0

I have set up an Oracle Linux server with Apache httpd and PHP 8.3.12 (running as PHP-FPM). However, the $_SESSION["user"] variable returns null after a page redirection.

The PHP application was previously running successfully on an older CentOS server as well as using XAMPP under Windows desktop environments.

This problem causes my application not able to login users in.

Does anyone know how I can resolve this issue of losing session data after redirection when using PHP-FPM on Oracle Linux?

The session path is set to 0;777; in the /etc/php-fpm.d/www.conf file:

php_value[session.save_path] = "0;777;/var/lib/php/session"

Some things I have checked:

  • The session save path and permissions are correct
  • session.save_handler is set to "files"
  • Restarting PHP-FPM and httpd did not fix the problem.
  • I deleted all the files in the session.save_path, and upon logging into the application, new session files were generated in the session.save_path.

Any suggestions on how to troubleshoot this further would be appreciated.

Improve this question
12
  • Redirection from where to where? Did you, for example, go from https://example-a.com/login.php to https://example-b.com/loggedin.php? Can you add the redirection code in your question? Commented Oct 8, 2024 at 13:33
  • The redirection is from http://example.com/login to http://example.com/ after authentication checking. Commented Oct 8, 2024 at 13:36
  • 1
    Did you check error_log ?? Commented Oct 8, 2024 at 13:37
  • 1
    You're implying this is a sessions problem during redirection. Did you check that the problem doesn't exist when you do not redirect? In other words, the session works fine without the redirect? It's always a good idea, if you have two things that could cause a problem, to test them individually. Commented Oct 8, 2024 at 13:38
  • 1
    Side note: Logging in over an unsecured protocol doesn't sound very secure. Commented Oct 8, 2024 at 13:42

1 Answer 1

Reset to default
0

The problem was finally resolved by installing the SSL certificate and accessing the website via HTTPS.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

It's nice to know what solved the problem, but we still don't know the cause. Is session.cookie_secure set to true? Note that a good answer also explains why your problem happened.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.