PHP Session ID changes on every page request

Discussion in 'PHP' started by FutureKing, Aug 30, 2015.

0
  1. #1
    See this: http://epaper.multinewsmedia.com/session.php

    This page displays a Session ID. But if you refresh the page it changes. I do not understand why is this happening. Because of this problem I am not able to login to my another script on the same subdomain.

    The same script does not changes the session Id if it is placed on the root of website http://multinewsmedia.com/session.php

    Please help.

    EDIT: Here is the code:

    <?php

    session_start();

    if(isset($_POST["action"])){if($_POST["action"]=="Set Session Variable"){
    $_SESSION["set"]="Congrats! Session variable is set";
    header("Location: session.php");}elseif($_POST["action"]=="Remove Session Variable"){
    session_destroy();
    header("Location: session.php");}}
    echo "Session ID: ".session_id();
    echo "<br />";?>

    <?php if(isset($_SESSION["set"])){?><strong><?php echo $_SESSION["set"]?></strong><?php }else{?>
    Session variable is NOT set.
    <?php }?>

    <formmethod="post"><inputtype="submit"name="action"value="Set Session Variable"/><inputtype="submit"name="action"value="Remove Session Variable"/></form>
     
    FutureKing, Aug 30, 2015 IP
  2. PoPSiCLe

    PoPSiCLe Illustrious Member

    Messages:
    4,623
    Likes Received:
    725
    Best Answers:
    152
    Trophy Points:
    470
    #2
    Tested the code on my localhost now, it works as expected. Something on your server is tripping up.
     
    PoPSiCLe, Aug 30, 2015 IP
  3. ThePHPMaster

    ThePHPMaster Well-Known Member

    Messages:
    737
    Likes Received:
    52
    Best Answers:
    33
    Trophy Points:
    150
    #3
    Add:

    
// Add after this:
session_start();
if (isset($_GET['d'])) {
    echo '<pre>';
    print_r($_POST);
    print_r($_SESSION);
    echo '</pre>';
}
    PHP:
    To the page.
     
    ThePHPMaster, Aug 30, 2015 IP
  4. deathshadow

    deathshadow Acclaimed Member

    Messages:
    9,732
    Likes Received:
    1,999
    Best Answers:
    253
    Trophy Points:
    515
    #4
    1) You say that like it's a bad thing.

    No joke, most people using sessions INTENTIONALLY use session_regenerate_id right after every session_start to force a new ID -- this is done so as to reduce the odds of a "man in the middle" attack by narrowing the window in which that session cookie is valid.

    2) some more whitespace and formatting of your code (even assuming the forums gutted it) would REALLY help better understand what the blazes you are doing.

    3) same goes for the willy-nilly opening and closing of PHP.

    4) REALLY not sure why you're screwing around reloading the page with the header nonsense.

    5) Note that session data would remain set until end of execution until AFTER a reload with session_destroy as the associated global var $_SESSION is uneffected by it. (hmm, is that why you're playing with that header nonsense?)
     
    deathshadow, Aug 30, 2015 IP
    KangBroke likes this.
  5. FutureKing

    FutureKing Well-Known Member

    Messages:
    194
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    125
    Digital Goods:
    4
    #5
    See this url: http://test.multinewsmedia.com/session.php

    It has only two lines of code.
    <?php
    session_start();
    echo "Session ID: ".session_id();

    Everytime you refresh the page, it will generate a new ID. This is the problem. I don't know how to fix it. Hosting is from bluehost.
     
    Last edited: Aug 31, 2015
    FutureKing, Aug 31, 2015 IP