We are running a web-app, that has a User portal and an Admin Portal. We have implemented a Feature for Our Customer Rep to be able to log-in as customer and perform actions on their behalf.
Our Working Stack is:
Redis 5.1.0 // for Cache & Session Management
User portal is let’s say abc.com & Admin Portal is say admin.abc.com
the implementation of the feature is like following:
On the new tab, currently on ADMIN_PORTAL
$sessionCookieName = "AT_R_LOCAL_SESSID";
session_set_cookie_params(3600, '/', '.abc.com', false, true);
// after this, we set the User Data in session using
$session = Yii::$app->session;
foreach ($user->attributes as $key => $val)
$session->set($key, $val); //$session[$key] = $val
and at last, we redirect the page to USER_PORTAL
The above functionality is working perfectly till Php 7.1.2, recently to implement a new feature we had to upgrade to PHP 7.2.3
After the upgrade, the Login as Customer feature has stopped working,
We debugged and checked the session, The User data that is supposed to be set on to User Domain isn’t getting set.
On debugging more, I found out that, the session is being set until we are onto the admin portal, I tried printing out $_SESSION, session_name, session_get_cookie_params. All seems perfect, but when the page is redirected from Admin Portal to User Portal, there’s nothing in $_SESSION.
On the initial hit where the request comes to User Portal, I printed out $_SESSION, session_name, session_get_cookie_params again to verify, Except for $_SESSION everything is as it should. Just that $_SESSION gives an empty session.
More Info, If we do a regular Login on the User Portal, Session is getting set as it should. So my understanding is there is no issue with PHP-Redis communication.
On searching more, found out that working of session_name has some changes since 7.2
The Functionality is working in PHP7.1 running without Docker ie in Local & Production.
On our staging server, which is on Docker; the above functionality doesn’t work.
Might be due to the “/” param given in set_cookie_params… Not sure though.
Please suggest how to fix this issue.
Thanks in advance.