Hi, I guess I do have still this Issue here: https://git.ispconfig.org/ispconfig/ispconfig3/issues/3827 The issue existed on Debian 8 and even on 9, no matter which PHP Version I use. My current szenario has FastCGI. It is not related to ISPConfig backend, but for example login into Wordpress or REDAXO CMS. I dont know if this is a redirect http to https Issue. When I watch the response and request headers, I can see two PHPSESSIDs which will prevent me from loggin in. Every PHP Setup is totally default. I need to restart my browser (firefox or chrome, bug exists on both) in order to be able to log in.
very interesting, do have that issue with a strict to the install-guide setup? I have absolutely never ever seen that and I did a lot of debian+ispconfig setups ^^ are you carrying old php.ini files with you or other backups? are you really using fastcgi on debian9 or fcgid (which are not the same, while fastcgi is better on deb8 it has been superseeded by proxy_fpm and is no longer avail for good reasons )
In my opinion, this problem is probably a race condition together with a problem in the session_regenerate_id command in some PHP versions which causes PHP to create two sessions. It might be somehow related to two scripts creating or regenerating a session at the same time (e.g. by calling multiple files with ajax or similar) together with a slow session storage so that both scripts 'think' that they are the first to create a new session, but that's just a rough guess. I never had this on any of my own servers. So this can probably happen in any application that is written in PHP and that uses this function, no matter if the server uses ISPConfig.
good point, I wonder what happens if, tmeporarily b/c of security in shared host environment, you configure memcache as session storage
