18

Using Google Chrome, I'm seemingly losing/corrupting session data when navigating between pages (PHP 5.0.4, Apache 2.0.54). The website works perfectly fine in IE7/8, Firefox, Safari & Opera. The issue is only with Google Chrome.

I narrowed down the problem. I'm using search friendly URL's, and hiding my front controller (index.php) via a .htaccess file. So the URL looks like: www.domain.com/blah/blah/ Here's the .htaccess file contents:

Options +FollowSymlinks 
RewriteEngine on
#allow cool urls 
RewriteCond %{REQUEST_FILENAME} !-f 
RewriteCond %{REQUEST_FILENAME} !-d 
RewriteRule ^(.*) index.php [L] 
#allow to have Url without index.php

If I remove the .htaccess file, and expose the front controller in the URL: www.domain.com/index.php/blah/blah/, Chrome works perfectly fine.

Any thoughts ideas? I'm thinking it's some kind of problem with how Chrome identifies what cookie to use and send to the server? This happens in Chrome 4 & 5. Thanks!

Toby
  • 281
  • 1
  • 2
  • 7

4 Answers4

17

I had the same issue, and to fix it I only had to create a favicon.ico and place it in the webroot - otherwise I could see using Fiddler that a 404 resulted for this with every page request from Chrome (despite me not actually linking to a favicon in the page markup).

In my mind this is clearly a bug in Chrome, as the lack of a favicon should have no bearing on session data.

brismuth
  • 29,218
  • 3
  • 30
  • 37
BrynJ
  • 7,736
  • 14
  • 59
  • 86
  • Wow! I would have never guessed that one, I would look for a broken link or something, but never the favicon, good job, it actually worked! – multimediaxp Dec 11 '12 at 06:19
  • This appears to fix the problem but I think it's all connected to how Chrome is handling .htaccess - Not really sure why, but I did not have any problems until I implemented a custom .htaccess file. I also had this problem on iOS Safari, and that also seems to be fixed. – Chris Mar 12 '14 at 16:49
9

Turns out the issue was with the contents of my .htaccess file. This resolved the issue:

#<IfModule mod_rewrite.c>

############################################
## enable rewrites

    Options +FollowSymlinks
    RewriteEngine on

############################################
## always send 404 on missing files in these folders

    RewriteCond %{REQUEST_URI} !^/.*(themes|wysiwyg|images|js)/

############################################
## always send 404 on missing favicon

    RewriteRule ^favicon.ico$ favicon.ico [L]

############################################
## never rewrite for existing files, directories and links

    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-l

############################################
## rewrite everything else to index.php

    RewriteRule .* index.php

#</IfModule>
Toby
  • 281
  • 1
  • 2
  • 7
  • Favicon! I just solved a similar issue by remembering about the favicon... Thanks toby! – Michael Clerx Dec 28 '10 at 15:16
  • RewriteRule ^favicon.ico$ favicon.ico [L] - this alone solved my problem. Thank you! – TimL May 20 '15 at 20:15
  • OMG, it was Favicon. I faced this problem for a week until reading this post and comments. I added "RewriteRule ^favicon.ico$ favicon.ico [L]" to htaccess file and clear all cache page. It worked. Thank you guys. – TommyDo Aug 24 '20 at 19:42
0

Try using;

 session_set_cookie_params(0, '/', '.domain.com');

to enforce the session cookie params. Remove the prefixed period if you are enforcing 'no www', or aren't using subdomains.

You can also try calling session_write_close() at the end of the script to force PHP to write and close the session then and there (this is especially handy when you run redirect headers right after writing session data).

UPDATE:

Try using this in your .htaccess;

RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
TheDeadMedic
  • 9,770
  • 2
  • 33
  • 49
  • Thanks for the response. I'm already doing both of the items you suggested. – Toby Jun 01 '10 at 22:43
  • Check my revised answer, let me know how it goes – TheDeadMedic Jun 02 '10 at 13:15
  • When I used your htaccess, it wasn't rewriting my particular SEF urls correctly. However, I did find an alternate htaccess file bundled with the latest version of the framework I'm using...and everything is working great now! `# Options +FollowSymlinks` RewriteEngine on RewriteCond %{REQUEST_URI} !^/.*(themes|wysiwyg|images|js)/ RewriteRule ^favicon.ico$ favicon.ico [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-l RewriteRule .* index.php # ` – Toby Jun 02 '10 at 17:04
0

Seems like this issue has reappeared on Chrome browsers lately. I have had a site running for 6 months with no issues and suddenly yesterday started having issues with session data being overwritten. Using fiddler I could see that chrome was trying to load the favicon. My issue was also that I had a link to "favicon.ico" rather than "/favicon.ico" so chrome then appended favicon.ico to my querystring, eg. /product/abc/favicon.ico which resulted in the page loading twice, the second time overwriting the session data. So my fix was:

  1. change link ref to "/favicon.ico"
  2. uploaded a favicon
  3. added this to .htaccess: RewriteRule ^favicon.ico$ favicon.ico [L]

The last step has been mentioned in several answers and I would consider it a good answer except it failed me because my link ref was "favicon.ico".

ws8
  • 107
  • 1
  • 7