Jump to content

Recommended Posts

I'm working with an issue I've been dealing with for months because there're no hints towards what exactly is the problem.

Essentially, my PHP session is randomly dying (or so it seems). I've a user authentication system built which is rather simple. I store the user's email in $_SESSION['email'] and their hashed password in $_SESSION['hashed_password']. I'm running nginx 1.14 and PHP 7.4. I have my session lifetime set to 150 seconds (which is not the problem, the session is dying within 1 minute of logging in). I've even changed the session data directory to a custom folder by changing session.save_path.

Basically, I login to my system and start randomly clicking around from page to page. After 15-60 seconds, I randomly am kicked out of my system. The page it occurs on too seems random. From logging variables, I see that $_SESSION['email'] and $_SESSION['hashed_password'] are suddenly empty (which I've obviously programmed a response to which is to send the user back to the login page). I'm not calling session_destroy() anywhere. The amount of clicking around required to trigger the sessions's death is unpredictable. It can happen right away or it can take a few moments.

I realize I'm not presenting a lot of information but this is really all I have to go on. I've read and reread my user class and there's nothing anywhere that would randomly trigger the session to become destroyed. I've even set $_SESSION['random_int'] to make sure it's not from me logging the user out and that too is empty when this behavior occurs.

I appreciate any help.

Link to comment
https://forums.phpfreaks.com/topic/312707-php-session-randomly-dying-nginx/
Share on other sites

are there any ajax requests being made to a page that is also using session variables? what if any is the 'logout' code? can the logout code be reached by any other code not die'ing after a redirect?

the quickest way of eliminating a lot of guessing is to just post the code, so that the problem can be narrowed down to just a few things that can be investigated further.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.