PHP Session Timing out

[jack5100nv]

I have a script that is storing some info in session variables. However, the sessions timeout rather quickly and abruptly even when I am using the app. I thought as long as you are using the app, the session won't timeout. Is there anyway I can force it to keep the session open as long as the user is using the app?

[p2grace]

The session shouldn't time out if the app is actually switching pages.  If the app being loaded is a flash or java applet, or if it pure ajax, the session doesn't know activity is occurring.  You could lengthen the timeout to avoid this.  What kind of app is it?

[jack5100nv]

Its a PHP App. Its is just storing some info in Session variables while I am jumping from page to page. I am not using Ajax, flash or anthing else, its pure PHP.

[p2grace]

Do you have session_start(); at the top of each page?

[jack5100nv]

Yes, i have session_start(); on top of a page. It is actually one page and I am including other php files in that one page. The main page has all the design and other php pages are being called into that one page for example index.php?page=aboutus  and  index.php?page=contactus  Depening on $page, I include the correct page in index.php and display it. session_start();  is on top of index.php

[p2grace]

Hmm that should work then.  IF you echo out the session_id is it actually changing when you say it times out?

[jack5100nv]

I am echoing the session variable. It works for a few minutes and then all of a sudden i loose the variable. It comes out empty.

[p2grace]

What about the session id though, is it being reset?  If you echo out session_id() while your browsing through the site it should remain the same.  When the other var goes blank, does the session id actually change?  If it doesn't then the session isn't being lost, it's being unset somewhere, that's why I want to do this test.

[PFMaBiSmAd]

If you are on a shared host, some other account has probably set a short session.gc_maxlifetime, thinking they were using that to log someone out.

 

So, if you are on a shared host, you need to set the session.save_path to point to a private folder within your account so that session.gc_maxlifetime that other scripts are using don't delete your session data files.

[jack5100nv]

PFMaBiSmAd , I am using a shared host. It makes sense. How do i set the session.save_path to point to a private folder within my account so that session.gc_maxlifetime that other scripts are using don't delete my session data files?

 

p2grace , I am also going to run the test of session_id to see if it being reset.

[p2grace]

To set session path do the following:

 

Create a folder not accessible via a web url, chown it to apache and chmod it to 777.  Then right above session_start() put session_save_path("path_to_folder");

[jack5100nv]

p2grace, thank you for helping me. I just tested it. The session Id remains the same and I still loose the value for my session variable.

[p2grace]

Hmm that's interesting.  If the session id remains the same then it isn't timing out, something else is taking place.  Does it timeout at the same place each time, or at exactly the same time interval?

 

Did the save_session_path not help?

[jack5100nv]

The session does not loose the value at the same place and not in the same time interval. Its totally random. I haven't tried out the session path yet. Actually I am going to distribute this script on the internet when I am done developing it, so I want to have very few things for my users to configure. Looks like every user will have to configure the path when they install it and I want them to go through as little steps as possible.

 

Could it be that someone else on the shared server is using a session variable with the same name. Could that cause problem? But in this case I should see the value of their session variable when i am echoing it but i just get an empty variable.

[PFMaBiSmAd]

Could it be that someone else on the shared server is using a session variable with the same name.

 

No, sessions don't work that way and if you are asking that, you probably need to read this - http://php.net/session

 

There are two possibilities, your code contains a logic problem that is causing the session to be cleared (we haven't seen your code so that possibility cannot be ruled out) or the session data file is being deleted due to garbage collection running with a short interval on a busy shared host or on non-busy shared host where someone has messed with the session.gc_probability and session.gc_divisor settings in addition to messing with the session.gc_maxlifetime.

 

If the problem is that garbage collection is running frequently with a short lifetime due to some other account on a server, then the only solutions are to change the session.save_path to be a private folder or to use a custom session save handler so that where and how the session data files work is under your control.