php - session lost after redirect header location in safari and edge (only from webmail)

View Original

one text

Solution:

After some hours struggeling i found the solution.

The Problem of losing the session after redirect with header location,
The new "samesite" attribute from PHP 7.3.
If this is Strict, you will lose the session after header( 'Location: /foo' , true, 302);
use Lax and fine..

At this moment i dont know why this just happens from webmail and only on safari and edge..

the session_starts at the top of the scripts:

$sessionSet = array(
    'path' => '/',
    'domain' => $_SERVER[ 'HTTP_HOST' ],
    'secure' => TRUE,
    'httponly' => TRUE,
    'samesite' => 'Lax',    //  Strict will lose the session for some reason in some case..
    'lifetime' => 18000
);
ini_set( 'session.save_path', '/dir/to/sessions' );
ini_set( 'session.cookie_lifetime', $sessionSet[ 'lifetime' ] );
ini_set( 'session.gc_maxlifetime', $sessionSet[ 'lifetime' ] );
ini_set( 'session.gc_probability', 1 );
ini_set( 'session.gc_divisor', 3 );
ini_set( 'session.cookie_samesite', $sessionSet[ 'samesite' ] );
session_set_cookie_params( $sessionSet );
session_start();

Source
© 2021
E-mail: contact@webdevask.com
Back to top