The session in my application often gets expired.
session_gc_maxlifetime is set to 24 minutes(default);
since my apps is a real time application that basically uses AJAX. Every second my ajax function calls a http request. As far as i know my session should not expire because it always called upon the ajax request.
It works for sometime and getting expired very soon sometimes(about 2-3 minutes of inactivity).
Can anyone help me out in solving this problem. Not only my website but the others website hosted in the same server encountered the same problem.
With Thanks and Regards,
Trez
The session_gc_maxlifetime is basically useless when sessions share location with other hosted sites: PHP does not track which site owns which session file so the site with the shortest session_gc_maxlifetime is likely to remove session data from all sites.
I suggest you enable a directory for your site and set it with the session_save_path() function before calling session_start().
Can you reproduce this problem on a non-production server?
Have you got any scripts which clean out the sessions directory? Have you looked in the sessions directory to see how old the files are?
If you are not the only one with root access, I'd suspect someone else who is, try talking to them.
Related
Sounds like a basic question, but after hours of research I still have nothing to solve the problem.
I'd like a simple thing: keep users logged in on my website for longer than 24 minutes.
My site runs on an apache server and shared hosting, I do not have access to edit the php.ini file.
Messing around with
(session.gc_maxlifetime)
did not work.
I'm looking for a cookie-based solution at this point - a cookie that is stored on the client side, and is deleted at logout.
So PHP would not destroy the session despite of inactivity if this cookie is present.
Is this possible?
(I'm running a site with long articles, so users may be considered 'inactive' by the server and be logged out when they click for the next article. That's what is happening now.)
I have setup a simple user login session as below in the pages of my web app:
if (!isset($_SESSION['username'])){
if (isset($_COOKIE['username'])){
$_SESSION['username'] = $_COOKIE['username'];
}
I started to notice that on some occasions I would loose my login session. I checked the cookie expiry time and that was definitely set for a future date. The behaviour was quite random where sometimes replicating the action would not cause the issue.
Today I discovered that the web servers (x2) are load balanced (clumsy of me to not have picked up on this) and now I suspect the issue spits up when a user sends a request to the 2nd web server where a cookie doesn't exist.
I would have thought when you hit a web server it would maintain a session with it. However the behaviour suggests otherwise.
I have not spoken to the web admin yet. Is there a magic solution the web admin can sort me out with? or is this an implementation problem? If so, any ideas on how I can solve this?
Suggestions are much appreciated.
The cookie doesnt care what backend server handles the request, unless the url changes. If the url changes from www1.xxx.xx to www2.xxx.xx then you could save the cookies with the path included (xxx.xx) and both subdomains will be able to see the cookie.
Another thing that is more likely to go wrong is that the sessions arent shared between both servers. You could use memcached for this.
I'm having the strangest of problems with session variables that disappear.
First things first, Firefox is the only browser on which I see the problem. IE9 and Chrome are working just fine.
Now the context : after being loaded, my page starts performing Javascript XHR on my server every minute to refresh a status. Now, after a certain time (I've seen anywhere between 10 to 30 minutes), the request comes in to my php file, the session is started (with the same session ID as the previous request (same client of course)), but the session variable are all unset !!
Session timeout is at the default 24 minutes but every request updates a $_SESSION['time'] variable to keep the session alive.
So in short, the session should not expire and the proper session ID is traveling across, yet after a (rather random) period of time, the session variable are gone.
Any idea on what could cause that ?
Ok. So I've finally fond the cause of that mysterious problem. Everything is clear now.
My web hosting service was offering me to install a bugbase on my domain which I did.
The bugbase was installed in its own directory and was accessed on http://mydomain.com/bugbase
The catch is that the bugbase was PHP based and so is my actual site.
So because they were both on the same domain (mydomain.com), if I accessed both from the same browser, they would both share the same PHP Session. So logging out from one, would also kill the session of the other.
And voilĂ !!
Once I found that, I could confirm that the problem was seen in any browser where I opened both my site and the bugbase.
I have not tried yet, but the solution to the problem will probably be to install the bugbase on a subdomain.
I have a website (www.mysite.com) with a private backend (www.mysite.com/admin)
When I'm adding content to the site in the admin area and switch back and forth between tabs in the same browser window to see the content I'm editing, my session is getting expired/ended/terminated and I'm redirected to the login page again.
I have used the same code many-many times before on many web sites (this is a CMS I've made by myself) without a problem. The only thing I can think of is that this particular website is hosted on a different web server and maybe it's a matter of a php.ini setting or server configuration. Any ideas?
Have you checked your browser cookies? (the actual client-side ones?) or tried your luck with another browser? It may sound a bit strange, but I had a similar problem and in my case it had to do with these cookies. It may be worth figuring out because of your odd problem. As you might know the phpsession value is stored in that cookie and so is the domain.
Good luck!
This could be a result of several things, but my first instinct is to check and see if the session cookies are expiring very quickly. Sometimes server headers may change expiry values. You may also want to check the cache headers being sent by the server. If you are using asynchronous functionality on the admin area, it is possible that somehow the server is changing the expiry of cached files which could affect this.
I am eager to see the solution to this.
A few things to check:
session.cookie_lifetime setting - Possibly too short; 0 is the default and keeps the cookie until the browser closes
session.cookie_path setting - You'll want this to be '/'
Session storage - Make sure the session data is being written.
Explicitly call session_close() if your sessions are stored in a database. That will ensure they are written before your objects and database resources are destroyed.
If serving through any sort of proxy, check for any changed header information.
