Reputation: 51
PHP session cookie deleted on phone restart but not PC restart
I have a PHP application where the PHP session cookie is set to expire after 30 days. This works fine on a PC and it survives a PC restart, but recently my users have started complaining that they have to login again after restarting their phones. Any ideas?
I tried changing the IP address on my PC to see if that was the problem with the phone restarting, but it made no difference.
Upvotes: 1
Views: 45
Answers (1)
Reputation: 51
I've solved the problem. It turned out that the problem people were reporting was that they were being asked to log in again when going to the site, even though they had previously been logged in.
I had forgotten that I had recently set the session cookie's SameSite attribute to "Strict" and so if users were going to the site from another, different, site to the one they had used previously, the cookie wouldn't be valid. Changing it back to "Lax" confirmed that this was the cause.
Upvotes: 0
Related Questions
- How do I expire a PHP session after 30 minutes?
- Session timeouts in PHP: best practices
- PHP array delete by value (not key)
- PHP session without cookies
- php setcookie, not expiring on browser restart
- php session cookie doen't start on localhost but working online
- How to safely change the session cookie DOMAIN or name in production?
- safari/opera session cookie deleted prematurely
- How to change session cookie domain for existing users
- change session id after logout in php