I have a webpage that uses PHP $_SESSION variables. It works fine on my computer using Google Chrome (version 44.0.2403.157 (64-bit)), but it doesn't work for other browsers or other versions of Chrome.
What can I do to fix this? I would prefer if I could keep using $SESSION variables so I don't have to recode all my webpages, but if I must, what is an alternative?
For context: I use the $_SESSION variables to store information such as the identity of who is "logged in" to my site and products in a user's "shopping cart".
Code: I start a session like this:
function sec_session_start() {
$session_name = 'sec_session_id'; // Set a custom session name
$secure = false;
// This stops JavaScript being able to access the session id.
$httponly = true;
// Forces sessions to only use cookies.
if (ini_set('session.use_only_cookies', 1) === FALSE) {
header("Location: ../error.php?err=Could not initiate a safe session (ini_set)");
exit();
}
// Gets current cookies params.
$cookieParams = session_get_cookie_params();
session_set_cookie_params($cookieParams["lifetime"],
$cookieParams["path"],
$cookieParams["domain"],
$secure,
$httponly);
// Sets the session name to the one set above.
session_name($session_name);
session_start(); // Start the PHP session
session_regenerate_id(true); // regenerated the session, delete the old one.
}
Like I said before, it works fine in certain browsers. Something is preventing it from working in others.
By "working", I mean the browser allows for the use of $SESSION variables. I do not mean the variables save across browsers.
When I check the cookies of the browser where it does not work, it says that it is storing cache, cookies, and local storage for my website.
Here a small example of my code. Here, when the login button is pressed, it checks the login credentials.
<?php
/**
*
*
*/
include_once 'db-credentials.php'; //get database credentials
$mydb2= logindb(); //login to database
sec_session_start(); //start session
//process form data
if(isset($_POST['btn-login'])) //if login button was pressed
{
$email = $_POST['email'];
$upass = $_POST['pwd'];
$row = $mydb2->get_row($mydb2->prepare(
"select * from users WHERE email='$email'"), ARRAY_A
);
if($row['password']==$upass)
{
$_SESSION['user'] = $row['user_id'];
$_SESSION['name'] = $row['username'];
echo "<script>window.location = 'http://mywebsite.ca/order/'</script>";
}
else
{
?>
<script>alert('Invalid login. Please check your email and password and try again');</script>
<?php
}
}
Now, that code runs fine. With a correct username and password, the program gets into the inner if statement and will run the echo "<script>window.location = 'http://mywebsite.ca/order/'</script>"; statement.
However, when it gets to http://mywebsite.ca/order/, it no longer has the session variables saved!
