I'm using a Laravel 4.1 app on Apache, and everything is working fine on my local dev machine, but on my staging machine (which is on a shared host) users are randomly getting logged out and prompted to enter their credentials again.
The relevant settings:
app/config/session.php:
<?php
return array(
'driver' => 'file',
'lifetime' => 120,
'expire_on_close' => true,
'files' => storage_path().'/sessions',
'connection' => null,
'table' => 'sessions',
'lottery' => array(2, 100),
'cookie' => 'laravel_session',
'path' => '/',
'domain' => null,
'secure' => false,
);
- using Laravel's default authentication driver
- php.ini:
- gc_maxlifetime=1440
- gc_probability=1
- gc_divisor=100
This does not seem to be the same as the issue some others have experienced here. The session file is not getting cleared by php. Just a few of the session variables are getting dropped randomly.
I tail -F'd the session file and could see when the variables are getting dropped between one request and the next. It looks like this (formatted for easier reading) before:
a:4:{
s:5:"flash";a:2:{s:3:"old";a:0:{}s:3:"new";a:0:{}}
s:6:"_token";s:40:"hvuw9VWWjssSwUL2C5eVSn0qZ2g1cwVF5YCEsLG7";
s:38:"login_82e5d2c56bdd0811318f0cf078b78bfc";i:2;
s:9:"_sf2_meta";a:3:{s:1:"u";i:1399318721;s:1:"c";i:1399318011;s:1:"l";s:1:"0";}}
and after:
a:3:{
s:6:"_token";s:40:"7o3b6NhiuDKXq4ftvngUefqe6cWybX1tzPEcDaxk";
s:9:"_sf2_meta";a:3:{s:1:"u";i:1399318721;s:1:"c";i:1399318721;s:1:"l";s:1:"0";}
s:5:"flash";a:2:{s:3:"old";a:0:{}s:3:"new";a:0:{}}}
The login_ session is gone, which results in Laravel's Session class assuming the user is not authenticated. I am not sure why this session variable is getting dropped, though. None of Session::forget, ::clear(), ::remove() or ::invalidate() are being called on the login session variable as far as I can tell.
I also noticed that the _token variable is constant between requests until the moment when the issue arises at which point it changes, as you can see above.
Any idea what's going on here?
