SESSION created but theres no PHPSESSID in $

I'm experiencing some weird problems with SESSION variables on my PHP/Ajax online shopping cart.

When I first view the page, the SESSION is created and works within the page. Then when I navigate to another PHP page within the same directory the SESSION is completely lost. What's weird is that this only happens once . Once the user goes through this process of completely losing their SESSION upon changing page, the SESSION works in full across the entire cart.

I started mailing myself var_exports of both $_SESSION and $_SERVER data on each page view. It seems that when a page is first viewed, the SESSION exists and contains data. However there is no PHPSESSID generated in the $_SERVER['HTTP_COOKIE'] variable. On navigating to another page, the PHPSESSID gets created and the SESSION will start working, but the initial SESSION data of the first page view is lost.

Is there a way to generate a PHPSESSID if one has not yet been generated for the SESSION? Or is this typical behaviour and is irrelevant to my random SESSION loss problem? I'm using PHP 5.2.

Every page in the cart starts the exact same way:

$title="Title";
$keywords="keywords";
$description="description";
@include('../header_cart.php');

And then at the top of header_cart.php there is:

session_start();
if(!isset($_SESSION['active'])){
    $_SESSION['active']=$_SERVER['REMOTE_ADDR'];
}

Have you checked that there is no output before your call to session_start()? (Not even a white-space character!).

HTTP headers cannot be sent after any output has been flushed so that could be causing the attempt to tell the client the initial session cookie to fail.


Are you switching between http: and https: ? They are sometimes treated as two separate domains, and a key may not be shared between them.


Turns out it was recognizing mydomain.com and www.mydomain.com as separate sessions and was storing 2 cookies with 2 different PHPSESSIDs.

I added this to my .htaccess file to always redirect mydomain.com/shop to www.mydomain.com/shop for both http and https.

RewriteEngine On

#force http://www. to make sure SESSION data is always the same
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^www.
RewriteCond %{REQUEST_URI} shop
RewriteRule ^(.*)$ http://www.mydomain.com/shop/$1 [R,L]

#force https://www. to make sure SESSION data is always the same
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^www.
RewriteCond %{REQUEST_URI} shop
RewriteRule ^(.*)$ https://www.mydomain.com/shop/$1 [R,L]
链接地址: http://www.djcxy.com/p/10336.html

上一篇: 在C#中的视频文件上传控制

下一篇: SESSION创建,但是在$中没有PHPSESSID