I have a site that I send traffic to with information in the query string. All the traffic gets sent to one page where a decision is made as to where to redirect it to within the site and the information contained in the query string is recorded to session variables. From there I need to be able to access the session variables from any page on the site. The problem is that I am losing a significant proportion of the session information in the redirect. I am aware that sessions can be lost when using a header redirect (which is what I am doing) so I am passing the session ID in the query string from my redirect page in an attempt to overcome this - Code on redirect page: $Destination = 'http://' . $Domain . $Path . '?' . 'SID=' . Session_ID(); session_write_close(); header("Location: $Destination"); exit; Code (markup): And on the page where it goes to ($Destination) I am trying to pick up the session ID from the redirected traffic like this: if(isset($_GET['SID'])) {session_id(strip_tags($_GET['SID']));} $Cookie_Domain = str_replace('www','',$_SERVER['HTTP_HOST']); //Returns .example.com to allow access on all subdomains session_name('myname'); session_set_cookie_params(0, '/', $Cookie_Domain); session_start(); Code (markup): With the session_set_cookie_params I am trying to make the session available across all subdomains just in case there was a problem with the site being accessed through the domain with and without the www. Currently I see that I am losing the session about 20% of the time. Can anyone point me in the right direction to nail down where the problem is and how to overcome it? My current best thinking is that it could be a browser specific issue (IE6 accounts for around 20% of the traffic).
Well, if you're using cookies: I assume you're also doing session_name / session_set_cookie_params / session_start on the first page? (not shown in the code)
I'd take a guess to say that one of your pages doesn't have the "session_start();" at the top of ALL YOUR PAGES and once you load one page without that I'm pretty sure the session is destroyed (or "lost", if you will). At least, that's the mistake I always make with sessions when I have a similar problem as yours
That can't be true in practice as at the moment 100% of the traffic that I am sending through the pages in question goes through the redirect page and therefore the ID will be defined by appending it to the query string. If a new cookie was being sent every time I did this I would be losing all of my session data not just 20%. Yes In this case my situation is really simple as there are only two pages involved and they both have session_start(); at the top. It would seem illogical to destroy a session just because the session is not started on a particular page - if you're not going to be using it on a particular page why start it. I will bear it in mind though and investigate further. Because I need to use sessions on most pages on the particular site in question I have included the session_start(); on the template though so it should be present on all pages.
get rid of the session_id() mumbo jumbo. Enable trans_sid: http://www.php.net/manual/en/session.configuration.php#ini.session.use-trans-sid Use this to redirect: $Destination = 'http://' . $Domain . $Path . '?' . SID; //SID is a constant defined after session_start, see http://www.php.net/manual/en/session.idpassing.php
Best way to avoid having to put session_start() on all your pages and to avoid accidental errors like "Cannot start session, session already start in". Is include like include 'init.php'; PHP: . Have all pages linked with that where you will have all your configurations. and put into init.php if ( session_id() == '' ) { session_start(); } PHP:
Or just include session_start() on all main pages because session_start() also keeps the session active....