I created a simple session class that handles sessions. However I am encountering big problems with the session_id.
small note: it happens to go just well for a couple of weeks. and all of a sudden it stops working
What's the case :
http://domain1.com/framework/start/
Has the following Session ID: svplf2tln1j05n75jbokcmhfo3
http://domain1.com/framework/login/
Has the following Session ID: njlqg0jomo00r560bp6k0pje55
This is strange.
But important to know my settings:
///######## IF A SESSION COOKIE SHOULD BE SET
if(self::$setsessioncookie === true){
///######## SETTINGS ARRAY
$SessionSettings = array(
'session.cookie_lifetime' => self::$limit, /// **** LIFETIME OF THE SESSION COOKIE (in seconds)
///'session.cookie_path' => self::$path, /// **** THE DOMAIN FOR WHERE THE COOKIE WILL WORK. (single / for all paths on the domain.)
'session.cookie_domain' => self::$domain, /// **** DEFINE THE DOMAIN NAME
'session.cookie_secure' => self::$secure, /// **** ONLY BY SECURE CONNECTIONS
'session.cookie_httponly' => self::$httponly /// **** INDICATE THAT THE SESSION COOKIE IS AVAILABLE THROUGH HTTP PROTOCOLS ONLY (not by Javascript)
);
///########==================================================
///######## SET THE SESSION COOKIE PARAMETERS
///########==================================================
///######## RUN THROUGH ALL SETTINGS
foreach($SessionSettings as $Option => $Setting){
///######## IF THE OPTION IS NOT EMPTY
if($Setting !== NULL){
///######## SET THE SETTING
ini_set($Option, $Setting);
}
}
As you see I commented out :
'session.cookie_path' => self::$path
So it should not be limited to one path only. But the problem still occurs.
Before doing this I set a session cookie:
///########==================================================
///######## STORING THE SESSION ID IN A COOKIE
///########==================================================
setcookie(
self::$SessionName, /// **** SET THE COOKIE NAME
session_id(), /// **** SET THE COOKIE CONTENTS
(time() + self::$limit) /// **** MAX DURATION OF THE COOKIE LIFETIME
);
///########==================================================
Or should I do this before setting the ini_set??
Small update: I have the FireFox webdeveloper extension installed and when I click: "Delete path cookies" the system logs out and allows me to login properly.
This could indicate that the path has been set? But I have commented this one out???
Maybe I should set the path but specify the depth?? for example ini_set('session.cookie_path', 'http://domain1.com/*')?