Geek Answers Handbook

PHP sessions expire unexpectedly

I don’t get it here. I have a specific user group upstairs whose sessions seem to expire completely by accident. It is not easy when they leave the site to sit for a while, it can expire while they are browsing. For me and most of our users, everything works fine. This is not a problem with the browser, we have people in FF and all versions of IE that work fine, and people in FF and IE do not work.

My gc_maxlifetime is at 43200 , and garbage collection is crazy low 1/1000 (not what should matter). Is there anything else possible on the server that accidentally deletes some of our sessions? What should I check? This still does not explain why only this particular group is affected.

I have several session settings that are different from the default:

 session.gc_maxlifetime = 43200 session.gc_divisor = 1000 session.save_path = /var/lib/php/session session.use_only_cookies = Off session.bug_compat_42 = Off

The first three do not bother me, but can the last two cause this behavior? I actually never send cookies via a URL, so I have no good reason to disable use_only_cookies. I have no guarantee that the losers who made this application before I got here did not use the bug_compat_42 thing to set session variables, but again, I would expect the problem with this to be less random.

Edit:

In a further investigation, I found that the session is not destroyed at all, but the end user receives a new session identifier. The old session still remains intact on the server, but when it starts, it starts by accident.

+6
php session
source share
5 answers

The problem here is that their browser has detected that the session cookie is expiring prematurely. I solved the problem with this dirty dirty hack that I should never use. I am not proud of it, but if it shines some light on something that can be allowed to me:

 if (!headers_sent()) { if ($_COOKIE["PHPSESSID"] != "") { setcookie("PHPSESSID", $_COOKIE["PHPSESSID"], time()+43200, "/", ".mydomain.com"); } }
+5
source share

Can you provide a little more information about your setup?

My first thought was that there was something accidentally deleting your temporary files folder. If you use the standard LAMP setting, PHP will store the session data files in / tmp. If they are removed from there by the cleaning process, you will lose your sessions.

Edit: I changed my mind now. If only a specific group of users is affected, this makes it less likely.

How about cookie settings? I would make sure that these people do not use something like a dynamic proxy, and that your cookies are set for the root domain of your site. Is it possible that they might have some kind of privacy cleaning software like CCleaner configured as a scheduled task that can delete their cookies?

I would climb on one of my computers and drop Firebug onto one of the Firefox machines and check the HTTP requests to see if the cookies were sent correctly.

+1
source share

I would install some http sniffer, for example httpwatch (paid, but worth every penny) or fiddler (free) on these machines and see what happens with session cookies (I think it's PHPSESSID, but not sure). If a cookie is deleted or changes in the middle of a session due to a proxy, a strange apache configuration, or something else, this is the best way to detect it.

+1
source share

I know it's late. But only for those who have the same problem.

[If you encrypt and decrypt your data]

I ran into this problem and paused a bit to figure out what the problem was. He continues to create a new session identifier for the same user. It turns out that the encryption data and the decrypted data do not match. Decrypted data is returned with some additional spaces. Try to check the value of your data when sending and returning from a database or any storage you use.

+1
source share

In my project, the library is used to secure the session. Sometimes I noticed that my session was suddenly destroyed.

https://github.com/ezimuel/PHP-Secure-Session/blob/master/SecureSession.php

First, I want the tone to know what the purpose of this library is, we can also set these parameters from php.ini.

KEY _... a new created that uses this KEY.

When I use print_r inside open (), I get below sample result

 Hqx_SecureSession Object ( [_debug:Hqx_SecureSession:private] => [_key:protected] => 5ò™6žÝ°rIÐß'k Êii07ÀtCzª t@ ü¸"‡ÄCžA¼ÿ£g{IP [_path:protected] => c:\hqp\xampp_1.7.4\tmp\ [_name:protected] => PHPSESSID [_ivSize:protected] => 16 [_keyName:protected] => KEY_PHPSESSID [_cookieParams:protected] => Array ( [lifetime] => 7200 [path] => / [domain] => dev.autoquotes.insurance.com [secure] => [httponly] => 1 ) [_sessionId:protected] => [_logger:Hqx_SecureSession:private] => ) htq827r4rjh9ob05nhlqb8vmd5ai52djb0bd0l42vk9un26df541c:\hqp\xampp_1.7.4\tmp
0
source share

More articles:


All Articles