I have a Web site running on Apache/PHP.
The Web site only uses cookies for storing PHPSESSID.
Some users that uses the Web Side 24/7 sometimes experience that the site does not respond at all. And the only solution is to delete the cookie in the browser.
Any suggestions on what can cause this problem?
Maybe the session is corrupt?
Yes it could happen because of session.
If some long running code locks the session file (maybe just call session_start), then other pages that use session also will be blocked.
Related
Sounds like a basic question, but after hours of research I still have nothing to solve the problem.
I'd like a simple thing: keep users logged in on my website for longer than 24 minutes.
My site runs on an apache server and shared hosting, I do not have access to edit the php.ini file.
Messing around with
(session.gc_maxlifetime)
did not work.
I'm looking for a cookie-based solution at this point - a cookie that is stored on the client side, and is deleted at logout.
So PHP would not destroy the session despite of inactivity if this cookie is present.
Is this possible?
(I'm running a site with long articles, so users may be considered 'inactive' by the server and be logged out when they click for the next article. That's what is happening now.)
I'm a new PHP and jQuery mobile user, and i'm using them to build an smartphone web APP. currently, I'm testing the APP with chrome on the computer and web browser on my sumsang S7526.
I learned, if I learnt correctly, that a PHP session can be auto destroyed if the browser is closed.
I used session_start() in my homepage.php and login.php. I expect that after a user logs in and then closes the browser, the session ends. this does work on my chrome. but it does not on my sumsang.
When I log in and then close my browser on my Samsung, and then I reopen the browser, I'm there still logged in. the session id is the one before.
Even I tried to shut my sumsang and power it on again, the session id is still the same. Why is that?
i tried again. it seems that my samsung browser saves the session cookie by default. including phpsessid. i tried to get the browser close event with $(window).close(). but no luck. is it another event.
thank you guys!
"Session" stored not on your phone - whatever its name.
Its stored on the web-server.
Browser send to the server only id of the session - using different methids. Server identify this id to track this uniq browser "session" and get data from stored session file or another method of session storage.
When you close your browser - server known nothing about it. Ther is some processes on the server - common named GC (garbage collectors) who clean up old expired session files.
Please read Sessions reference
By default PHP stores the session ID in a cookie on the client side. Try to delete ALL cookies (including session cookies).
For more information check Session configuration options.
I have setup a simple user login session as below in the pages of my web app:
if (!isset($_SESSION['username'])){
if (isset($_COOKIE['username'])){
$_SESSION['username'] = $_COOKIE['username'];
}
I started to notice that on some occasions I would loose my login session. I checked the cookie expiry time and that was definitely set for a future date. The behaviour was quite random where sometimes replicating the action would not cause the issue.
Today I discovered that the web servers (x2) are load balanced (clumsy of me to not have picked up on this) and now I suspect the issue spits up when a user sends a request to the 2nd web server where a cookie doesn't exist.
I would have thought when you hit a web server it would maintain a session with it. However the behaviour suggests otherwise.
I have not spoken to the web admin yet. Is there a magic solution the web admin can sort me out with? or is this an implementation problem? If so, any ideas on how I can solve this?
Suggestions are much appreciated.
The cookie doesnt care what backend server handles the request, unless the url changes. If the url changes from www1.xxx.xx to www2.xxx.xx then you could save the cookies with the path included (xxx.xx) and both subdomains will be able to see the cookie.
Another thing that is more likely to go wrong is that the sessions arent shared between both servers. You could use memcached for this.
I have a website (www.mysite.com) with a private backend (www.mysite.com/admin)
When I'm adding content to the site in the admin area and switch back and forth between tabs in the same browser window to see the content I'm editing, my session is getting expired/ended/terminated and I'm redirected to the login page again.
I have used the same code many-many times before on many web sites (this is a CMS I've made by myself) without a problem. The only thing I can think of is that this particular website is hosted on a different web server and maybe it's a matter of a php.ini setting or server configuration. Any ideas?
