I'm trying to use redis as session driver of a lambda running bref php. It writes the data as expected(I can see it using redis-cli) and stores on $_SERVER, but when you refresh the page, session is empty. I'm not using frameworks, just pure php.
This is the current behavior:
- Browser cookie is correct (Name PHPSESSID and same id as in redis)
- var_dump($_COOKIE) shows the expected info
- session_start() returns true
- var_dump($_SESSION) is empty after refresh
- var_dump(ini_get("session.save_handler")) shows correct value
- var_dump(ini_get("session.save_path")) shows correct value
- I can see at redis-cli live monitor that php is getting the correct key
This is my serverless.yml relevant sections:
plugins:
- ./vendor/bref/bref
- ./vendor/bref/extra-php-extensions
functions:
api:
handler: index.php
description: ''
timeout: 28 # in seconds (API Gateway has a timeout of 29 seconds)
layers:
- ${bref:layer.php-74-fpm}
- ${bref-extra:redis-php-74}
- 'arn:aws:lambda:us-west-2:844410403720:layer:database:7'
My php/conf.d/php.ini:
extension=redis.so
[Session]
session.save_handler = redis
session.save_path = "tcp://redis.mydomain:6379"
session.use_strict_mode = 0
session.use_cookies = 1
session.cookie_secure = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 54000
session.cookie_path = /
session.cookie_domain = .mydomain.abc
session.cookie_httponly = 1
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor = 50
session.gc_maxlifetime = 864000
session.referer_check =
session.cache_limiter = nocache
session.cache_expire = 900
session.use_trans_sid = 0
session.hash_function = 0
session.hash_bits_per_character = 5
And it seems to be applied cause this is my phpinfo() output:
session.auto_start | Off | Off
session.cache_expire | 900 | 900
session.cache_limiter | nocache | nocache
session.cookie_domain | .mydomain.abc | .mydomain.abc
session.cookie_httponly | 1 | 1
session.cookie_lifetime | 54000 | 54000
session.cookie_path | / | /
session.cookie_samesite | no value | no value
session.cookie_secure | 1 | 1
session.gc_divisor | 50 | 50
session.gc_maxlifetime | 864000 | 864000
session.gc_probability | 1 | 1
session.lazy_write | On | On
session.name | PHPSESSID | PHPSESSID
session.referer_check | no value | no value
session.save_handler | redis | redis
session.save_path | tcp://mydomain.abc:6379 | tcp://mydomain.abc:6379
session.serialize_handler | php | php
session.sid_bits_per_character | 5 | 5
session.sid_length | 26 | 26
session.upload_progress.cleanup | On | On
session.use_cookies | 1 | 1
session.use_only_cookies | 1 | 1
session.use_strict_mode | 0 | 0
session.use_trans_sid | 0 | 0
$_COOKIE['PHPSESSID'] | the right and expected hash
$_SERVER['HTTP_COOKIE'] | PHPSESSID= the right and expected hash
I don't know if I'm missing any configuration. Does anyone see what is wrong?
The problem was the place where I was calling session_start(). In an usual installation of php-fpm in an EC2 instance I was able to achieve the expected behavior by calling @session_start() in anywhere and the same code was working fine, but with bref it simply don't works. So make sure you're calling session_start() before any output and just once!