How to attach to already started session?

Question

How to attach to already started session?

ponasromas opened this issue 2 years ago · 3 comments

I build application where session is started by another function. Example:

new \DB\SQL\Session($this->db, 'sessions', false, NULL, 'CSRF');

This function create new session and add session data (CSRF token) to DB. Let's say it has ID: 1.

Now, I instantiate PHP-Auth:

$authdb = new \PDO('DB_CONN', 'DB_USERNAME','DB_PASSWORD');
$this->auth = new \Delight\Auth\Auth($authdb);

This action for some reason creates entirely different 2nd session with ID: 2 but not destroying session ID: 1. This behavior leads to very weird issue where data added to the session, but not seen.

However, this behavior not replicated when web browser "private" mode is used. In private mode, session ID: 1 is regenerated and updated correctly without spawning that ghostly session ID: 2.

Am I missing something with my logic? Why correct results are only in private browser mode?

Answer 1 · 2023-03-16T08:03:52.000Z

On further investigation, I compared headers:

Non-private mode:

Cookie: PHPSESSID=6238us3guppvlhig88gvgk6kf9; PHPSESSID=o9obmvrphq4c4aiv8i10iic83q

Private mode:

Cookie: PHPSESSID=65fqqa9fjv9d88ii7rkkfm63pe

Non-private mode generates 2 sessions and does not destroy/rewrite session on change. I mean PHPSESSID=6238us3guppvlhig88gvgk6kf9; is stuck. Is this a problem or a feature?

Answer 2 · 2023-03-16T08:07:34.000Z

Browsers hard reset resolved issue. But still problem origin is unknown...

Answer 3 · 2023-03-16T18:40:54.000Z

Thank you!

Can you reproduce the original problem in a normal (non-private) window with a clean cookie storage, i.e. no existing cookies for the site? Which browser is it? Can you reproduce it in Chrome or Firefox?