Session Hell

[sixguncynic]

Short version of my question is going to be "why are my session variables vanishing?"

 

[ START not important Stuff ]

 

My (simplified) site layout looks like login_page.php ->page1.php->page2.php

login_page.php connects to mysql, to check login/pwd, and, if valid, sets the _SESSION id's/other credentials and then redirects to page1.php. page1.php has link to page2.php.  Both page1 and page2 check against (require_once) an auth.php (authorization) and redirect to login_page.php if not logged in.

The auth.php file has the structure:

 

session_start();

if(!isset($_SESSION['SESS_USER_ID'])||  other parameters){

//code

}

 

page2 has an AJAX load that pulls in a php file that includes various content (XML,text,.htm,etc.) That php file also requires auth.php

 

All of these things work.

 

[ END not important stuff ]

 

[start important part]

Everything works. Session variables persist and are readable/accessible via all pages, as well as a Debug link (pop window that echos the $_SESSION vars.)

UNLESSS the user is inactive for more than a minute or two; At which point the session variables vanish.

 

Again, I can log in, Set the session variables, load multiple pages via AJAX (all of which are checked against the session variables...which means they have to exist) and generally everything works as expected. However, if I stop navigating/interacting with the site for more than a minute, or so, the session variables vanish (user id / other user credentials) and the I'm kicked back to the login the next time I click a link.

 

There is nothing but the initial mysql login that writes to the session variables. No code, on any other page, does anything but read the session.

 

My php ini file appears to have the correct location for my session.save_path.

The garbage collection is the defualt 1440

and the cache_expire is also the default 180

 

I'm hosted with fatcow (starting to regret that) with Debian/Apache/php5

 

Oh and, this happens on every browser on Linux, Mac, and Windows. But it doesn't seem to occur if I run it locally from xampp/lampp.

 

I'm at a total loss as to ideas for my next debugging step and any suggestions would be much appreciated.

 

[sixguncynic]

I may have found a solution to my problem... but it is ugly and if anyone has a better idea I'd love to hear it.

 

I guessed that the problem might be the internet connection (visiting friends and their connection is terrible.) I figured that maybe the client/server connection is timing out and that the server thinks the _SESSION is over and was clearing it.

 

So on that note I stuck in some javascript on the offending page that looks like:

 

function live(){

  l=the_ajax_load_function_I_use("blank.php");

  live_timer=setTimeout("live()",10000);

}

window.onload = function(){

//otherstuff

live();

}

 

In other words, I call my ajax loader which reads a php file off the server, that returns null, every ten seconds. Thus the connection to the server is kept 'live.'

 

And yes, this actually seems to work.

 

Now... this seems to be an edge case for really crappy connections, but it shouldn't be necessary and I'd rather not use it. Short of using cookies, can anyone point me to a better way of doing this?

[PFMaBiSmAd]

What does a phpinfo(); statement show for the actual session.save_path and session.gc_maxlifetime settings? Is the session.save_path the common /tmp folder that all the accounts running on the server use or it is set to a 'private' folder within your account's folder tree?

[sixguncynic]

Good call...

 

session.save_path is "no value"...even though I know it is set in the php.ini per my host's spec. (fatcow... really beginning to regret that choice.) Everything else is as expected.

 

I'd already tried a "session_save_path(path that fatcow says is correct)" above all session_start(); (prior to my current work around) and that didn't seem to help... sooo.

 

Well at least I know what part of the problem is.

 

Thank you.