0

My problem is that I have a website and when I refresh the a page, the session get destroyed. This means I lost my cart, my wishlist, etc... It happens in Safari and Firefox too, but on my PC the session stays there. This is not an incognito tab/window, I not deleting my cookies and/or session data between refreshes and not specified in the browser settings to delete cookie (or another data) in any case.

I'm using Yii2 (latest installed via composer) with PHP 7.4 under an nginx with FPM. php.ini config (the session):

session.save_handler = files
;session.save_path = "/var/lib/php/sessions"
session.use_strict_mode = 0
session.use_cookies = 1
session.cookie_secure = 0
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 5184000
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly = 0
session.cookie_samesite = "Strict"
session.serialize_handler = php
session.gc_probability = 1/100
session.gc_divisor = 1000
session.gc_maxlifetime = 5184000
session.referer_check =
session.cache_limiter = nocache
session.cache_expire = 5184000
session.use_trans_sid = 0
session.sid_length = 26
session.trans_sid_tags = "a=href,area=href,frame=src,form="
;session.trans_sid_hosts=""
session.sid_bits_per_character = 5
;session.upload_progress.enabled = On
;session.upload_progress.cleanup = On
;session.upload_progress.prefix = "upload_progress_"
;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS"
;session.upload_progress.freq =  "1%"
;session.upload_progress.min_freq = "1"
;session.lazy_write = On

My Yii2 config (frontend/config/main.php):

return [
  // ...
  'modules' => [
    // ...
    'session' => [
      'class' => 'yii\web\Session',
      'timeout' => 5184000,
    ],
    //..
  ],
  // ..
  'components' => [
    // ..
    'session' => [
      'name' => 'advanced-frontend',
    ],
    // ..
  ],
  //..
];

My TestController in the frontend for my tests:

<?php

namespace frontend\controllers;

use Yii;
use yii\web\Controller;

class TestController extends Controller
{
    /**
     * Test index action
     */
    public function actionIndex()
    {
        if(!\Yii::$app->session->has('asd')) {
            echo 'do not has ASD';
            \Yii::$app->session->set('asd', 1);
        } else {
            echo 'has ASD';
        }

        echo '<br />' . \Yii::$app->session->id;
        dd($_COOKIE, \Yii::$app->request->cookies);
    }
}

I tried various configs in the php.ini and in the Yii2 main config, but no luck. Any idea apprisiated!

Sándor Gál
  • 21
  • 5
  • What is lost? Cookie I assume? And what is this: `session.cookie_path = /`? Does it need to be a string? – ficuscr Aug 26 '20 at 17:35
  • Does this help? [Login works on desktop but not mobile?](https://stackoverflow.com/questions/33570826/login-works-on-desktop-but-not-mobile) – ficuscr Aug 26 '20 at 17:53
  • I created a test file (anly with session_start() and var_export([session_id(), $COOKIE])) and on a mobile browser the PHPSESSID cookie didn't sent beck in the request, so every page load I get a new session id, but on desktop, the browser sends back the PHPSESSID cookie and I didn't get new session id. the ```session.cookie_path = /``` is used when you want to use different cookie in different location (for example ```/admin``` location). When I use ```session.cookie_path = "/"``` nothing changed in the behavior (didn't got PHPSESSID). – Sándor Gál Aug 27 '20 at 09:33

1 Answers1

1

After questioned several people and a ot of debugging, the problem was the session.cookie_samesite = "Strict" when I changed this to session.cookie_samesite = "None" the problem is solved like magic.

Sándor Gál
  • 21
  • 5