Yii session data not retained for CCaptcha

Question

Is there anything special you need to do to enable sessions in Yii?

I'm having trouble using Yii's CCaptcha package. The ultimate problem I'm having is that that captcha validation fails every time because the previous captcha string isn't retained between pageviews. Everything works fine on my local environment but fails on the production servers.

I've traced everything back to the session.

If I clear my cookies, I can see the PHPSESSION cookie being set, so PHP is doing its job.

But if I put this code into the page...

$session=new CHttpSession;
$session->open();
header("X-Session: " . $session['testval']. ' at ' . time());
$session['testval'] = time();

...I get this result on my (working) development server:

• Page view 1: X-Session: at 1341416149
• Page view 2: X-Session: 1341416149 at 1341416152
• Page view 3: X-Session: 1341416152 at 1341416163

But on the production server I get this:

• Page view 1: X-Session: at 1341415456
• Page view 2: X-Session: at 1341415518
• Page view 3: X-Session: at 1341415530

So clearly the session data is not being retained. Any ideas?

Answer 1

It's not because the "savePath" variable ... it's because you set a custom sessionName without spaces. Yii by default generates the session name as "name-of-project" + {space} + "session" (p.e. "project session")

Answer 2

I hate answering my own question, but in my case the problem was that the CHttpSession configuration was incorrect on the production server. I'm not sure where savePath was pointing to, but when I explicitly set it to /tmp I could see the session data getting preserved across page views. This is what I ended up using in my /protected/config/main.php:

// application components
'components'=>array(
    'session'=>array(
        'autoStart'=>true,
        'sessionName'=>'session',
        'savePath'=>'/tmp', // this is the default, but still needs to be explicitly set
        'timeout'=>1440
    ),
    ...