I have this situation - an user clicks a link in my site. That link sets a session variable and then redirect the user to another page. That another page then redirects the user back to the previous page, but the previously set session variable is gone. How to keep the session variable in this case?


Are you sure every page starts with session_start(); ?

Pretty sure, when debugging $_SESSION, it shows me other session data that shoud be there, it just seems to be resetting the session after the redirect back.

It's basically the OAuth workflow, just in this case i need to keep that specific session variable after i get redirected back with my access key.

Member Avatar

This is a little cryptic Buppy, care to share the code so we can see what's going on?

        if (isset($_GET['domain'])) {
            //Step 0 - if domain var is set, then save it and proceed to step 1
            $_SESSION['domain'] = $_GET['domain'];

        if (isset($_GET['code'])) {
            //Step 2 - codes is set, get the access key and redirect back to the domain provided before
            $ch = curl_init();
            curl_setopt($ch, CURLOPT_USERAGENT, "MyUseragent");
            curl_setopt($ch, CURLOPT_COOKIEJAR, "curl_cookie.txt");
            curl_setopt($ch, CURLOPT_URL,"OAuth key URL");
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
            curl_setopt($ch, CURLOPT_POST,1);
            curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
            $result = curl_exec ($ch);      
            curl_close ($ch);       
            $result = json_decode($result,true);
            //Here's the problem - the domain var is empty after redirect from the OAuth auth URL
        } else {
            //Step 1 - get OAuth code, then redirect back to this script with code
            header('Location: OAuth auth URL');
Member Avatar

OK, I'm trying to get this right in my head. The main site (e.g. www.example.com) sends info to a subdomain, like www.subdomain.example.com (via header) and then receives info (auth info) back to the calling same page? So are we looking at cross-sub-domain session? If so, you may have a few ways of sorting this - in your php.ini file or even htaccess file. You may even be able to set in script like this:

ini_set('session.cookie_domain', '.example.com' ); 

I'll stop for now, is that the sort of thing?