If caching, check your dynamic pages (requiring sessions) are being served by your web app and not the cache.
If testing with your local /etc/hosts, first clear your cookies so the new server's cookies are fresh and don't conflict.
Confirm in your browser that the cookie is in fact being stored. Maybe it's not actually coming back in the header.
I had a problem like this before. I was just uploaded a site from my localhost to a remote host, and I haven't change the nameservers yet. The hosting company provided me with a temporary url to be able to see my website. The problem was that this url was like this https://server_name.grserver.gr:8443/sitepreview/http/my_site.gr/, the result was that any browser didn't accepted the session cookie because I didn't had an SSL sertificate so the sessions didn't worked at all. I browsed a little the plesk panel and I found an other temporary url that was using http protocol, with this everything was ok. So if you are using https try to check if you have a problem with your ssl sertificate (for expample if it has expired). You said the problem occurs when you login in the admin page, do you switch then to https?
There could be several reasons. As there is no code or no details about the site provided , I am assuming that the problem might be if you are using htpasswd. If u are using htaccess authentication, then your session gets destroyed.
From experience, I can tell you a few things.
First, sessions need to be started with
session_start();
At the top of every page you want to use sessions.
Next, to save session data, you need to call another function to tell php that you are saving stored data. That function is
Session_write_close();
That function is needed on the bottom of the page when you are finished writing data to a session and want it saved for later use.
With those two combined, that should allow you to properly write to a session, save the data you entered into it, and access it later on your site.
Good luck.
The problem has been found after reading this topic.
I had a custom php.ini in the root dir and apparently it was interfering with the $_SESSION. I don't know why but after deleting it everything works fine.
At first it seemed as if the problem was opening pages located in different sub-folders in several browser tabs however it narrows down to a sub-folders issue and the fact that the $_SESSION wasn't accessible across them.
I'd like to thank everyone that put some time into trying to help me figure this out.
I've been trying to track down some annoying session issues since my webhost upgrade to PHP 5.3.3 awhile back. I've determined that if there is an active session, calling session_start() from a subdirectory kills the existing session. As an example, I start a session and a user logs in to domain.com/index.php then the user navigates to domain.com/members/ which fires start_session() ... the user's session is lost.
I've dug around for this and can't find anything similar. Is there a PHP configuration that would account for this behavior?
Calling session_start() multiple times with that version of PHP shouldn't cause any problems, however there are other possible causes.
One possible explanation is that the client's browser isn't sending the session id back to the server. You can test this out by comparing the session id that both pages produce. Assuming that you have a controlled environment where you can test this properly, you can use session_id() to get the session.
It might also be that the user is hitting a different webserver. Since (by default) PHP stores sessions to disk, there is no way for multiple servers to share the session information. If this is a shared host, it's probably quite unlikely this is the cause. You can test this out however by using phpinfo(). It should give you enough information to determine if it's the same server or not. For multi-server systems, I'd look at storing sessions in memcache or mysql.
if your sessions works all right within the same directory (it is unclear from your question), there is the only possible reason for such a behavior, a pretty obvious one: "directory" cookie parameter.
It seems it is set to somewhat unusual value, other than default "/" for the session cookie parameter.
You have to check it out.
Anyway, it is almost useless to try ANY session/cookie related problem without an HTTP interchange log.
You have to use some HTTP sniffer, like LiveHTTPHeaders Firefox addon to see what cookie header was sent by the server and which one was returned by client.
Otherwise it's all going to be shooting in the dark.
Okay, as it seems from your yonder comment, the session id remains the same, so, no HTTP issue can be a reason. The issue become a kinda tricky to spot.
Could you please post your test script here?
I've spent quite a long time searching, trying, testing for what looked like the same problem. As google kept sending me here, I think sharing the solution might help others (though I feel strange posting on a 2011 question):
Session variables set in /bar.php were not set in /foo/foobar.php.
It realised that the issue had nothing to do with folder/subfolder when I finally found out that the link in http://www.example.com/bar.php was pointing to http://example.com/foo/foobar.php (missing www).
Correcting the URL in the html link solved the problem. Having no time to dig deeper, what I can figure out is that (in my config) Apache makes no difference and serves pages indifferently with and without www, whereas PHP doesn't share the session between what it considers being two different domains, example.com and www.example.com.
Is there a PHP configuration that would account for this behavior?
Yes, if the storage for the session data differs between those calls, the $_SESSION content will differ as well. The storage can be configured, see http://php.net/manual/en/session.configuration.php for all configuration options you have with sessions.
Next to that if PHP is unable to read the session store, you will get an empty array as well.
I can't tell you if this is the issue with your problem, but probably it's helpful.
BTW, calling session_start() and than having an empty $_SESSION is commonly a sign that a new session has been created. You can verify this if you use cookies for your sessions and you output headers_listDocs:
echo '<pre>', var_dump(headers_list());
If it contains a new cookie for the session, the session has been created with this request.
Lots of good suggestions here. Thanks everyone. I spent a good chunk of the weekend digging into this and wasn't able to directly resolve it. I ended up demonstrating to my webhost that this problem happens on two of his hosted sites and doesn't happen in a default install of PHP. To work around the problem, I ended up moving all of my login and session logic into a single class.
Wanted to share another answer, found in this SO: Session variables not accessible in subdirectory answered by clayRay.
My answer was that I had a custom "php.ini" file saved in the root directory, and moving those directives into ini_set() calls solved it. You could also shove those over to .htaccess if your host allows.