I’ve been playing with CakePHP, which is an MVC framework for PHP (the PHP equivalent of Ruby on Rails) and had this annoying bug where the session cookie (which holds a session hash) gets regenerated with every page request. This had the effect that, when I saved my User object in the session after validating the login, the cookie’s value would change to a new hash (losing the auth data), meaning that the logged in status was lost when requesting a new page.
I knew that the session was getting the user data inserted, because I could see the sessions and data being created on each request. I also knew that the browser was receiving the cookie with the last generated session hash. So, since CakePHP generates a new session for each request that isn’t accompanied by a session cookie, I figured that my browser wasn’t sending the session cookie with the request.
Point 1: if you can’t make your session stick, see if you’re getting a different session hash each request, because maybe the server just isn’t receiving the cookie.
Then I tried to figure out why cookies weren’t being sent. It turns out that having a space in the url of a website (which gets converted to %20, as in http://localhost/Internal%20Projects/CakeTest) stops cookies from being sent. This may have something to do with the web server (Apache 2.2.26) or the fact that I’m using a preconfigured WampServer Apache-MySQL-PHP stack, but it is common to both Firefox 2 and IE7. Which brings me to…
Point 2: don’t put spaces in your development server’s folder names when using cookies.
as in paulyshore.isalegendinalunchbox.com and thetodd.isalegendinalunchbox.com. lol I kill myself.