I'm currently working on a website using Angular 2 and a PHP REST API backend. As soon as I started working with session data, I've found out it's creating a new separate session file after every request from the site, which does not happen when using POSTMAN to call my API.
Following is my index.php
<?php
session_start();
error_reporting(E_ALL); ini_set('display_errors', true);
if (!is_writable(session_save_path()) ) {
echo 'Session save path "'.session_save_path().'" is not writable!';
}
require '../vendor/autoload.php';
$settings = require __DIR__ . '/../src/settings.php';
$app = new \Slim\App($settings);
// Register dependencies
require __DIR__ . '/../src/dependencies.php';
// Register routes
require __DIR__ . '/../src/routes/routes.php';
$app->run();
exit();
?>
For example after hitting login 6 times I get stuff like this in the xampp/tmp folder:
sess_9tehhc94n54ra6rpq2j55b0b70
sess_84u3blees7ue2la3nckn97f4h5
sess_au79phq7k1umjbeambia4smjf4
sess_bm5658c44n0d0s452tm9g7mij6
sess_eac14a6sths5ars0eltc3g13e4
sess_m3mk9ms4f2j12jqh4hvh8gsch1
However, if I call my REST API using POSTMAN, it will create and use only one session file as intended.
I have two virtual hosts setup on Apache using the hosts file as follows:
127.0.0.1 api.stuff.dev
127.0.0.1 application.stuff.dev
PHP Version 7.0.8
PHP.ini (Session-related things only)
session.save_handler=files
session.save_path="C:\xampp\tmp"
session.use_strict_mode=0
session.use_cookies=1
session.use_only_cookies=1
session.name=PHPSESSID
session.auto_start=0
session.cookie_path=/
session.cookie_domain=
session.cookie_httponly=
session.serialize_handler=php
session.gc_probability=1
session.gc_divisor=1000
session.gc_maxlifetime=1440
session.referer_check=
session.entropy_length=0
session.cache_limiter=nocache
session.cache_expire=180
session.use_trans_sid=0
session.hash_function=0
session.hash_bits_per_character=5
httpd-vhosts.conf
<VirtualHost *:80>
ServerAdmin admin@localhost.com
DocumentRoot "E:\applications\stuff"
ServerName application.stuff.dev
ServerAlias application.stuff.dev
<Directory "E:\applications\stuff">
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerAdmin admin@localhost.com
DocumentRoot "E:\applications\API REST"
ServerName api.stuff.dev
ServerAlias api.stuff.dev
<Directory "E:\applications\API REST">
AllowOverride All
Require all granted
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
Header always set Access-Control-Max-Age "1000"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
</Directory>
</VirtualHost>
Check if your browser accepts cookies.
PHP stores your Session ID using cookies.