Jump to content

[SOLVED] Session dropping in admin section


db530

Recommended Posts

I have an admin section to my site, when I log in it will usually work fine for a little while then usually when I try to do something it logs out.

 

I assume it's because it's not seeing the session:

session_start();
if (!isset($_SESSION['ad_logged_in'])){
header("Location:login.php"); //redirects to login
exit(0);
}

 

I don't see anything in the .ini file that would stop it but I don't know much about sessions:

Session Support 	enabled
Registered save handlers 	files user sqlite
Registered serializer handlers 	php php_binary wddx

Directive	Local Value	Master Value
session.auto_start	Off	Off
session.bug_compat_42	On	On
session.bug_compat_warn	On	On
session.cache_expire	180	180
session.cache_limiter	nocache	nocache
session.cookie_domain	no value	no value
session.cookie_httponly	Off	Off
session.cookie_lifetime	0	0
session.cookie_path	/	/
session.cookie_secure	Off	Off
session.entropy_file	no value	no value
session.entropy_length	0	0
session.gc_divisor	100	100
session.gc_maxlifetime	1440	1440
session.gc_probability	1	1
session.hash_bits_per_character	4	4
session.hash_function	0	0
session.name	PHPSESSID	PHPSESSID
session.referer_check	no value	no value
session.save_handler	files	files
session.save_path	/tmp	/tmp
session.serialize_handler	php	php
session.use_cookies	On	On
session.use_only_cookies	Off	Off
session.use_trans_sid	0	0

 

Can anyone PLEASE give me some advice? I think I've got the problem narrowed down but I know very little about sessions so I don't know what to do. Thanks in advance.

I'm guessing your problem lies here: session.cache_expire 180 180

it means that your sessions will expire in 3 minutes. Check the timing see if that's about the time you have to relogin.

 

I don't think that's it although I will have to change that. It's usually only a few seconds. Any other ideas? Thanks for the reply

 

NEW PHP INFO

Session Support 	enabled
Registered save handlers 	files user sqlite
Registered serializer handlers 	php php_binary wddx

Directive	Local Value	Master Value
session.auto_start	Off	Off
session.bug_compat_42	On	On
session.bug_compat_warn	On	On
session.cache_expire	1200	1200
session.cache_limiter	nocache	nocache
session.cookie_domain	no value	no value
session.cookie_httponly	Off	Off
session.cookie_lifetime	0	0
session.cookie_path	/	/
session.cookie_secure	Off	Off
session.entropy_file	no value	no value
session.entropy_length	0	0
session.gc_divisor	100	100
session.gc_maxlifetime	1440	1440
session.gc_probability	1	1
session.hash_bits_per_character	4	4
session.hash_function	0	0
session.name	PHPSESSID	PHPSESSID
session.referer_check	no value	no value
session.save_handler	files	files
session.save_path	/tmp	/tmp
session.serialize_handler	php	php
session.use_cookies	On	On
session.use_only_cookies	On	On
session.use_trans_sid	0	0

The session.cache_expire only determines how long it will be before a page that is using a session will be fetched from the server or gotten out of the cache when that page is requested again. This has nothing to do with how long a session will last, nor does it cause a session to end.

 

A session will exist as long as the browser provides a valid session id to the server, either using a cookie or by a parameter on the end of the URL, and there is a matching session data file present on the server.

 

What usually prematurely ends a session is the garbage collection (GC) routine running on the server and deleting the session data files that are older than the session.gc_maxlifetime setting. On a shared server using the default session save path, the shortest session.gc_maxlifetime setting wins. If some yahoo has set a short value thinking he is going to end sessions to log people out and GC runs, it will delete all the session data files older than session.gc_maxlifetime setting. If it turns out this is what is happening, you will need to set the session.save_path to be to a private folder within your account space.

 

Please define: "when I try to do something". What exactly do you do? Refresh the page you are on? Go to a different page? Does this "something" work correctly for a while and then stop working?

 

And please define: "for a little while". Is it consistently around 24 minutes (the default session.gc_maxlifetime) or does it vary?

The session.cache_expire only determines how long it will be before a page that is using a session will be fetched from the server or gotten out of the cache when that page is requested again. This has nothing to do with how long a session will last, nor does it cause a session to end.

 

A session will exist as long as the browser provides a valid session id to the server, either using a cookie or by a parameter on the end of the URL, and there is a matching session data file present on the server.

 

What usually prematurely ends a session is the garbage collection (GC) routine running on the server and deleting the session data files that are older than the session.gc_maxlifetime setting. On a shared server using the default session save path, the shortest session.gc_maxlifetime setting wins. If some yahoo has set a short value thinking he is going to end sessions to log people out and GC runs, it will delete all the session data files older than session.gc_maxlifetime setting. If it turns out this is what is happening, you will need to set the session.save_path to be to a private folder within your account space.

 

Please define: "when I try to do something". What exactly do you do? Refresh the page you are on? Go to a different page? Does this "something" work correctly for a while and then stop working?

 

And please define: "for a little while". Is it consistently around 24 minutes (the default session.gc_maxlifetime) or does it vary?

 

Thanks for the reply.

 

By trying to do something I mean add a product or a category to the database. I'm pretty sure it's built off of OScommerce. As for a little while, I mean about 10 seconds. Usually happens when I click a link such as add a product it'll start to go for a few seconds then send me back to the log in screen. I have a folder "tmp" on my domain space. I know that's the default though so I guess it could be a folder on the entire server too. Can you tell me specifically how to do this? Thanks again.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.