Home > front end >  PHP session destroyed after finishing payment on other site (mercadopago.com)
PHP session destroyed after finishing payment on other site (mercadopago.com)

Time:11-16

I have a website that use mercadopago payments (similar to PayPal, from South America).

When user finish payment and is redirected back to my site, I get a new session id and I am not able to read old one, also not able to read previously set cookies.

My problem is that I need cookie or session value to keep user logged in, if not, I need to ask user and password again and the client does not like that.

This is the code that I am using to set the cookies, with comments explaining my problem:

<?php 

    session_start();
    include("db-connection.php");
    if(isset($_SESSION["id_alumno"]))
    {
     $sid=session_id();
      if(isset($_COOKIE["user_token"])){
      //just for debbuging
      //echo "user_token is a  " . $_COOKIE["user_token"];
     }else{
      //set cookie and update same value in database
      setcookie("user_token", $sid, time() 2*24*60*60);
      $id_alumno=$_SESSION["id_alumno"];
      $sql="UPDATE `alumno` SET `login_token` = '$sid', `login_creado` = NOW() WHERE `alumno`.`id` = '$id_alumno'";
      $res=mysqli_query($link, $sql); //this connection values are send in a db-connection.php already included.
      }
    }else{
     $cookie_value=$_COOKIE["user_token"]; // here is my problem, I can't access this value, checking cookie information using chrome and the plugin web developer, I get 2 PHPSESSID (old which was used to set cookie with user_token, and also the user token value, and also this new PHPSESSID)
     if(isset($cookie_value)){
      $sql="SELECT * FROM alumno where login_token='$cookie_value' and login_token!='no'";
      $res=mysqli_query($link, $sql);
      if($reg=mysqli_fetch_array($res))
      {
       //here I can login back the user
      }//mysql query
     }//if isset cookie value
    }
    ?>

CodePudding user response:

You're using session_start() with it's default options. As soon as you leave your site the session cookie expires.

Try example #3 from the manual:

<?php
// This sends a persistent cookie that lasts a day.
session_start([
    'cookie_lifetime' => 86400,
]);
?>

This sends a persistent cookie that lasts a day.

See also: How do I create persistent sessions in PHP?

  • Related