You do not specify how sessions are being persisted (cookies?). If so, is there actually an exchange back to the user's browser which would include a set-cookie: header? If you simply redirect to another page, the cookie might never be set on the client side. Nevertheless, "if it worked yesterday," the first step is to (first, stash your changes, then ...) version-control "revert" back to the last known-good state.