I'm having trouble with a PHP site whereby some users are being logged
out on a regular basis. This will usually happen after they have been
using the site for a few minutes, they can login without any problems
and access a few pages, but then suddenly they will request a page and
be sent to the login form, which suggests that their session no longer
exists. However, this doesn't affect all users - I can login and use the
application without any problems, as can some other users.
According to phpinfo(), the following session values are set (all are
what I'd expect - either the default or something I've deliberately
changed):
session.auto_start = Off
session.bug_compat_42 = On
session.bug_compat_warn = On
session.cache_expire = 180
session.cache_limiter = nocache
session.cookie_domain = no value
session.cookie_httponly = Off
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_secure = Off
session.entropy_file = no value
session.entropy_length = 0
session.gc_divisor = 100
session.gc_maxlifetime = 1440
session.gc_probability = 1
session.hash_bits_per_character = 4
session.hash_function = 0
session.name = PHPSESSID
session.referer_check = no value
session.save_handler = files
session.save_path = /shared/sessions
session.serialize_handler = php
session.use_cookies = On
session.use_only_cookies = Off
session.use_trans_sid = 0
I've tried checking a few obvious things:
* IP addresses - the site doesn't use the IP address as part of the
authentication process, and almost all our users (including the ones
experiencing problems) have static IP addresses anyway.
* Number of sessions - there are between 40-60 session files on disk at
any one time, so I doubt there's a "maximum number of session files"
limit being broken, if such a configuration option exists.
* Permissions - the web server user (www-data) has read/write
permissions to the directory where the sessions are stored and all the
files within it, and they are all owned by this user.
Is there anything else obvious which could be causing the problem? This
seemed to occur when we moved hosts, and I haven't changed the site's
session handling code for some time, so I suspect it might be a
configuration issue but can't figure out what.
Thanks,
Paul
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
