PeerBr
Reputation: 705
PHP randomly deletes session
On our PHP site (PHP 5.4.30), users are being logged out due to losing their PHP Session.
How to know the session is lost
session_start();
if (isset($_SESSION['version']) and file_exists($_SESSION['version'] . '/go.php')) {
require $_SESSION['version'] . '/go.php';
}
else {
session_destroy();
header('HTTP/1.0 401 Unauthorized');
header("Location: 401.php");
}
Some investigations
- The majority of users use Google Chrome.
- There are no 404 issues (like favicons).
- No cross-domain files are referenced.
- No pages are likelier than others to lose sessions. Log in again, and the action you were performing in the system works again.
- No PHP configuration is ever modified at runtime.
- There is nothing funny going on in .htaccess (just protection and certain rewrites).
- This only happens in the live environment (CentOS 5.1.1), not on dev machines.
- There are no other blatant problems AFAIK, such as disk full or write errors to /tmp.
php.ini
/tmp
I have checked /tmp on the server and the session file is still there after being logged out
[email protected] [/tmp]# dir -l sess_abcdefb967fc79364a5a773e0157d663
-rw------- 1 si si 565 Apr 3 09:51 sess_abcdefb967fc79364a5a773e0157d663
Headers
A typical pageview results in a header like:
General
Remote Address:123.123.171.111:443
Request URL:https://example.com/mx/TypicalPage
Request Method:GET
Status Code:200 OK
Response Headers
Cache-Control:private
Connection:Keep-Alive
Content-Length:6716
Content-Type:text/html; charset=UTF-8
Date:Fri, 03 Apr 2015 20:43:06 GMT
Expires:Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive:timeout=5, max=100
Pragma:no-cache
Server:Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 PHP/5.4.30
X-Powered-By:PHP/5.4.30
Request Headers
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8,de;q=0.6,pt-BR;q=0.4,pt;q=0.2
Connection:keep-alive
Cookie:PHPSESSID=1234567890abcdef1234567890abcdef
Host:simplement.com.br
Referer:https://example.com/mx/PreviousPage
User-Agent:Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2356.0 Safari/537.36
Upvotes: 2
Views: 844
Answers (1)
Hamid Samak
Reputation: 31
I had the same problem on my new server. It's a common server problem and might be because of a resource shortage.
The problem in my code appeared when trying to redirect user using:
header('Location: ...');
It's something likely the PHP has not finished writing session to handler (mine was files) and header function redirects page.
I have fixed the problem with calling session_regenerate_id and session_write_close functions before redirecting the user.
session_regenerate_id();
session_write_close();
header('Location: ...');
Upvotes: 1
Related Questions
- php session expires randomly after a few minutes
- php $_SESSION variables disappear and reappear randomly
- PHP Session Variable Randomly Unsets
- PHP Sessions Expiring Unexpectedly
- Session unexpectedly lose
- PHP session expiring quickly and randomly
- php loses part of session randomly
- Why does my PHP session keep clearing?
- PHP lose Session Data -> Session Files are deleted too quickly
- Why are my sessions randomly not saving?