Hey there, let's dig into this session regeneration issue you're facing after upgrading to PHP 7.0 on your Red Hat EC2 instance. Since you've already ruled out error reporting settings, let's walk through the most likely culprits and actionable fixes:

PHP 7.0 introduced stricter cookie defaults compared to 5.6, which often causes session persistence issues after upgrades. Double-check these critical ini settings:

• session.cookie_domain: Ensure it's set correctly for your domain (no typos, and includes subdomains if needed). A blank value uses the current host, but misconfigurations here can make browsers reject the session cookie.
• session.cookie_secure: If your site uses HTTPS, this should be set to On. An incorrect value (like Off for HTTPS sites) will make browsers refuse to store the session cookie, forcing a new session on every request.
• session.cookie_path: Set this to / to ensure the cookie is sent across all pages of your site. A restricted path can prevent cookies from being passed between pages.
• session.cookie_samesite: While officially added in PHP 7.3, some distros backport this to 7.0. If set to Strict unnecessarily, even internal site navigation might break session persistence.

To verify these values, create a quick diagnostic script:

<?php
phpinfo();
?>

Look for the "Session" section to confirm settings. Adjust them in your php.ini (usually at /etc/php/7.0/apache2/php.ini or /etc/php/7.0/cli/php.ini depending on your web server) or via ini_set() at the start of your application.

Even though new session files are being created, check if the web server user has proper read access to existing files. Upgrades sometimes alter the ownership or permissions of /var/lib/php/7.0/session/.

Run these commands to inspect:

ls -ld /var/lib/php/7.0/session/
ls -l /var/lib/php/7.0/session/ | head -5

Ensure the directory is owned by your web server user/group (e.g., apache:apache) and has permissions set to 700 (restricting access to only the web server). Fix with:

chown -R apache:apache /var/lib/php/7.0/session/
chmod -R 700 /var/lib/php/7.0/session/

(Replace apache with your actual web server user if using Nginx or another service.)

Check your codebase for unintended calls to session_regenerate_id() running on every page load. Legacy PHP 5.6 code might behave differently in 7.0, or a miswritten conditional could trigger this function unnecessarily.

Search your code for:

session_regenerate_id()

Ensure this is only called when necessary (e.g., after a user logs in, not on every request).

PHP 7.0 tightened up handling of invalid session IDs. If your code relied on 5.6's lenient behavior (like accepting malformed session IDs), PHP 7.0 will reject those and create a new session instead.

• Avoid manually setting session IDs unless absolutely necessary, and ensure any custom IDs use valid characters (alphanumerics, hyphens, underscores).
• Always call session_start() at the very top of every page, before any output (even whitespace can break cookie headers and session persistence).

If using Apache, check if mod_rewrite or header directives are interfering with cookie transmission. For example, HTTP-to-HTTPS redirects that don't preserve cookies, or Header rules that overwrite session cookie settings.

If using Nginx, verify your fastcgi_param settings include PHP_SESSION_ID $cookie_PHPSESSID; to pass the session ID correctly to PHP.

After working through these steps, test your site again to see if sessions persist across refreshes and page jumps. If issues remain, enable session debugging by setting session.debug = On in your php.ini—this logs detailed session handling info to your web server error log, which can help pinpoint the exact problem.

内容的提问来源于stack exchange，提问作者Barend Janse van Rensburg