I have one script that saves data received from a form in session and then sends a request to an external site. The site then redirects to a thank you page on the same server as the first script. session_start() on the thank you page returns true and session_id() returns the same ID as in the first script but the $_SESSION array is empty.
index.php
<?php
session_start();
if ($_GET['submit-payment'] ?? false) {
if (($_POST['CREDIT_ACCT_CODE'] ?? false) && ($_POST['AMT'] ?? false)) {
foreach($_POST as $key => $value) {
$_SESSION[$key] = $value;
}
// if I dump $_SESSION here all the data is there
session_write_close();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head></head>
<body onload="submit();">
<form action="<URL TO EXTERNAL SITE>" method="post" name="paymentForm">
<input type="hidden" name="UPAY_SITE_ID" value="3" />
<input type="hidden" name="CREDIT_ACCT_CODE" value="<?= $_POST['CREDIT_ACCT_CODE'] ?>" />
<input type="hidden" name="AMT" value="<?= $_POST['AMT'] ?>" />
</form>
</body>
</html>
<script type="text/javascript">
function submit() {
console.log('<?= session_id() ?>');
document.paymentForm.submit();
}
</script>
<?php
} else {
throw new Exception('CREDIT_ACCT_CODE or AMT parameter missing from POST data, could not submit payment form');
}
die;
}
?>
thankyou.php
<?php
session_start();
var_dump(session_id(), $_SESSION, $_COOKIE);
//session ID is the same as the one logged in index.php, $_SESSION is an empty array and $_COOKIE contains a PHPSESSID cookie with the ID
?>
The session resumes with the same ID but no session data is present.