Landslyde Posted March 2, 2015 Share Posted March 2, 2015 I don't know how to fix this. In the php.ini, I have sessions set to auto-start, cookie lifetime and session lifetime both set to 5000 seconds. Thing is, even while I'm doing work (on my site) and have a session started, the session still times out after 15 minutes or so. I've been working on displaying an HTML table with MySQL data all night. I can't count the times that I was sent back to the login page because the session had expired. When the user logs in, I set a session var to their memberID. And on the work pages, I check that each time the page loads: <?php if ($_SESSION["memberid"] == "") { header("Location: client.php"); } ?> I'm new to php, so I'm only guessing the session's expiring due to the memberid session var emptying. Being in the middle of work, having a page load new data, only to be sent back to the login screen time and time again. Does anyone know how I can fix this issue? Many thanks for your time. Quote Link to comment https://forums.phpfreaks.com/topic/295009-expiring-sessions/ Share on other sites More sharing options...
mac_gyver Posted March 2, 2015 Share Posted March 2, 2015 have you confirmed that the session settings you have set are actually in effect, using a phpinfo(); statement in a .php script file? are you on shared web hosting and are using the common/default shared session.save_path setting? if so, your session data files are in the common /tmp location and the shortest session.gc_maxlifetime setting of all the scripts running on the shared web server is what controls which files are deleted when session garbage collection runs. if this is the case, you need to set your own session.save_path setting so that your session data files are only affected by your session settings. also, you need an exit; statement after your header(...); redirect statement to prevent the remainder of the code on your page from running. as it is, your 'protected' code still runs every time you page gets requested when you are not logged in, which can cause untended side affects, such as values changing/being cleared, and anyone can still access your protected pages by simply ignoring the header redirect. Quote Link to comment https://forums.phpfreaks.com/topic/295009-expiring-sessions/#findComment-1507231 Share on other sites More sharing options...
Landslyde Posted March 2, 2015 Author Share Posted March 2, 2015 mac_gyver: Thanks for your response. I'll add the 'exit();' as you suggested. As for my hosting, I'm on a VPS, running Virtualmin for my web site. Options for PHP session tracking Session storage mechanism Files Directory for session files Default (/tmp) /home/dfwit/tmp <== Selected Allow use of cookies for session tracking? Yes Always use cookies for session tracking? Yes Cookie lifetime Forever 5000 seconds // Forever in not selected Maximum session lifetime Forever 5000 seconds // Forever in not selected No one else is on my VPS. What else do I need to look for? Something is making the sessions end prematurely. Quote Link to comment https://forums.phpfreaks.com/topic/295009-expiring-sessions/#findComment-1507295 Share on other sites More sharing options...
Solution mac_gyver Posted March 2, 2015 Solution Share Posted March 2, 2015 have you confirmed that the session settings you have set are actually in effect, using a phpinfo(); statement in a .php script file? if the information you posted above is a control panel that's modifying the master php.ini, the settings won't take affect until you stop/start the web server. and you still must check what settings php is actually using by using a phpinfo() statement, as things like syntax errors in the php.ini and the wrong php.ini being used, will cause default php settings to be used, not the ones you have set. Quote Link to comment https://forums.phpfreaks.com/topic/295009-expiring-sessions/#findComment-1507297 Share on other sites More sharing options...
Landslyde Posted March 2, 2015 Author Share Posted March 2, 2015 mac_gyver: have restarted apache again. Here are my settings per phpinfo: session Session Support enabled Registered save handlers files user Registered serializer handlers php php_binary wddx Directive Local Value Master Value session.auto_start On On session.cache_expire 180 180 session.cache_limiter nocache nocache session.cookie_domain no value no value session.cookie_httponly Off Off session.cookie_lifetime 5000 5000 session.cookie_path / / session.cookie_secure Off Off session.entropy_file /dev/urandom /dev/urandom session.entropy_length 32 32 session.gc_divisor 1000 1000 session.gc_maxlifetime 5000 5000 session.gc_probability 1 1 session.hash_bits_per_character 5 5 session.hash_function 0 0 session.name PHPSESSID PHPSESSID session.referer_check no value no value session.save_handler files files session.save_path /home/dfwit/tmp /home/dfwit/tmp session.serialize_handler php php session.upload_progress.cleanup On On session.upload_progress.enabled On On session.upload_progress.freq 1% 1% session.upload_progress.min_freq 1 1 session.upload_progress.name PHP_SESSION_UPLOAD_PROGRESS PHP_SESSION_UPLOAD_PROGRESS session.upload_progress.prefix upload_progress_ upload_progress_ session.use_cookies On On session.use_only_cookies On On session.use_trans_sid 0 0 See anything out of whack? Quote Link to comment https://forums.phpfreaks.com/topic/295009-expiring-sessions/#findComment-1507299 Share on other sites More sharing options...
mac_gyver Posted March 2, 2015 Share Posted March 2, 2015 the settings all look okay. at this point i would suspect either a coding problem (code is running that clears the session) or the host-name/sub-domain name is changing in the url's (with no session.cookie_domain setting, the session id cookie will only match the variation of the domain name where it was set at, so if you are switching around between url's that have and don't have the www. as part of them, the session will alternate and only appear when the requested domain matches where the session was started.) other than obvious coding problems (like missing exit; statements after header() redirects that lets code run that modify session variables or logout code that gets ran just because a page on your site got visited) you will need to debug what's actually going on. you will need to look at the session id cookie in your browser to make sure it is set and what the session id is, echo the session id in your php code, to make sure it matches what's in the session id cookie, and even look at the contents of the session data file, that has the same name as the session id, to see when the data in it gets deleted. also, do you have any sort of session regenerate or session destroy statements in your code that could be messing with the session data? does your login code check if someone is already logged in and skips processing the request and does it check if a form has been submitted? it may be that the browser is requesting the login page, without any form data, thereby not matching any user and clearing the session variables. do you have any sort of ajax based requests going on that could be doing this in the background? edit: btw - the session cookie lifetime only matters if you expect the session cookie to be remembered by the browser when all instances of your browser are closed. the session gc_maxlifetime is the setting that could be causing the problem, in which case the session data file itself will be missing (looking for the actual session data file will help to pin down if the file's being deleted or if code is clearing the session variables.) Quote Link to comment https://forums.phpfreaks.com/topic/295009-expiring-sessions/#findComment-1507302 Share on other sites More sharing options...
Landslyde Posted March 2, 2015 Author Share Posted March 2, 2015 mac _gyver: I'll check all you suggested. Really appreciate your input and advice on what to test, etc. I can tell you now that the only call to a session destroy is by actually clicking 'Logout' on the menubar, taking the user to a logout page that unsets, destroys, the redirects to the index page. No, this is more like the session timing out, or, like you say, the sessionID somehow changing and not matching up with the cookieID. Since I've shown you all my php settings and you see nothing awry, then it sort of boils down to my coding. And that wldn't surprise me. Thanks for your help. Seriously appreciated. Quote Link to comment https://forums.phpfreaks.com/topic/295009-expiring-sessions/#findComment-1507307 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.