Re: PHP sessions expiring early

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 7 September 2011 11:20, Paul Waring <paul@xxxxxxxxxxxxxxxxxxx> wrote:
> I'm having trouble with a PHP website which requires users to be logged in
> to access all content other than the home page and a couple of static pages
> (about us, contact us etc.). Several users have said they are being logged
> out every few minutes whilst using the site - they can login but will be
> shown the login form again after a few minutes. I can't confirm this myself
> as the site seems to work fine for me - even using the same browser as they
> are and under their accounts - but I'm wondering if this could be a problem
> with the session settings?
>
> The current settings I have are:
>
> session.auto_start      Off
> session.bug_compat_42   On
> session.bug_compat_warn On
> session.cache_expire    180
> session.cache_limiter   nocache
> session.cookie_domain   no value
> session.cookie_httponly Off
> session.cookie_lifetime 0
> session.cookie_path     /
> session.cookie_secure   Off
> session.entropy_file    no value
> session.entropy_length  0
> session.gc_divisor      100
> session.gc_maxlifetime  3600
> session.gc_probability  1
> session.hash_bits_per_character 4
> session.hash_function   0
> session.name    PHPSESSID
> session.referer_check   no value
> session.save_handler    files
> session.save_path       /shared/sessions
> session.serialize_handler       php
> session.use_cookies     On
> session.use_only_cookies        Off
> session.use_trans_sid   0
>
> The only options I have changed from the defaults are gc_maxlifetime,
> gc_probability and save_path. There are several sites on the same server,
> some are https, others just plain http. They all use the same session
> options. session_start() is called once on every page.
>
> The PHP version we're running is: PHP 5.2.6-1+lenny13 with Suhosin-Patch
> 0.9.6.2 (cli) (built: Jul  1 2011 16:01:01). I'm aware it's an old version
> before anyone tells me to upgrade (it's the latest stable version in Debian
> Lenny). :)
>
> Potential problems I have already ruled out:
>
> 1. I don't think it's a browser problem as the users have a variety of
> browsers and versions (we log the user agent for each login, they're mostly
> IE7/8 on XP/Vista/7 with a few Chrome users), and I can't reproduce the
> problem using the same browsers on my machine.
>
> 2. The server time is correct.
>
> 3. The sessions aren't stored in a directory which is being regularly
> cleared out, such as /var/lib/php5 or /tmp.
>
> 4. The web server has permission to write to the save_path directory, and I
> can see session files being created.
>
> 5. No output buffering functions are being used.
>
> Can anyone suggest things which I could try? I cannot work out why this
> problem is happening for some users but not me.
>
> Thanks in advance.
>
> Paul

How do you handle multiple logins?

If I login using my laptop and get Session A for my account and then I
login using my desktop and get Session B for my account, does Session
A get killed?

Do you allow multiple, simultaneous logins per account?



-- 
Richard Quadling
Twitter : EE : Zend : PHPDoc
@RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux