I have a PHP website that requires users to be registered and logged in. I use PHP sessions to manage the information from logged in users. It has been working great until few months back but I am now having issues with certain users and devices only.
The user starts in index.php with the login form. When submitted, there is a control.php page that controls whether the user is registered and gives or denies control. If the user is registered, it goes to menu.php.
Now, the problem is that some users, despite entering the right login info, are unable to reach menu.php in their Android devices using Chrome (even if they are able to do it in a PC, also using Chrome, or in other devices).
I debugged the session variables and realized that they are fully killed when redirecting from control.php to menu.php. However, as this is only happening to some users in some devices, I understand there is no issue with redirects or others that I read in similar posts.
I also saw other cases where the recommendation was to clear cookies and cache in Chrome. I tried with that too and it did not work. The session_id() changes after clearing all information but info is still killed.
After reseraching for weeks and trying every possible solution, I am now completely lost. Any recommendations would be more than welcomed.
By the way, I am running nginx and PHP 5.5.9
Thank you in advance,
JR
control.php looks like
$nick=$_POST['nick'];
$pass=md5($_POST['pass']);
$q=mysql_fetch_array(mysql_query("select * from ft_managers where (nickmanager='$nick' or email='$nick') and (passmanager='$pass')"));
if($q['activado']==1) // Means account is activated
{
session_start();
$_SESSION['permiso']=1;
$_SESSION['nick']=$q['nickmanager'];
$_SESSION['username']=$q['nickmanager'];
$_SESSION['id']=$q['idmanager'];
Header("Location: menu.php");
exit
}
else
{
Header("Location: index.php?error=1");
}
?>
menu.php looks like
<?php
session_start();
print_r($_SESSION);
echo session_id();
// Rest of the code here, but the print_r already shows no info for certain users and devices. For the same user in a different device, everything works
?>