Gavin Perkins Gavin Perkins - 4 years ago 146
PHP Question

PHP Session Variable Not Working After Page Redirect

I know this question has been asked several times, but none of the other SO posts seem to have any answers that can help me.

I have been having issues with a site that I am building and I have not been able to save session variables. I finally decided to just put up two simple php called getsession.php and another called setsession.php. The files are barebones, and look like the following:


$_SESSION['loggedinusername'] = "SomeName";
header('Location: getsession.php');


echo "The Set Variable is: ".$_SESSION['loggedinusername'];

As you can see, setsession.php just sets a session variable, and then redirects to getsession.php and attempts to retreive the value.

Unfortunately, All session variables are lost after redirect. The output I get is

Notice: Undefined index: loggedinusername in
C:\inetpub\wwwroot\MyTest\getsession.php on line 3 The Set Variable

I am using IIS and PHP 7.0. I have checked the log, and the above error message is the only thing that appears there. Also, my PHP.INI File has the following settings under sessions:

session.save_handler = files
session.use_strict_mode = 0
session.use_cookies = 1
session.cookie_secure = 1
session.use_only_cookies = 1 = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly = 1
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor = 1000
session.gc_maxlifetime = 720
session.referer_check =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.hash_function = 0
session.hash_bits_per_character = 5


Answer Source

As I understand you are testing on your local PC and unlikely to have SSL set up. And you have session.cookie_secure enabled.

session.cookie_secure boolean

session.cookie_secure specifies whether cookies should only be sent over secure connections. Defaults to off.

If you're using HTTP, your browser will receive cookies from the server but it will never send them back on an unsecured (non-HTTPS) connection. That's why you don't have a session.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download