Session keeps disappearing (timing out?)

[tibberous]

I have a shopping cart that uses sessions. I keep loosing the session after a little bit of activity.

 

I tried change cookie_lifetime in my php.ini but it is still happening. Any idea how I can prevent this?

[PFMaBiSmAd]

The session.cookie_lifetime setting only affects the time the cookie will be valid when all instances of the browser window/tabs are closed.

 

If you are on a shared web host and are using the default session.save_path setting (you have not deliberately changed it), and you are getting short session 'time outs' (shorter than the default 24 minutes), someone else has probably set a short session.gc_maxlifetime setting in a misguided attempt to get the basic operation of the session garbage collection to do something it is not intended for.

 

To get your session settings to affect only your session data files, you will need to set the session.save_path to be to a 'private' folder within your account's folder tree.

[tibberous]

I'm on a dedicated server. Here is how everything is set:

 

session.save_path = /tmp

; Whether to use cookies.
session.use_cookies = 1

; This option enables administrators to make their users invulnerable to
; attacks which involve passing session ids in URLs; defaults to 0.
; session.use_only_cookies = 1

session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 1440

 

 

[tibberous]

I just set:

 

session.cookie_lifetime = 2592000

 

The number of seconds in a month.

[PFMaBiSmAd]

A) Which php.ini are you changing (the master one requires that you stop and start the web server to get any change to take effect.)

B) Have you confirmed that the settings are actually being changed by using a phpinfo() statement (in case the php.ini that you are changing is not the one that php is using.)

[tibberous]

It is the one at:

 

/usr/local/lib/php.ini

 

Which is the path phpinfo() has for "Loaded Configuration File"

 

I restarted the server after I changed the ini file, if I do phpinfo() it has:

 

session.cookie_lifetime 2592000 2592000

 

Under the session section.

 

Here is all my session data:

session
Session Support 	enabled
Registered save handlers 	files user sqlite
Registered serializer handlers 	php php_binary wddx

Directive	Local Value	Master Value
session.auto_start	Off	Off
session.bug_compat_42	On	On
session.bug_compat_warn	On	On
session.cache_expire	180	180
session.cache_limiter	nocache	nocache
session.cookie_domain	no value	no value
session.cookie_httponly	Off	Off
session.cookie_lifetime	2592000	2592000
session.cookie_path	/	/
session.cookie_secure	Off	Off
session.entropy_file	no value	no value
session.entropy_length	0	0
session.gc_divisor	100	100
session.gc_maxlifetime	1440	1440
session.gc_probability	1	1
session.hash_bits_per_character	4	4
session.hash_function	0	0
session.name	PHPSESSID	PHPSESSID
session.referer_check	no value	no value
session.save_handler	files	files
session.save_path	/tmp	/tmp
session.serialize_handler	php	php
session.use_cookies	On	On
session.use_only_cookies	Off	Off
session.use_trans_sid	0	0

 

I generally use tables and cookies for everything, thought this would be a good application for sessions =/

[PFMaBiSmAd]

session.cookie_lifetime ...

 

As already stated, the session.cookie_lifetime setting would only have an affect on a session if all the instances of the browser have been closed. Since you have not stated under what conditions the problem occurs (browsing to a specific page; sitting idle on a page for a time (and approximately how much time for when it works and when it does not), then refreshing a page or browsing to a different page...) it is not really possible to pin down which of the dozen or so possible things could be causing the problem.

 

Based on the information provided so far, I'll guess you have a log in script that has intentionally set the session.gc_maxlifetime setting to a small value, either in the script or using a .htaccess file that is causing this symptom.