4

I got stuck in a $_SESSION problem, while $_SESSION is randomly losing its data.

I have a form with different pages and the user has a specific amount of time to get through all pages.

So I set a session variable on the first page and check it on the others.

start.php

 <?php
    session_start();  

    //Set Variable for Starting application
    if (!isset($_SESSION['STARTED'])){
        $_SESSION['STARTED'] = time();
    }

app_init.php

<?php
session_start();

if ((!isset($_SESSION['STARTED'])) || (time() - $_SESSION['STARTED'] > MAX_TIMELIMIT)) {
    echo '<!-- st: '.$_SESSION['STARTED'].'-->';
    // Started Variable is not set or timelimit is over.
    session_destroy();   // destroy session data in storage
    session_unset();     // unset $_SESSION variable for the runtime
    showTimeout('0');   //  show timeout
}

Start of the pages afterwards:

<?php

// get basic settings for applications 
require_once (MODEL_PATH.'/app_init.php');

The whole system works very fine on local installation, Developmentserver and Testserver. On Productionserver I get a timeout at different times. It differs from 30 seconds to 10 minutes. MAX_TIMELIMIT is 20 minutes. $_SESSION['STARTED'] is always empty in that case. On the other environments it is correctly set, even if the timeout shows up after the 20 minutes.

Additonal info:

  • It doesn't matter if I try to reach the next page or if I simply reload the actual page, I always get the timeout.
  • I already checked php.ini on any environment -> session.save_path is correctly set, session.cookie_lifetime is 0 and session.gc_maxlifetime is 1440
  • Diskspace is fine (> 22 GB free)
  • Every File is on the same server and has the same url (except the last part wich specifies the step of the form. Looks like this:
    host/some/path/calc -> host/some/path/form -> host/some/path/summary -> host/some/path/send
  • The session is set on the calc page and the timeout can happen on every page (calc, form, summary)
  • I got the php.ini from production server and took it into my local workspace. After changing some paths (extensions-path, session.save_path, tmp-path) it worked very well on my local installation.
  • Protocol is an all pages the same
  • To recreate the session (via $tmp and session_destroy(), session_create()) did not help
  • Single Frontend, no Loadbalancer (simply one apache)
  • Session Files are deleted somehow

After adding some outputs and retesting, I get the following:

  • I load the Page (first step)
  • I go through the form to any step (calc / form / summary)

  • when the page is loaded $_SESSION is

    array ( 'STARTED' => 1338298801, 'S_SID_' => '41554681145546', 'S_LC_' => 'de', 'version_testing' => 1, )

  • I reload that page every thirty seconds

  • at least after 3 minutes (could also be 30 seconds) I get the timeout and $_SESSION is:

    array ( )

  • if I try this on the first page, i get a new value in $_SESSION, as the sessiondata is empty and automaticly new set.

  • to Remember: On Test / Dev Environment, the sessiondata is still there, even the timeout occurs after 20 minutes.

  • changing session.save_path first seemed to work (sessions last at least 24 minutes). But after one hour, still the same problem. No session lasts more then 4 minutes.

Problem found (but no solution yet)
Today I got Access to Production-Server and I found out, the folder with Session-Data is cleaned up after 3-5 minutes. No file there has a timestamp older than 3 minutes. As mentioned before, PHP is correctly set (GC lifetime), and I didnt found any windows job, or something similar what is deleting these files. As PHP.ini is set correctly, I'll try to handle the session via database.

Thanks for help

Kelzama
  • 107
  • 1
  • 11
  • 1
    make sure that the production server has all the settings set about holding a session. You are using a hosting or dedicated server? – badc0re May 25 '12 at 11:55
  • How are you storing your sessions? Database, file or memcache? – Ray May 25 '12 at 12:33
  • Hi, This is a dedicated Server. We are storing the sessions in Files, and the Settings are all set. (As far as I have seen this) – Kelzama May 26 '12 at 20:36
  • Are you switching between protocols e.g. http and https? – Del Pedro May 29 '12 at 05:59

3 Answers3

3

What worked in this specific situation:

Another website was hostet on the same server but in a different virtual host. This website used an "init.php" which was called on every request. It contained a line which set the gc_maxlifetime to 0 and started a session afterwards. So randomly at some request all sessiondata was cleared by that second website.

On Test and Dev it was not a problem, as these two environments are not that much used...

Kelzama
  • 107
  • 1
  • 11
1

It's a common behavior I've seen multiple times when a PHP website is hosted on multiple frontend with a load balancer. As PHP store sessions on the filesystem by default, depending on which front you are, you have one or another session started.

The easy solution is to store your sessions to database, and even if I'm wrong about the load balancer, you should try to read the session data directly on the filesystem, checking what happends exactly (is PHP removing data? Is the data still here but another session token is generated? etc...).

Damien
  • 5,872
  • 2
  • 29
  • 35
0

At first glance (without more information), it would seem that maybe your session was started before the time should have actually been started. This would without a doubt cause this problem. If that could be the issue, try this.

$tmp = $_SESSION;
session_destroy();
session_start();
$_SESSION = $tmp;
$_SESSION['started'] = time();

Also, if you are visiting a subdomain or the like, your session wouldn't exist there. It only exists for the exact domain which it was on when it was set.

Giving a little more info might help as well. Urls of pages where the problem exists. Add a few var_dump($_SESSION) on pages and see what it outputs as you step through. When you notice a change, figure out where and why it changed.

Austin Haskew
  • 364
  • 1
  • 8