-
Notifications
You must be signed in to change notification settings - Fork 230
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to attach to already started session? #285
Comments
On further investigation, I compared headers: Non-private mode:
Private mode:
Non-private mode generates 2 sessions and does not destroy/rewrite session on change. I mean PHPSESSID=6238us3guppvlhig88gvgk6kf9; is stuck. Is this a problem or a feature? |
Browsers hard reset resolved issue. But still problem origin is unknown... |
Thank you! Can you reproduce the original problem in a normal (non-private) window with a clean cookie storage, i.e. no existing cookies for the site? Which browser is it? Can you reproduce it in Chrome or Firefox? |
I build application where session is started by another function. Example:
new \DB\SQL\Session($this->db, 'sessions', false, NULL, 'CSRF');
This function create new session and add session data (CSRF token) to DB. Let's say it has ID: 1.
Now, I instantiate PHP-Auth:
This action for some reason creates entirely different 2nd session with ID: 2 but not destroying session ID: 1. This behavior leads to very weird issue where data added to the session, but not seen.
However, this behavior not replicated when web browser "private" mode is used. In private mode, session ID: 1 is regenerated and updated correctly without spawning that ghostly session ID: 2.
Am I missing something with my logic? Why correct results are only in private browser mode?
The text was updated successfully, but these errors were encountered: