Skip to content

How To Enable Session Support / Cookies for PHP?

 

By default PHP comes with session support enabled. But if PHP session is not accepting cookies then session cookie support can be turned on automatically at the site level, or manually in each PHP page script: Turning on session support automatically at the site level we have to modify some setting in php.ini file. you can get php.ini file in the folder you install PHP. To your sessions, you have to set or reset the following parameter in your php.ini file

        Define path to save sessions ; Replace to your path.
        session.save_path = "C:\php\sessiondata\"

        Directory related to server session should be under 777 chmod > fully writable

        Whether to use cookies.
        session.use_cookies = 1 

        Name of the session (used as cookie name).
        session.name = PHPSESSID

        Define Lifetime in seconds of cookie or, if 0, until browser is restarted.
        session.cookie_lifetime = 0

        ;The path for which the cookie is valid.
        session.cookie_path = /

        The domain for which the cookie is valid.
        session.cookie_domain =

        Handler used to serialize data. php is the standard serializer of PHP.
        session.serialize_handler = php

There are some more setting which may be used to modify your Sessions. For more Details refer php.ini

Browser Blocking Cookies?

Check your browser default settings and see if it accepting cookies. By default all browser allow accept cookies. But sometimes third party internet security or browser extensions can prevent accepting cookies. Permission of those app has to be changed to allow cookies in browser so script works normally.

Invalid Session Token?

User session token or CSRF token can only be changed if you block creating new session or remove existing tokens during your installation process or any activity within the script. This protection is made simply for preventing token highjack or CSRF attack. To not facing this error, make sure you are allowing sessions to use cookies and not removing existing session tokens after generating browser sided tokens. Without manipulating default browser settings. 🙂