刷新页面PHP后会话过期

Question

I am having problems with a custom start session.For security reasons I decide to look for a method that is safe when starting a session and I came across this tutorial and implemented the method related to start session.

The problem is that whenever I am initiating a new session variable and redirect to another page which is expecting the value from the initialized session, all my session variable that I initialed earlier on get destroyed forcing the user to logout.Below is my function I am using to start sessions:

 function sec_session_start(){
$session_name = 'sec_session_id';//set a custom session Name
$secure = false;//true if are using https
$httponly = true; //this stops javascript from accessing session id 

ini_set('session.use_only_cookies', 1);//FORCES session to only use cookies
$cookie_params  = session_get_cookie_params();//Get current cookie params
session_set_cookie_params($cookie_params['lifetime'],$cookie_params['path'],$cookie_params['domain']
        ,$secure,$httponly);
session_name($session_name);//set the session name to the one set above
if (!isset($_SESSION)){session_start();}//start the php session
session_regenerate_id();//regenerate new session id and delete the old one THIS IS TO  PREVENT SESSION HIJACK

}   

I have searched for an answer to my problem with no luck, Please help me on this.

NB - when I use the default session_start everything works perfect.

Answer 1

You should start session, not when $_SESSION is not set.

if (!isset($_SESSION)){session_start();}//start the php session
session_regenerate_id();//regenerate new session id and delete the old one THIS IS TO  PREVENT SESSION HIJACK

should be

session_start();//Start new or resume existing session
session_regenerate_id();//regenerate new session id and delete the old one THIS IS TO  PREVENT SESSION HIJACK

Reference: session_regenerate_id

Answer 2

尝试将session_start（）放在php代码的顶部，作为第一条指令。