The latest Firefox, version 63.0, on both Mac and Windows, has somehow broken the login I have built for the admininstrative backend of my ecommerce website. This was previously working fine. I use PHP.
On successful login with valid credentials a $_SESSION['admin_logged_in'] variable is set to TRUE and I am correctly logged in and redirected to a starting page. However when I then attempt to navigate to any other page within the admin site I am immediately logged out as if the session variable has suddenly been lost.
On every single page at the very beginning, including the starting page, I have an include with a short login check script which is as follows:
<?php
//start session
session_start() ;
//check user is logged in
if (($_SESSION['admin_logged_in'] !== TRUE) || (!isset($_SESSION['admin_logged_in']))) {
header("location: /index.php") ;
$_SESSION['admin_reason'] = "illegal" ;
exit;
}
?>
I may have thought this a bug with Firefox however recently I am also logged out, usually though after navigating through a couple of pages, by the latest version of Safari on iOS 12 and MacOS Mojave.
Currently working and no problems on Opera or Chrome (tested on Mac).
I have tried clearing the cache in Firefox and adjusting the privacy settings but no luck. I have spoken with my web hosts and they are not aware of any server side issues or changes.
But if there was a problem with the PHP code and session variables, since this is handled server side, presumably it would not work on any browser and also not worked previously?
Grateful for any suggestions.
I managed to solve this issue, please see my answer below.
I managed to solve this myself.
To clarify, issue on Firefox version 63.0 on both Mac and Windows, Safari version 12.0 on MacOS Mojave and Safari on iOS 12.0.1. Other browsers tested, Chrome and Opera, were fine.
I did some testing with a basic set of pages and found that in Firefox on all pages subsequent to any PHP session variable being set it was not available/did not exist. Safari usually lost it after navigating through a couple of pages.
I then discovered the following page of an old post on the Mozilla forums reference favicons:
https://bugzilla.mozilla.org/show_bug.cgi?id=263057
I checked developer tools and discovered that these browsers, every time in the case of Firefox, and every few pages in the case of Safari, were requesting favicon.ico and getting a 404 response since I did not have one there. For some reason this was breaking the PHP session variables. I am not clear as to why.
So the fix was simply to place a favicon.ico in the root directory of the website.
Thank you for your comments.