PHPSESSID cookie lost after redirect

php header

Solution 1:

Do you have something like this in your apache config?

Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure;SameSite=Strict

Changing Strict to Lax should solve your issue:

Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure;SameSite=Lax

See also https://www.sjoerdlangkemper.nl/2016/04/14/preventing-csrf-with-samesite-cookie-attribute/

Try changing the defaults for session_start():

$secure = true; // if you only want to receive the cookie over HTTPS
$httponly = true; // prevent JavaScript access to session cookie
$samesite = 'lax';

if (PHP_VERSION_ID < 70300) {
    session_set_cookie_params($maxlifetime, '/; samesite='.$samesite, $_SERVER['HTTP_HOST'], $secure, $httponly);
} else {
    session_set_cookie_params([
        'lifetime' => $maxlifetime,
        'path' => '/',
        'domain' => $_SERVER['HTTP_HOST'],
        'secure' => $secure,
        'httponly' => $httponly,
        'samesite' => $samesite
    ]);
}

See also https://www.php.net/manual/de/function.session-set-cookie-params.php#125072

Related

how to call getSeason(Months.OCTOBER);? [closed]
JavaFX : How to get column and row index in gridpane?
Buffer is not defined in react-pdf
Image array in rock,paper, scissors game
Full list of font families provided with Flutter?
Why do the vector values not get move to the Ordering function in the below code?
Recursive function to add object into deeply nested array of objects adding into wrong object
How to download Javadoc to read offline? [closed]
TemplateDoesNotExist at / base/index.html when deploying to heroku
AWS RedHat Enterprise EC2 Billing Confusion
Why cpplint doesn't care about indentation/spaces and what is the alternative?
Are global CSS helper classes a good idea? [closed]