> The session data that you store in $_SESSION is written to
> the files in your /tmp dir.
> Are you sure your session files are getting written to that directory?
Yes.
> You are sure those aren't old session files from a previous configuration?
Positive. I wipe the /tmp dir clean. Login to my page (user/pw,
authentication, etc). See the sess_ file created. Delete the file. Reload
the page, and a new sess_ file is created (with a new session ID hash). I
would expect my session to be invalid and force me to login again as I do
this kind of thing at the top of every page in the header:
if ( !is_bool($_SESSION['login']) || $_SESSION['login'] != true )
{
exit("<SCRIPT>location.href='/index.php';</SCRIPT>");
}
> Are you working with a project/site on that box that uses
> custom session handlers?
No.
> Perhaps some of your sites write to that dir, but
> the session in question are getting written to your database.
No.
> If everything you've said is 100% accurate, then I would check for
> Gremlins. The session data only exists in memory or in those session
> files in the /tmp dir.
Yes.
> The symptoms you see could be caused by:
> 1. Starting a session
> 2. Saving data into the $_SESSION super global.
> 3. rm'ing all of the session files.
> 4. Closing your current session.
> --> all done in the same page.
We do write to $_SESSION all the time. For example at the top of each page
we update the timestamp so we know if we should auto logout the user after
10 minutes...
> I am thinking you are killing the first session, rming the
> files, then
> creating a new session. At the end of the page the data that was in
> memory is getting written to the new session file.
Yes. That's what is happening as I said. I don't want it to re-write.
Ironically we used to have this problem with our PHP bug tracking system,
where every few hours or whatever, people would get logged off. Turned out
that some cron was purging all of /tmp. I fear that this 'bug' was 'fixed'
in PHP 5 or something and so in a 'helpful' way, PHP restores the session
from memory. I do NOT want that to happen.
> Regards,
> Mrs. O'Toole
>
> Daevid Vincent wrote:
> > I've noticed a 'feature' that seems to be causing me some pain.
> >
> > When a user logs in, we store various pieces of info and
> their user class in
> > a $_SESSION variables.
> >
> > This includes a flag saying that they've ben authenticated.
> >
> > I would expect that if I 'rm -rf /tmp/sess_*' that the user
> would get
> > prompted to re-login (since the flag is not set).
> >
> > However what actually happens, is that PHP silently just
> re-creates the
> > session with a new unique identifier but with all the same
> data in it. GRRR.
> >
> > How can I force this to NOT happen (either via php.ini or
> via some function
> > or directive call in each page load)?
> >
> > ÐÆ5ÏÐ
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
