can't get php's $_SESSION to work on my local machine Show it's working just fine on a live server but it's not working on a local machine i have tried with apache and php on windows, apache and php on mac and apache and php on debian, none of them work ( my live server is also running debian 9, the same one i tried locally ) in firefox' developer tools > network > headers i can see that php is sending the set-cookie but for some reason it's not being set ( no cookies in storage > cookies, and my script isn't working as it should when cookie is set ) i'm not using ssl/https and i have set "session.cookie_secure = 0 and off" but for some reason this is what the set-cookie header looks like: "Set-Cookie: PHPSESSID=XXXXX;path=/;HttpOnly;Secure", i don't think php should be setting the Secure flag since i explicitly disabled it in php.ini? and yes, every file that uses session functionality has a session_start() in it there are no apache/php errors whatsoever, i even have xdebug enabled tested using localhost, 127.0.0.1, 10.0.0.10 ( my lan ip ), and custom hostname, none work i'm out of ideas, tried everything i could think of works on a live debian 9 server with php 7.2 and default configuration doesn't work on a local debian 9 server with php 7.2 and default configuration doesn't work on windows with the same apache/php versions doesn't work on mac with apache 2.4 and php 7.3, not even with session.cookie_secure=0 set checked for both apache and php errors, there are none used firefox' developer tools to see headers/cookies checked my code and made sure it has session_start() and everything else is correct i even tried manually setting the cookie with the secure flag set to false and again "Secure" is being set in Set-Cookie header, this was the code:
and here is the code i use for testing: (PHP 4, PHP 5, PHP 7, PHP 8) session_set_cookie_params — Set the session cookie parameters Descriptionsession_set_cookie_params( session_set_cookie_params(array This function updates the runtime ini values of the corresponding PHP ini configuration keys which can be retrieved with the ini_get(). Parameterslifetime_or_options When using the first signature, lifetime of the session cookie, defined in seconds. When using the second signature, an associative array which may have any of the keys path Path on the domain where the cookie will work. Use a single slash ('/') for all paths on the domain. domain Cookie domain, for example 'www.php.net'. To make cookies visible on all subdomains then the domain must be prefixed with a dot like '.php.net'. secure If httponly If set to Return Values Returns Changelog
See Also
final dot wharf at gmail dot com ¶ 11 years ago
frank at frankforte dot ca ¶ 2 years ago
= true; // if you only want to receive the cookie over HTTPS Danack dot Ackroyd at gmail dot com ¶ 11 years ago
passerbyxp at gmail dot com ¶ 10 years ago
werner dot avenant at gmail dot com ¶ 10 years ago
shrockc at inhsNO dot SPAMorg ¶ 20 years ago
Miki ¶ 12 years ago
Anonymous ¶ 14 years ago
dan at vespernet dot co dot uk ¶ 14 years ago
jordi at jcanals dot net ¶ 17 years ago
jan at dewal dot net ¶ 12 years ago
session_set_cookie_params('600'); // 10 minutes. eion at robbmob dot com ¶ 1 year ago
Ashus ¶ 13 years ago
php at mike2k dot com ¶ 21 years ago
brandan, bildungsroman.org ¶ 14 years ago
William Leslie ¶ 14 years ago
gavin_spam at skypaint dot com ¶ 20 years ago
eddie at roosenmaallen dot com ¶ 14 years ago
info at xyzsite dot ru ¶ 14 years ago
RC ¶ 14 years ago
Does Session_start set cookie?session_start() writes the PHPSESSID cookie, which is the session identifier. You don't need to (nor should) set the PHPSESSID cookie with setcookie().
Do PHP sessions use cookies?Yes. PHP sessions rely on a cookie containing a session key. Your session data are stored only on your server, but a unique ID is assigned to each session and that ID gets saved in a cookie.
Can PHP session work without cookies?You can also login without Cookies only by Session Id and Time, but you have to write them both in your Database direct after Successful Login. I have in index. php something like this that will always generate a new session id based on time and the old session id if conditions are not verified.
Which is better session or cookie in PHP?Both of them accomplish much the same thing. The main difference between cookies and sessions is that information stored in a cookie is stored on the visitor's browser, and information stored in a session is not—it is stored at the web server. This difference determines what each is best suited for.
|