I'm having trouble with a PHP website which requires users to be logged
in to access all content other than the home page and a couple of static
pages (about us, contact us etc.). Several users have said they are
being logged out every few minutes whilst using the site - they can
login but will be shown the login form again after a few minutes. I
can't confirm this myself as the site seems to work fine for me - even
using the same browser as they are and under their accounts - but I'm
wondering if this could be a problem with the session settings?
The current settings I have are:
session.auto_start Off
session.bug_compat_42 On
session.bug_compat_warn On
session.cache_expire 180
session.cache_limiter nocache
session.cookie_domain no value
session.cookie_httponly Off
session.cookie_lifetime 0
session.cookie_path /
session.cookie_secure Off
session.entropy_file no value
session.entropy_length 0
session.gc_divisor 100
session.gc_maxlifetime 3600
session.gc_probability 1
session.hash_bits_per_character 4
session.hash_function 0
session.name PHPSESSID
session.referer_check no value
session.save_handler files
session.save_path /shared/sessions
session.serialize_handler php
session.use_cookies On
session.use_only_cookies Off
session.use_trans_sid 0
The only options I have changed from the defaults are gc_maxlifetime,
gc_probability and save_path. There are several sites on the same
server, some are https, others just plain http. They all use the same
session options. session_start() is called once on every page.
The PHP version we're running is: PHP 5.2.6-1+lenny13 with Suhosin-Patch
0.9.6.2 (cli) (built: Jul 1 2011 16:01:01). I'm aware it's an old
version before anyone tells me to upgrade (it's the latest stable
version in Debian Lenny). :)
Potential problems I have already ruled out:
1. I don't think it's a browser problem as the users have a variety of
browsers and versions (we log the user agent for each login, they're
mostly IE7/8 on XP/Vista/7 with a few Chrome users), and I can't
reproduce the problem using the same browsers on my machine.
2. The server time is correct.
3. The sessions aren't stored in a directory which is being regularly
cleared out, such as /var/lib/php5 or /tmp.
4. The web server has permission to write to the save_path directory,
and I can see session files being created.
5. No output buffering functions are being used.
Can anyone suggest things which I could try? I cannot work out why this
problem is happening for some users but not me.
Thanks in advance.
Paul
--
Paul Waring
http://www.phpdeveloper.org.uk
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
