tonyfriz

I was able to determine the problem. session.cookie_lifetime needed to be set to 0. After changing that and restarting the fpm, the "random" logouts have stopped.

I'm working with an issue I've been dealing with for months because there're no hints towards what exactly is the problem. Essentially, my PHP session is randomly dying (or so it seems). I've a user authentication system built which is rather simple. I store the user's email in $_SESSION['email'] and their hashed password in $_SESSION['hashed_password']. I'm running nginx 1.14 and PHP 7.4. I have my session lifetime set to 150 seconds (which is not the problem, the session is dying within 1 minute of logging in). I've even changed the session data directory to a custom folder by changing session.save_path. Basically, I login to my system and start randomly clicking around from page to page. After 15-60 seconds, I randomly am kicked out of my system. The page it occurs on too seems random. From logging variables, I see that $_SESSION['email'] and $_SESSION['hashed_password'] are suddenly empty (which I've obviously programmed a response to which is to send the user back to the login page). I'm not calling session_destroy() anywhere. The amount of clicking around required to trigger the sessions's death is unpredictable. It can happen right away or it can take a few moments. I realize I'm not presenting a lot of information but this is really all I have to go on. I've read and reread my user class and there's nothing anywhere that would randomly trigger the session to become destroyed. I've even set $_SESSION['random_int'] to make sure it's not from me logging the user out and that too is empty when this behavior occurs. I appreciate any help.