Sessions are going crazy. Only Mozilla is able to process

Question

PROBLEM

---

I've got an admin panel. Currently only Mozilla is able to process log ins. Browsers like Chrome, IE, Opera won't even show any message carried through sessions thus no one is able to log in any browser but Mozilla.

SOME INFORMATION

---

• I'm using PHP 5.3.6 on my server, PHP 5.3.5 on my local computer.
• My code is Object Oriented.
• ini_set("session.use_only_cookies", 1); and ini_set('session.cookie_secure', 1); are used in construction method of my session class.
• This website on SLL

Login process: First I gather all information from form, validate and gather data. After validation if everything is right, I send this data to login method in my session class.

public function login ($user) {
        global $siteSettings;
        if ($user) {            
            $this->id          = $_SESSION['id']          = $user->id;
            $this->username    = $_SESSION['username']    = $user->username;
            $this->fullName   = $_SESSION['fullName']   = $user->fullName;
            $this->group_id    = $_SESSION['group_id']    = $user->group_id;
            $this->groupName    = $_SESSION['groupName']      = $user->groupName;
            $this->lastLogin   = $_SESSION['lastLogin']   = $user->lastLogin;
            $this->isAdmin   = $_SESSION['isAdmin']   = ($user->admin == 1) ? true : false;
            $this->isAgent   = $_SESSION['isAgent']   = ($user->agent == 1) ? true : false;
            self::$language   = $_SESSION['language'] = ($user->language != "" || $user->language != NULL) ? $user->language : self::$language;
            if ($user->language != "" || $user->language != NULL) {
                $_SESSION['language'] = $user->language;
            }else {
                if (!defined(DEFAULT_LANGUAGE)) {
                    $browserLang = "|".$_SERVER["HTTP_ACCEPT_LANGUAGE"];
                    $browserLang = getStringBetween($browserLang, "|","-", FALSE);
                    if (!file_exists(LANGUAGES.$browserLang.".php")) $browserLang = FALSE;
                }
                $_SESSION['language'] = ($browserLang) ? $browserLang : DEFAULT_LANGUAGE;
            }


            # When 2 Update session_id
            $date = new DateTime("now");
            $UpdateTime = $siteSettings->session->timeOut * 60;
            $date->add(new DateInterval("PT".$UpdateTime."S"));

            $_SESSION['SIDUpdateTime'] = $date->format("Y-m-d G:i:s");

            # UPDATE LAST LOGIN & ADD SESSION ID
            # Clear Fields
            members::clearFields();
            members::$fields['id'] = $_SESSION['id'];
            members::$fields['lastLogin'] = date("Y.m.d G:i:s");
            members::$fields['lastLoginIP'] = $_SERVER['REMOTE_ADDR'];
            # GET THE SALT
            $saltInfo = members::getData("id", "salt", members::$fields['id']);

            # SETTING SESSION ID ENCRYPTION
            crypt::setKey($saltInfo->salt);
            members::$fields['sessionID'] = crypt::encode(session_id());
            members::$fields['sessionIP'] = $_SERVER['REMOTE_ADDR'];
            members::$fields['sessionAgent'] = $_SERVER['HTTP_USER_AGENT'];
            members::save();

            $this->loggedIn = true;
            var_dump($_SESSION);
        }
    }

When I dumb the data I can see $_SESSION got some values.

Just to test it, I stopped the script where after var_dump($_SESSION); (added die();) I created test.php file and tried this;

<?php
ob_start();
session_start();

echo '<pre>';
var_dump($_SESSION);
echo '<pre>';

ob_end_flush();
?>

Output is array(0) {}

But when I try exactly the same thing with Mozilla, output of test.php is the way it should be (matching with login method's result in my session class).

• I have tried from my local computer and I don't experience the same problem.
• I disabled all java script and jquery codes from the page just to have no 'maybe' in my mind.
• After dumping the data, script is stopped. That's why $_SESSION variable shouldn't change. For some reason when it is on the server only Mozilla is able to show expected result while other browsers shows NULL.

---

At this point I really don't know what to think of about this problem to try to solve it. All I can think of is, this problem is possibly related to server configuration. But then, PHP is server side programming. PHP shouldn't display different behavior for browsers like Jquery, CSS, HTML...

I'm sorry, I can't provide admin panel link. Considering this is an active admin panel. If necessary I could install it on another domain to let you try but I believe the information I gave above explains everything.

Thank you for your help in advance.

Answer 1

It turns out Mozilla FireFox is able to process some data but other browsers I tried with are not and therefore they reset the whole session with each page load.

I had no problem with my local computer but on the server I had sessions problem. I don't know why session_set_cookie_params(); and setcookie(); didn't work on the server so I had to code longer version;

private static function sessionLifeTime() {
global $siteSettings;
# HOW LONG WE WANT SESSIONS
$lifeTime = intval($siteSettings->session->timeOut) * 60;

if (isset($_SESSION['id']) && isset($_SESSION['lastActivity']) && (time() - $_SESSION['lastActivity'] > $lifeTime) ) {
// SEND INFORMATION TO USER
self::logout();
}
$_SESSION['lastActivity'] = time();
}

Replacing my method with the code above solved the problem.

Thank you all for your time, concern and interest.

Answer 2

I had a similar problem... just enable the cookies.. so that after login the code to set the sessions will be executed and the sessions will be set. may be the sessions r not able to set...

also check this http://php.net/manual/en/function.session-cache-limiter.php

Answer 3

If something large doesn't work, trim it down, test & debug, and build up from there.

Does this work? (Run it twice).

<?php

session_start();

echo "Session ID: " . session_id() . "<br/>\n";

if (!isset($_SESSION['test']))
{
    $_SESSION['test'] = "foobar";
    echo "Setting session variable: ";
    echo $_SESSION['test'];
}
else
{
    echo "Restoring session variable: ";
    echo $_SESSION['test'];
}

If this works in all browsers, it's got something to do with your code. An empty session might have something to do with a cookie that can't be written, for example. Also set error reporting to E_ALL | E_STRICT, so you'll see everything that goes wrong.