I use to have my website hosted on 1and1 server for years and it was working fine (php 7.4).
Since, i decided to switch to a dedicated server w/Linux ubuntu OS for my webserver (php 8.1.2).
All is working fine after the migration but I have a weird issue:
when I get a redirection from an Ajax/php query I usualy redict (using JS) the client to a desired web page and the session is lost.
I do have the session_start(); and ensure that it do not switch from www.mywebsite.com to mywebsite.com.
I am confused as it is 100% the code that is working on the hosted server.
other clue, I see that the approval of cookies always prompt. so there is clearly a session issue that un_sync the client/server session_id.
Any config to ensure on a new apache server ?
I can see in my "/var/lib/php/sessions" folder a new session every time i trigger the redirection …
I would appreciate any advise.
here is my SESSION config from php.ini:
Session Support enabled
Registered save handlers files user
Registered serializer handlers php_serialize php php_binary
Directive Local Value Master Value
session.auto_start Off Off
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly no value no value
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_samesite no value no value
session.cookie_secure 0 0
session.gc_divisor 1000 1000
session.gc_maxlifetime 1440 1440
session.gc_probability 0 0
session.lazy_write On On
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path /var/lib/php/sessions /var/lib/php/sessions
session.serialize_handler php php
session.sid_bits_per_character 5 5
session.sid_length 26 26
session.upload_progress.cleanup On On
session.upload_progress.enabled On On
session.upload_progress.freq 1% 1%
session.upload_progress.min_freq 1 1
session.upload_progress.name PHP_SESSION_UPLOAD_PROGRESS PHP_SESSION_UPLOAD_PROGRESS
session.upload_progress.prefix upload_progress_ upload_progress_
session.use_cookies 1 1
session.use_only_cookies 1 1
session.use_strict_mode 0 0
session.use_trans_sid 0 0
4
Answers
Ok Guys,
I have find what was wrong, and I feel stupid but need to share the reason in case it happens to anyone.
Before, when using the 1and1 webhosting server, I was using a structure like this: mysiteweb.com subDomainWebApp.mysiteweb.com
if i wasnt logged on the webapp, i am redirected to the website with an iframe that opens the webapp login page.
After logging, i open the index in subdomainofwebapp.mysiteweb.com
So cookies are shared between website and subdomain.
But now I moved the subDomainWebApp.mysiteweb.com to a dedicated server with its own domain WebApp.com
so the iframe call in the initial website do not share the cookies with the new WebApp.com domain.
I had to restructure the logging to manage it directly on the new domain.
Sorry for that, but all your hints guided me to that conclusion after i put a close look to the cookie session data.
Thanks guys
session_start();
should be declared at the top of the script before any html output, including white spaces.Do you also use session_name()? https://www.php.net/manual/en/function.session-name.php
Check the cookie name
PHPSESSID
and see if it’s changing.You could try to store the sessions in Redis for example, maybe it’s a cron that is deleting the contents of your
/var/lib/php/sessions
?Sometimes the default session path may not be writeable or a custom session handler might be used by the new server you’re using.
In this case I usually try override the session storage path and see if the session sticks between requests.
The below code should be placed at the earliest point in the request lifecycle. (before any other code is executed)
See the PHP documentation https://www.php.net/manual/en/function.session-save-path.php
Another possible problem is that the session cookie isnt being sent with your ajax request.
If that is the case you might want to see this answer:
Why is jQuery's .ajax() method not sending my session cookie?
What I understand is that session data is lost. If I understood correctly you can try updating your server’s write permissions.
it look like;
sudo chmod 1777 -R /home/your_user_path/tmp/