PHP changes session ID on each request

Question

This morning my local php starts behaving strangely: the session ID changes on each request (making sessions unusable).

The code:

<?php
session_start();

The same page is available through "localhost" and "test" which is a /etc/hosts entry for localhost.

Requesting this same file on "localhost": the PHPSESSID cookie stays the same; on "test" it changes on every request.

Absolutely nothing changed in my code (no BOM or buggy code) or in Apache's config. I may have updated PHP (5.4.4), but reverting to the previous version (5.4.1) showed the same behavior. The same code running on a remote server (php 5.3) has been running ok for ages.

It's probably a bug in PHP :( but before reporting, I want to be sure I didn't overlook anything.

Any idea?

---

Thanks for your amazingly fast answer.

In fact the browser works fine, everything is working fine, even PHP.

I just forgot I added a .htaccess clearing all cookies to upload to a CDN. The only thing I didn't check was the .htaccess.

I feel stupid (and tired).

Thanks again.

Answer 1

Install some software watching HTTP headers like

• Live HTTP Headers Firefox addon https://addons.mozilla.org/en-us/firefox/addon/live-http-headers/

• WireShark sniffer http://www.wireshark.org/

  and check whether

  1. Server sends the cookies as it should
  2. Browser sends them back.

Probably the Cookie header contains settings which make Browser not to send it back, and therefore server generates a new cookie (new session) for every request. Especially check the path setting of the cookie you send.

Also, it might be some new policy in browser, or a security plugin, or maybe antivirus... try different browser, or bare curl program, and disable web shield of your antivirus if applicable.