simply redirected to a redirect  html  with 1 line of JS   lt  DOCTYPE html gt   lt html gt   lt script type  text javascript  gt   lt  -- window location    admin index php         gt   lt  script gt   lt  html gt    instead of PHP  header remove    header  Location  admin login php    die    I hope this helps   Love Gram

User · Answer

Make sure a new session is created properly by first destroying the old session   session start    session unset         remove all session variables   session destroy       destroy the session session start       SESSION  username      username     Yes  session start   is called twice  Once to call the unset and destroy commands and a second time to start  a fresh session

User · Answer

I had a similar problem  although my context was slightly different  I had a local development setup on a machine whose hostname was windows and IP address was 192 168 56 2   I could access the system using either of    http   localhost  http   127 0 0 1  http   windows  http   192 168 56 2    After logging in  my PHP code would redirect using   header  http   windows       If the previous domain name used to access the system was not windows  the session data would be lost  I solved this by changing the code to   header  http       SERVER  HTTP HOST           It now works regardless of what local domain name or IP address the user puts in   I hope this may be useful to someone

User · Answer

OP didn t specify if he s redirecting to the same page  for example after login  if so server browser caching could also be the problem  A simple workaround would be to append version number at the end of the URL  like you would when forcing  CSS file refresh   Example   header  Location  index php v   time       So the user is redirected to which is treated like a new page   domain com index php v 122234982323

User · Answer

If you are using Laravel and you experience this issue  what you need is to save your session data before redirecting   session  - gt save       Redirect the user to the authorization URL  header  Location       authorizationUrl   exit

User · Answer

Another possible reason   That is my server storage space  My server disk space become full  So  I have removed few files and folders in my server and tried   It was worked     I am saving my session in AWS Dynamo DB  but it still expects some space in my server to process the session  Not sure why

User · Answer

If you are using session set cookie params   you might want to check if you are passing the fourth param  secure as true  If you are  then you need to access the url using https   The  secure param being true means the Session is only available within a secure request  This might affect you locally more than in stage or production environments   Mentioning it because I just spent most of today trying to find this issue  and this is what solved it for me  I was just added to this project and no one mentioned that it required https   So you can either use https locally  or you can set the  secure param to FALSE and then use http locally  Just be sure to set it back to true when you push your changes up   Depending on your local server  you might have to edit DocumentRoot in the httpd-ssl conf of the server so that your local url is served https

User · Answer

For me the error was that I tried to save an unserialisable object in the session so that an exception was thrown while trying to write the session  But since all my error handling code had already ceased any operation I never saw the error   I could find it in the Apache error logs  though

[php] PHP session lost after redirect

Examples related to php

Examples related to session

Examples related to redirect

Examples related to session-cookies

Examples related to shared-hosting