Have you checked your browser cookies? (the actual client-side ones?) or tried your luck with another browser? It may sound a bit strange, but I had a similar problem and in my case it had to do with these cookies. It may be worth figuring out because of your odd problem. As you might know the phpsession value is stored in that cookie and so is the domain.
Good luck!
This could be a result of several things, but my first instinct is to check and see if the session cookies are expiring very quickly. Sometimes server headers may change expiry values. You may also want to check the cache headers being sent by the server. If you are using asynchronous functionality on the admin area, it is possible that somehow the server is changing the expiry of cached files which could affect this.
I am eager to see the solution to this.
A few things to check:
session.cookie_lifetime setting - Possibly too short; 0 is the default and keeps the cookie until the browser closes
session.cookie_path setting - You'll want this to be '/'
Session storage - Make sure the session data is being written.
Explicitly call session_close() if your sessions are stored in a database. That will ensure they are written before your objects and database resources are destroyed.
If serving through any sort of proxy, check for any changed header information.
If caching, check your dynamic pages (requiring sessions) are being served by your web app and not the cache.
If testing with your local /etc/hosts, first clear your cookies so the new server's cookies are fresh and don't conflict.
Confirm in your browser that the cookie is in fact being stored. Maybe it's not actually coming back in the header.
I had a problem like this before. I was just uploaded a site from my localhost to a remote host, and I haven't change the nameservers yet. The hosting company provided me with a temporary url to be able to see my website. The problem was that this url was like this https://server_name.grserver.gr:8443/sitepreview/http/my_site.gr/, the result was that any browser didn't accepted the session cookie because I didn't had an SSL sertificate so the sessions didn't worked at all. I browsed a little the plesk panel and I found an other temporary url that was using http protocol, with this everything was ok. So if you are using https try to check if you have a problem with your ssl sertificate (for expample if it has expired). You said the problem occurs when you login in the admin page, do you switch then to https?
There could be several reasons. As there is no code or no details about the site provided , I am assuming that the problem might be if you are using htpasswd. If u are using htaccess authentication, then your session gets destroyed.
From experience, I can tell you a few things.
First, sessions need to be started with
session_start();
At the top of every page you want to use sessions.
Next, to save session data, you need to call another function to tell php that you are saving stored data. That function is
Session_write_close();
That function is needed on the bottom of the page when you are finished writing data to a session and want it saved for later use.
With those two combined, that should allow you to properly write to a session, save the data you entered into it, and access it later on your site.
Good luck.
The problem has been found after reading this topic.
I had a custom php.ini in the root dir and apparently it was interfering with the $_SESSION. I don't know why but after deleting it everything works fine.
At first it seemed as if the problem was opening pages located in different sub-folders in several browser tabs however it narrows down to a sub-folders issue and the fact that the $_SESSION wasn't accessible across them.
I'd like to thank everyone that put some time into trying to help me figure this out.
I am experiencing difficulties retrieving a cookie in an environment where the URL is http//somesite.com and the request is sent through a load balancing application and farmed out to various servers. I can set the cookie using setcookie in a PHP script as follows:
setcookie("NameTest", $cookieText, time()+3600, "/");
and a cookie somesite.com is created however when I attempt to read the values back from that cookie on the running system I never find the created cookie. I know there must be a way of doing this but haven’t found anything I can use. Can anyone tell me how to accomplish this function?
This of course works perfectly on a single server without the load balancing routine
Cookies are round-tripped client<->server on every request. If the cookie's not present on subsequent requests, you'll have to figure out why the client isn't sending it. If the load balancer is transparent to the end user, then it shouldn't matter which server is handling the request - the client would've send the cookie regardless. So if it's not being sent, then it's not being set properly in the first place.
Yes you can, because externally the client sees same IP and domain address. But if you need to share SESSION info, you have to use something like memcached or mysql to share session data between nodes.