I want to manage my sessions in another folder than the defined by default.
So I have this in my code :
session_name('domain');
session_save_path($_SERVER['DOCUMENT_ROOT'] .'../sessions/');
ini_set('session.gc_maxlifetime',300);
ini_set('session.gc_probability', 1);
ini_set('session.gc_divisor', 100);
session_start();
The sessions are created by the serveur in the right folder and I connect correctly to the site but the sessions do not die passed the defined maxlifetime, here in the script 300, so 5 minutes.
The sessions are destroyed correctly by session_destroy() but it seems that the server do not destroy them by itself.
Did I miss something ?
I have read most part of the documentation but I can't find the cause.
Any idea ?
Well, in fact that's ok.
If the server do not delete old session files in the new session save folder, that's better cause that forced me to think and finally decide to control the sessions through the script itself.
I define in the script the lifetime of the sessions and if the lifetime is passed, I simply empty the session array and I regenerate the session_id(), deleting automatically the old session_id file (see in php doc, the true parameter in session_regenerate_id() function and I connect again automatically.
I will never have old lost session files in the folder cause the script make the optimum treatment.
:)
Solved
I'm working on a RackSpace server, and I am unable to successfully write cookies or persistent sessions through PHP (I can write javascript cookies just fine).
The cookies are never written at all, and the sessions are never accessible on any page but the one they're written on. I've tried the exact same code on a different server, and it worked just fine -- so I'm assuming it's some kind of configuration issue.
Here's an example:
Sessions
Page 1:
session_start();
$_SESSION['mysession'] = 'hello';
//writes correct value
echo $_SESSION['mysession'];
Page 2:
session_start();
//this dumps 'NULL'
var_dump($_SESSION['mysession']);
Cookies:
//this never gets written.
setcookie($mycookie, $myvalue, time() + (86400 * 30), "/");
Are there any particular server settings I should be looking at?
I ran phpinfo, and see my session.save_path. I tried setting that to 777 just to see if it would help, but it did not.
I'm stumped, and their support couldn't help me. Anyone have any ideas?
Edit:
Upon closer inspection, I can see that the sessions are being written -- I just can't read them.
You can gather more information by creating a php file with content:
<?php phpinfo();
Request this site and search for the session settings.
- Are sessions really enabled?
- Which session save handler is used?
Maybe the session data is not even saved in a file and the error is anywhere else.
I have followed a tutorial to work with sessions using cookies. I have now two issues:
My lifetime session is too short (one or two hours), eventhough I've set the value of session.cookie_lifetime and session.gc_maxlifetime to "1209600"
I try to save sessions into files using:
ini_set("session.save_handler", "files");
session_set_save_handler($session, true);
session_save_path($rel_path . "/sessions");
where $session is the instance of the sessions I've created but not yet started.
Now, this works correctly when I use it locally with XAMPP, but not when I upload the site online. I guess the problem comes from my web host which is www.ovh.com, but I have no idea on how to solve this problem. Any idea or suggestion?
I solved the issue by adding this line of code:
ini_set('session.force_path', 0);
with the other ini_set and session parameters. The session.force_path parameter wasn't visible in the session section when I printed the phpinfo() locally (using XAMPP), while it was on my web hosting service. This also solved my session lifetime issue as it was depending on the existence of the session file.
I'm wondering how PHP detects that a specific session has timed out.
In detail: I'm using the default (file based) session handler, with a default session lifetime and so on. Everything in php.ini is on default.
If now a session is started, PHP does a check (depending non session.gc_divisor and session.gc_probability) if there are any timed out sessions. But from where does get PHP the last session access time from the sessions to check against?
The session file itself contains only the workload, e.g. x|i:1; for a $_SESSION['x'] = 1;, so there is no information about the last session access time.
I think that there are no in-memory information related to session start times as the sessions are still working after a full server restart.
So, where does PHP get the information from? Is it comparing the mtime/ctime of the session file?
PHP's default session handler stores the $_SESSION data in a file using serialize(), in the directory specified by session.save_path. Generally the filename looks something like $filename = 'sess_' . session_id().
Since it's just a file, PHP can use the file's mtime (time of last modification) to determine which session files are stale. Basically it'll grab all the session files whose mtime exceeds the session.gc_maxlifetime value and unlink() them. As you've said, the probability of the cleanup occuring is governed by the session.gc_* ini variables.
Now, if you create your own session handlers with session_set_save_handler(), this is all out the window, and you've now got control over how sessions are stored and cleaned up, but this does explain the default behavior.
since a few hours our server hangs every time you do a session_start.
For testing purposes i created a script which looks like this:
<?php
session_start();
?>
Calling it from the console hangs and it can't even be stopped with ctrl-c, only kill -9 works. The same for calling it via Apache. /var/lib/php/session/ stays empty but permissions are absolutely fine, www can write and also has read permissions for all parent folders.
According to the admins there were no changes made on the server and there is no special code registered for sessions. The Server is CentOS 4 or 5 and yesterday everything was working perfectly. We rebooted the server and updated PHP, but nothing changed.
I've ran out of ideas, any suggestions?
UPDATE
We solved this problem by moving the project to another server, so while the problem still exists on one server there is no immediate need for a solution anymore.
I will keep the question open in case someone has an idea for others having a similar problem in the future, though.
