4

We have a PHP app (SilverStripe) on a cPanel LAMP shared hosting server. The CMS user is losing their session every couple of minutes. Here are some session settings based on phpinfo() on the hosting platform:

session.gc_maxlifetime = 0
session.gc_divisor = 100
session.gc_probability = 1
session.save_handler = files
session.save_path = /tmp
session.cookie_lifetime = 0

There is no session management in the PHP code. In fact SilverStripe CMS actually pings the server every 5 minutes to keep the session alive but timeouts are happening way before then.

What could cause this?

Dave
  • 515
  • 5
  • 18

3 Answers3

1

Check out php.ini the value set for session.gc_maxlifetime is the ID lifetime in seconds.

I believe the default is 1440 seconds (24 mins)

http://www.php.net/manual/en/session.configuration.php

Edit: As some comments point out, the above is not entirely accurate. A wonderful explanation of why, and how to implement session lifetimes is available here:

Rohan Khude
  • 4,455
  • 5
  • 49
  • 47
0

It doesn't appear in the documentation but setting session.gc_maxlifetime to 0 means the session will not expire until the browser is closed.

Of course this still doesn't fix the problems associated with the garbage collector doing it's own thing. The best solution to that still appears to be changing session.save_path

Muhammet Arslan
  • 975
  • 1
  • 9
  • 33
0

Internal case CPANEL-12629 is open to address an issue with /scripts/clean_user_php_sessions where sessions older than 24 minutes are always deleted on systems running EasyApache 3 (despite configuring custom session.gc_maxlifetime values). I'll update this thread with more information on the status of this case as it becomes available. In the meantime, the temporary workaround is to edit the following file:

Code:

/usr/local/cpanel/scripts/clean_user_php_sessions
Within the file, change this entry:

Code:

else { my $dirs = Cpanel::PHPINI::get_directives( [ 'session.save_path', 'session.max_lifetime' ], 1, '/usr/local/lib' ); clean_sessions( $dirs->{'session.save_path'}{'value'}, $dirs->{'sessions.max_lifetime'}{'value'} ); }

return 1;

To:

Code:

else { my $dirs = Cpanel::PHPINI::get_directives( [ 'session.save_path', 'session.gc_maxlifetime' ], 1, '/usr/local/lib' ); clean_sessions( $dirs->{'session.save_path'}{'value'}, $dirs->{'session.gc_maxlifetime'}{'value'} ); }

return 1;

Then, exclude this file from cPanel updates with the following command:

Code:

echo '/usr/local/cpanel/scripts/clean_user_php_sessions' >> /etc/cpanelsync.exclude

Remember to edit "/etc/cpanelsync.exclude" to remove this line once we've pushed out an update to address the issue.

Source: https://forums.cpanel.net/threads/php-session-timeout-since-64-0-update.598247/

DJSampat
  • 309
  • 2
  • 8