Your code looks fine to me. I'll assume it's an error in the test procedure or a configuration error. As there comes no further information I will present some general advices:
Set the session save path before the session is started
Changing the session path should happen before the session is started:
session_save_path() needs to be called before session_start()
You might start the session unintentionally before changing the save path (e.g. session.auto_start
or some session_start()
somewhere in your framework). Double check that the session was not started! If it was it might be advisable to move application specific runtime configuration into a .htaccess.
Start the session before you access $_SESSION
Make sure that your session is started before you access the session for your test case.
Ensure the propagation of the session id
Check on the browser side that you use for each subsequent request the same session id. You can do this either by checking the session id in the URI or by checking the session cookie. Double check on the server side the result of session_id()
. Note that session.cookie_secure
can restrict does in your case restrict the session propagation to HTTPS only. If this is the case, adopt your test procedure to HTTPS or allow the session propagation by a http cookie (e.g. session_set_cookie_params($expireTime,"/",NULL, FALSE, TRUE);
).
Compare the expected configuration with phpinfo()
You are making some runtime changes to the configuration. There are scenarios where those won't be applied. Compare the output of phpinfo()
with your expectations. In your case check each session.*
property.