• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1083
  • Last Modified:

Google Chrome PHP Session question

I test my application using all 5 major browsers, and Google Chrome is among one of them. I am using an Apache server in my local machine.

Lately, I've been playing around creating and destroying PHP sessions to learn more about it. Here is how I am currently destroying a session at my login.php:

if (isset($_SESSION['user'])) {
    $_SESSION = Array();

Here is how I handle session checking on all other pages:

 * Check if there's already a session. If not, create one.
if (isset($_SESSION['user'])) {
    $user = $_SESSION['user'];
} else {

Open in new window

Internet Explorer, Firefox, Opera, and Safari, all work perfectly fine with the above code in the sense that only ONE session file appears in my c:\xampp\tmp when the session is created, and the file disappears when the session is destroyed.

But Google Chrome seems to create 2 files when a session_start() is made and none of them gets deleted when the session is destroyed. What's worse, it keeps creating 2 more session files as I navigate from one page to another, and I'm not sure I understand why. Again, this happens only with Google Chrome, leading me to conclude it can't possibly be my code, or can it?

Has anyone experienced this? Should I be concerned about this?
  • 2
2 Solutions
Dave BaldwinFixer of ProblemsCommented:
You're running on 'localhost', aren't you?  Chrome won't accept cookies on 'localhost' so every access creates a new session file since there isn't any cookie from a previous one.  If you are able to use the IP address of the machine, it should then work in Chrome also.

I almost never use 'localhost' because it has several problems.  One is that Chrome won't accept cookies but even more important to me is that you can't run a public website on 'localhost'.  'localhost' and '' both bypass the TCP/IP stack so anything related to IP addresses may act funny on 'localhost'.
Ray PaseurCommented:
I agree with Dave.  Have a quick look at this user-contributed note.  Notice how many times it has been "marked down" because it's just plain wrong and evinces a misunderstanding of what Google Chrome is actually doing.

The right dev environment is that environment that is as close as possible -- end-to-end -- to the deployment environment.  For literally no more than pennies a day you can get full-service web hosting and you can deploy a private label, public-facing web site on the internet. This is how your clients will see your web site, so it makes sense to test your applications in this environment.  All of the task runners can do their work in this environment; your build can be as simple as an FTP script.  In short, you give up almost nothing to gain stability and peace of mind.

If you're doing PHP client authentication, this article shows the right steps to create, use, and destroy the PHP session.  The article is old, and you might want to adopt an object-oriented design pattern, but the principles have not changed.
elepilAuthor Commented:
Whew! I'm glad others have encountered this issue. Thanks for the help, Dave and Ray!
Dave BaldwinFixer of ProblemsCommented:
You're welcome, glad to help.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now