On 7 September 2011 11:20, Paul Waring <paul@xxxxxxxxxxxxxxxxxxx> wrote: > I'm having trouble with a PHP website which requires users to be logged in > to access all content other than the home page and a couple of static pages > (about us, contact us etc.). Several users have said they are being logged > out every few minutes whilst using the site - they can login but will be > shown the login form again after a few minutes. I can't confirm this myself > as the site seems to work fine for me - even using the same browser as they > are and under their accounts - but I'm wondering if this could be a problem > with the session settings? > > The current settings I have are: > > session.auto_start Off > session.bug_compat_42 On > session.bug_compat_warn On > session.cache_expire 180 > session.cache_limiter nocache > session.cookie_domain no value > session.cookie_httponly Off > session.cookie_lifetime 0 > session.cookie_path / > session.cookie_secure Off > session.entropy_file no value > session.entropy_length 0 > session.gc_divisor 100 > session.gc_maxlifetime 3600 > session.gc_probability 1 > session.hash_bits_per_character 4 > session.hash_function 0 > session.name PHPSESSID > session.referer_check no value > session.save_handler files > session.save_path /shared/sessions > session.serialize_handler php > session.use_cookies On > session.use_only_cookies Off > session.use_trans_sid 0 > > The only options I have changed from the defaults are gc_maxlifetime, > gc_probability and save_path. There are several sites on the same server, > some are https, others just plain http. They all use the same session > options. session_start() is called once on every page. > > The PHP version we're running is: PHP 5.2.6-1+lenny13 with Suhosin-Patch > 0.9.6.2 (cli) (built: Jul 1 2011 16:01:01). I'm aware it's an old version > before anyone tells me to upgrade (it's the latest stable version in Debian > Lenny). :) > > Potential problems I have already ruled out: > > 1. I don't think it's a browser problem as the users have a variety of > browsers and versions (we log the user agent for each login, they're mostly > IE7/8 on XP/Vista/7 with a few Chrome users), and I can't reproduce the > problem using the same browsers on my machine. > > 2. The server time is correct. > > 3. The sessions aren't stored in a directory which is being regularly > cleared out, such as /var/lib/php5 or /tmp. > > 4. The web server has permission to write to the save_path directory, and I > can see session files being created. > > 5. No output buffering functions are being used. > > Can anyone suggest things which I could try? I cannot work out why this > problem is happening for some users but not me. > > Thanks in advance. > > Paul How do you handle multiple logins? If I login using my laptop and get Session A for my account and then I login using my desktop and get Session B for my account, does Session A get killed? Do you allow multiple, simultaneous logins per account? -- Richard Quadling Twitter : EE : Zend : PHPDoc @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