There are many reasons for that, here are a few of them:
A. The session file could be opened exclusively.
When the file lock is not released properly for whatever reason, it is causing session_start() to hang infinitely on any future script executions.
Workaround: use session_set_save_handler() and make sure the write function uses fopen($file, 'w') instead of fopen($file, 'x')
B. Never use the following in your php.ini file (entropie file to "/dev/random"), this will cause your session_start() to hang:
<?php
ini_set("session.entropy_file", "/dev/random");
ini_set("session.entropy_length", "512");
?>
C.
session_start() needs a directory to write to.
You can get Apache plus PHP running in a normal user account. Apache will then of course have to listen to an other port than 80 (for instance, 8080).
Be sure to do the following things:
- create a temporary directory PREFIX/tmp
- put php.ini in PREFIX/lib
- edit php.ini and set session.save_path to the directory you just created
Otherwise, your scripts will seem to 'hang' on session_start().
If this helps:
In my scenario, session_start() was hanging at the same time I was using the XDebug debugger within PHPStorm, the IDE, on Windows. I found that there was a clear cause: Whenever I killed the debug session from within PHPStorm, the next time I tried to run a debug session, session_start() would hang.
The solution, if this is your scenario, is to make sure to restart Apache every time you kill an XDebug session within your IDE.
I had a weird issue with this myself.
I am using CentOS 5.5x64, PHP 5.2.10-1. A clean ANSI file in the root with nothing other than session_start() was hanging. The session was being written to disk and no errors were being thrown. It just hung.
I tried everything suggested by Thariama, and checked PHP compile settings etc.
My Fix:
yum reinstall php; /etc/init.d/httpd restart
Hope this helps someone.
To everyone complaining about the 30 seconds of downtime being unacceptable, this was an inexplicable issue on a brand new, clean OS install, NOT a running production machine. This solution should NOT be used in a production environment.
Ok I face the same problem on 2 PC, 1 is MAC mini XAMPP, 1 is Windows 10 Xampp.
Both is php spent infinity to run session_start(). Both PHP version is 7.x.x
I found that session files is lock to read and write. So that I added code to make PHP read session files and immediately unlock when done with
<?php
session_start([
'read_and_close' => true,
]);
?>
or
<?php
//For PHP 5.x
session_start();
session_write_close();
?>
After this PHP unlock session file => Problems solve
The problem: -
Iv experienced (and fixed) the problem where file based sessions hang the request, and database based sessions get out of sync by storing out of date session data (like storing each session save in the wrong order).
This is caused by any subsequent request that loads a session (simultaneous requests), like ajax, video embed where the video file is delivered via php script, dynamic resource file (like script or css) delivered via php script, etc.
In file based sessions file locking prevents session writing thus causing a deadlock between the simultaneous request threads.
In database based session the last request thread to complete becomes the most recent save, so for example a video delivery script will complete long after the page request and overwrite the since updated session with old session data.
The fix: -
If your ajax or resource delivery script doesnt need to use sessions then easiest to just remove session usage from it.
Otherwise you'd best make yourself a coffee and do the following: -
Write or employ a session handler (if not already doing so) as per http://www.php.net//manual/en/class.sessionhandler.php (many other examples available via google search).
In your session handler function write() prepend the code ...
// processes may declare their session as read only ...
if(!empty($_SESSION['no_session_write'])) {
unset($_SESSION['no_session_write']);
return true;
}
In your ajax or resource delivery php script add the code (after the session is started) ...
$_SESSION['no_session_write'] = true;
I realise this seems like a lot of stuffing around for what should be a tiny fix, but unfortunately if you need to have simultaneous requests each loading a session then it is required.
NOTE if your ajax or resource delivery script does actually need to write/save data, then you need to do it somewhere other than in the session, like database.
Just put session_write_close(); befor Session_start();
as below:
<?php
session_write_close();
session_start();
.....
?>
I don't know why, but changing this value in /etc/php/7.4/apache2/php.ini worked for me:
;session.save_path = "/var/lib/php/sessions"
session.save_path = "/tmp"
To throw another answer into the mix for those going bananas, I had a session_start() dying only in particular cases and scripts. The reason my session was dying was ultimately because I was storing a lot of data in them after a particularly intensive script, and ultimately the call to session_start() was exhausting the 'memory_limit' setting in php.ini.
After increasing 'memory_limit', those session_start() calls no longer killed my script.
For me, the problem seemed to originate from SeLinux. The needed command was chcon -R -t httpd_sys_content_t [www directory] to give access to the right directory.
See https://askubuntu.com/questions/451922/apache-access-denied-because-search-permissions-are-missing
If you use pgAdmin 4 this can happen as well.
If you have File > Preferences > SQL Editor > Options > "Auto Commit" disabled, and you just ran a query using the query tool but didn't manually commit, then session_start() will freeze.
Enable auto commit, or manually commit, or just close pgAdmin, and it will no longer freeze.
In my case it seems like it was the NFS Share that was locking the session , after restarting the NFS server and only enabled 1 node of web clients the sessions worked normally .
Yet another few cents that might help someone. In my case I was storing in $_SESSION complex data with several different class objects in them and session_start() couldn't handle the whole unserialization as not every class was loaded on session_start. The solution is my case was to serialize/jsonify data before saving it into the $_SESSION and reversing the process after I got the data out of session.