I have a login page, from where i submit my form data and whilst doing so, i create a self made session function, in which i check if (ini_set('session.use_only_cookies', 1)). While the data is passed on, the session gets created and i check if the login data is correct, then i redirect to index.php. In index.php i run the session function again and run into an error, that session.use_only_cookies is not set to 1, but it is. I checked with phpinfo()
Previously worked with XAMPP and it worked there. Recently switched to Docker with php:7.2-fpm-alpine3.7 image
My session function:
protected function sec_session() {
define("SECURE", true);
$session_name = 'sec_session_id'; // vergib einen Sessionnamen
$secure = SECURE;
$httponly = true;
if (!ini_set('session.use_only_cookies', 1)) {
//header("Location: /error.php?err=Could not initiate a safe session (ini_set)");
//The above doesn't work
echo("<script>location.href = '/error.php?err=Could not initiate a safe session (ini_set)';</script>");
//here is where i always land and i'm not sure why?
exit();
}
$cookieParams = session_get_cookie_params();
session_set_cookie_params($cookieParams["lifetime"],
$cookieParams["path"],
$cookieParams["domain"],
$secure,
$httponly);
session_name($session_name);
session_start();
session_regenerate_id();
}
The problem here was the $secure variable. It was designed to function only with an https request. The settings worked fine with the php:7.1-apache Docker Image