PHP sessions issue

Discussion in 'Installation/Configuration' started by markosjal, Feb 27, 2019.

  1. markosjal

    markosjal New Member

    I have a local server that I run ubuntu 16.04 with PHP 7

    I have a server in a data center running ubuntu 16.04 with PHP 7 and ISPConfig 3.1.13

    I developed a script using the local machine but when installed to the ISPConfig server (on a subdomain ie: it looses sessions between page loads , even a refresh of same page. This problem does not exist on the local server which has no ISPConfig.

    I figure it is a setting somewhere in ISPConfig, but no idea what to change.

    I will also comment, that much of the security that I use, I also run on another domain on the same ISPConfig server . I tried to set the server settings the same and still no luck.

    EDIT I have now found that PHP sessions DO work if I go "incognito mode" in Chrome just as the work on running from LAN machine

    Last edited: Feb 28, 2019
  2. markosjal

    markosjal New Member

    ok, I have tested and testes and followed the suggestion here

    I have also read elsewhere that images in css that are not available can cause this issue , so i removed all CSS and the result is the same

    I can echo the sessionID at top and bottom of page and it remains consistent. NOTHING in the page is changing it. I then go to next page and find that there is a new sessionID meaning my variables like $_SESSION['expire'] are GONE .

    I can not possibly be the only one experiencing this issue in fact I have seen this:
    as well as MANY other posts all with similar issues, not just ISPConfig but once similar utilities are installed.
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    I have many ISPConfig servers and used them for more than 15 years and never had a session problem in a website, so you can rest assured that the issue is not ISPConfig here.

    The StackOverflow post means not much as you can find posts for all kind of non-existing or non-related issues for software when it is used as widely as ISPConfig and in the comments to the post you can find already the most likely reason, the poster accessed ispconfig, which uses php sessions too, over the same domain name that he used for a website. But ispconfig is normally not accessed over a web domain, it is accessed over the server hostname.

    You can test that easily, logout from ispconfig, close the browser, open it again and go to your website (and not to the ispconfig login), if your problem persists, then it is not ispconfig related. And as noted above, when you login to ISPConfig, then login trough the server hostname and not trough the domain name of the website that you host to avoid php session conflicts.
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    And you should try to use a custom session name and check your code that you don't set a wrong session cookie domain.
  5. markosjal

    markosjal New Member

    you say "...custom session name ..."


    "check your code that you don't set a wrong session cookie domain"

    Are you suggesting "custom session name" in code or ISPConfig as I believe it can be set in both I have already tried multiple php.ini overrides and confirmed they took effect with phpinfo. At one point I also tried in php code as well. Maybe I should try both?

    I currently have
    Custom php.ini settings:
    session.cookie_domain = "" =""
    I ONLY want the session valid on THIS subdomain !

    these settings Do show in php info when applied here

    As for setting cookie domain, my code does not set it it shows up in phpinfo as

    I might also add that ISPconfig has :

    yet I have no php 5 installed and that path does not exist that reference php5!
    Last edited: Feb 28, 2019
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Add something like:


    before the session_start() command inside you app.

    This does not matter. The session store is in the folder /var/www/clients/client8/web15/tmp
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    1) I won't use dots in session names, use a name like 'AIRSCANSESS' or similar.
    2) Then I would use "" as cookie domain and not "" as you probably don't have a third level.

    Finally, to start with all of this, remove your custom PHP config altogether, start the browser in private mode and see if the session works. if that#s the case, then add the first setting, wait until it is propagated, restart the browser and test again etc.
  8. markosjal

    markosjal New Member

    I set the parameters as you suggested, and it works. Did not know a '.' would give me issues.

    Is it possible to set the cookie domain in PHP code? If so I MIGHT be able to use a variable like setting it to SERVER['HTTP_HOST'] ?? .I see now that if I remove the setting for session.cookie_domain from the ISPConfig domain options the script again looses sessions. I would hope I can remove it from there and set it in code to SERVER['HTTP_HOST']
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    You can set the cookie domain with the PHP function session_set_cookie_params. Ensure that you use this before you start the session but after the session_name function.
  10. markosjal

    markosjal New Member

    Just FYI . I had been using the server under this configuration for over a week.Today I wanted to see how it looked from IE (some old version on Win 7) and was immdiatley logged out .

    May be a coincidence but after using IE browser I suddenly can no longer maintain a session with any browser, not even the one I have been customizin it from for several days.

    I have even rebooted server and no dice

    I suppose I may need to set more parameters in the PHP??

    Maybe easier to put up a new webhost on a VPS dedicated for this subdomain with no ISPConfig ?

Share This Page