Session cookie not being set

3
votes

can't get php's $_SESSION to work on my local machine

it's working just fine on a live server but it's not working on a local machine

i have tried with apache and php on windows, apache and php on mac and apache and php on debian, none of them work ( my live server is also running debian 9, the same one i tried locally )

in firefox' developer tools > network > headers i can see that php is sending the set-cookie but for some reason it's not being set ( no cookies in storage > cookies, and my script isn't working as it should when cookie is set )

i'm not using ssl/https and i have set "session.cookie_secure = 0 and off" but for some reason this is what the set-cookie header looks like: "Set-Cookie: PHPSESSID=XXXXX;path=/;HttpOnly;Secure", i don't think php should be setting the Secure flag since i explicitly disabled it in php.ini?

and yes, every file that uses session functionality has a session_start() in it

there are no apache/php errors whatsoever, i even have xdebug enabled

tested using localhost, 127.0.0.1, 10.0.0.10 ( my lan ip ), and custom hostname, none work

i'm out of ideas, tried everything i could think of

works on a live debian 9 server with php 7.2 and default configuration

doesn't work on a local debian 9 server with php 7.2 and default configuration

doesn't work on windows with the same apache/php versions

doesn't work on mac with apache 2.4 and php 7.3, not even with session.cookie_secure=0 set

checked for both apache and php errors, there are none

used firefox' developer tools to see headers/cookies

checked my code and made sure it has session_start() and everything else is correct

i even tried manually setting the cookie with the secure flag set to false and again "Secure" is being set in Set-Cookie header, this was the code: 

setcookie("PHPSESSID", "7nhqdim7uu2viae7vhhf9os5ue", 0, "/", "", false, false);

and here is the code i use for testing: 

<?php
session_start();

var_dump($_SESSION);

if(isset($_POST['submit']))
{
  $_SESSION['value'] = $_POST['example'];
  header('Location: /session.php'); // session.php is this file
}

if(isset($_SESSION['value']) && $_SESSION['value'] == 'example')
{
  echo "value is " . $_SESSION['value'] . '<br>';
}
?>
<form method="post">
  <input type="text" name="example" value="example">
  <input type="submit" name="submit" value="submit">
</form>
1
phpsessioncookies
After first if block do var_dump($_SESSION['value']); and tell us what you got?Anant Kumar Singh
i'm getting Notice: Undefined index: value. PHPSESSID cookie is what ties the user with the session, and it's not being set.Fakku
var_dump'd the whole $_SESSION, it's returning array (size=0) emptyFakku

1 Answers

1
votes

Session cookie requires a second-level domain, you cannot set a cookie for a top-level domain (TLD) such as a com because that would be a security issue. Meaning any site with a .com would allow that cookie and that would not be a good thing. Setting a cookie for localhost is like setting a cookie for a com or net or org

To get it to work you will need to set your cookie for something like localhost.com for example:

session_set_cookie_params(0, '/', 'localhost.com');

Add an entry to your hosts file:

127.0.0.1   localhost.com

On MacOS:

sudo vi /private/etc/hosts

On Windows edit this file:

C:\Windows\System32\Drivers\etc\hosts

On Linux:

sudo vi /etc/hosts

Finally run your app on localhost.com, for example (without Apache):

php -S localhost.com -t

And then open in the browser also using .com:

http://localhost.com/yourapp

Hope this helps.