Reputation: 454
PHP session breaks after clicking link to new page that includes config
When $_SESSION is set, under simple pages things work fine, but any page that includes inc/config.php will instantly break that session and return back to an empty array. Accessing the page by manually typing the URL in does NOT break this session, this only happens when clicking a link to that page (ie: <a href="some-page.php">Link</a>).
So for instance, if I'm logged in and am on the Homepage (index.php), which does not have the config included, everything will work fine. But if I click a link in the navbar to about.php which does include the config, my session will be broken and I need to login again.
I have spent hours trying to figure this out, so any help would be greatly appreciated. There are no errors or warnings.
PHP Version: PHP 5.5.9 (php5-fpm for nginx)
Session Generation
/* Start PHP session if none exists */
if (session_status() === PHP_SESSION_NONE) {
session_start();
/* 1/5 chance to regenerate ID */
if (mt_rand(0, 4) === 0) {
session_regenerate_id(true);
}
}
Session are generated using the following code above on any page that requires it. (ie: inc/navigation.php which uses the session to change login/logout links.)
inc/config.php
<?php
/* Global Salts/Keys; Created with: https://api.wordpress.org/secret-key/1.1/salt/ */
define('AUTH_KEY', 't!tsg&n;>=C&!?rM[N=rIXGRc)$7+.yh{1x-W2#/ fZJZ(0647q&/G6ZIO,S}v(x');
define('SECURE_AUTH_KEY', 'm=b&8Xm!i:F3&U.{ajs}]5z10DjH_GV[w|6L=Rlwkosr4O:owE!`VS*-8ro%!3 2');
define('LOGGED_IN_KEY', '-krqegOl:}|C;~&r](wA4aB*t)XZ ow*luwt:s(VVR&xAy{Hh*|d`X;`- i*}%+6');
define('NONCE_KEY', 'svR1:eGpNZ6>^g~-L@ 5K<8KqF3SW(R#OWwI^rL9ll)U3,63Q|{-%de&cUedX47Z');
define('AUTH_SALT', '+A!Aj7 Yk|8NWF-+7d,r7tB6+K(obe4AJd-=LGB6#H:} AQI+NQF|w53Eb5#.>Jo');
define('SECURE_AUTH_SALT', 'hiF_Vd;~XC-UU24c1(s&Q/:XXKTx$8W+Tv%Ed+ =CqS+_K@lW|DwRyk-wC(g5%%p');
define('LOGGED_IN_SALT', 'q}{W~6(nOfJ(-diA>>K9gkpBq>H4D>d1FTWh|e)NxZe5Xp0H4+n.$*(l&l!G_9cY');
define('NONCE_SALT', ',.heuv{eZ) %+DwwmG,9RNybXNAo`FfAi:gR&0<#>-!7NA=)y)-_!qV$2C5R>rJo');
/* MySQL Database Settings */
define('SQL_TYPE', 'mysql');
define('SQL_HOST', 'localhost');
define('SQL_PORT', '3306');
define('SQL_DB', 'database');
define('SQL_USER', 'username');
define('SQL_PASSWD', 'password');
/* Hashing Algorithm; See: http://php.net/manual/en/function.hash.php */
define('HASH_FUNC', 'sha512');
?>
inc/navigation.php (example)
<?php
/* Start PHP session if none exists */
if (session_status() === PHP_SESSION_NONE) {
session_start();
/* 1/5 chance to regerate ID */
if (mt_rand(0, 4) === 0) {
session_regenerate_id(true);
}
}
?>
<div class="navbar navbar-default navbar-fixed-top">
<div class="container">
.
.
.
<div class="navbar-collapse collapse navbar-inverse-collapse">
<ul class="nav navbar-nav">
<li><a href="/">Home</a></li>
<li><a href="/about.php">About</a></li>
</ul>
<ul class="nav navbar-nav navbar-right">
<li class="dropdown">
<a href="javascript:void(0);" class="dropdown-toggle" data-toggle="dropdown">Welcome, <?php echo isset($_SESSION['user']) ? $_SESSION['user']['first_name'] : 'Guest'; ?> <b class="caret"></b></a>
<ul class="dropdown-menu">
<?php if (isset($_SESSION['user'])) : ?>
<li><a href="/user.php">User Panel</a></li>
<?php if ($_SESSION['user']['level'] == 255) : ?>
<li><a href="/admin.php">Admin Panel</a></li>
<?php endif; ?>
<li class="divider"></li>
<li><a href="/logout.php">Logout</a></li>
<?php else : ?>
<li><a href="javascript:void(0);" data-toggle="modal" data-target="#loginModal">Login</a></li>
<li><a href="javascript:void(0);" data-toggle="modal" data-target="#registerModal">Register</a></li>
<?php endif; ?>
</ul>
</li>
</ul>
</div>
</div>
</div>
about.php (example)
<?php
/* Load configuration */
require_once 'inc/config.php'; //This breaks the session
?>
<!DOCTYPE html>
<!--[if lt IE 7]><html class="no-js lt-ie9 lt-ie8 lt-ie7" lang="en"><![endif]-->
<!--[if IE 7]><html class="no-js lt-ie9 lt-ie8" lang="en"><![endif]-->
<!--[if IE 8]><html class="no-js lt-ie9" lang="en"><![endif]-->
<!--[if gt IE 8]><!--><html class="no-js" lang="en"><!--<![endif]-->
<head>
<?php include 'inc/meta.php'; ?>
<title>About :: CSU Clicker</title>
<?php include 'inc/header.php'; ?>
</head>
<body>
<?php include 'inc/navigation.php'; ?>
<div class="container">
<div class="row clearfix">
<div class="col-xs-12 text-center">
<h1>Coming soon!</h1>
</div>
</div>
<?php include 'inc/login-register.php'; ?>
</div>
<?php include 'inc/footer.php'; ?>
<?php include 'inc/notice.php'; ?>
<?php include 'inc/error.php'; ?>
</body>
</html>
index.php is the same as this, except there is no PHP block at the top.
php.ini
For the sake of not ruining this page, here's a link to my php.ini just in case you might need it: http://pastebin.com/gXELsEcu
Upvotes: 1
Views: 929
Answers (1)
Reputation: 454
The problem was within my php.ini file. Having session.referer_check set to 1 caused the session to become invalid for some reason, so I left that option blank (which is what it was set to by default).
I have no idea why this would cause an issue, but it works.
Upvotes: 1
Related Questions
- Sessions don't work. How to debug a php session?
- Cannot display HTML string
- How do I expire a PHP session after 30 minutes?
- JS Toggle not being reflected when I dynamically load in HTML using PHP
- How to trigger a phone call when clicking a link in a web page on mobile phone
- JQuery with php showing div element
- Custom Navbar-toggle (from dropdown to slide from the left)