Cakephp 2.x Session expire very soon

Question

On My Site User logout before session expire time. I am currentlty using Cakephp 2.8. It works well on local but not on server. I host my site on BigRock I tried so hard I could not find reason behind this.

In config/code.php

Configure::write('Session', array(
    'defaults' => 'php',
    'timeout' => 43200 // 30 days
));

And below is Chrome cookie storage snapshot

Answer 1

his issue happens due to load-balancers routing requests to different servers and servers being configured to store session data in local storage/cache mechanism to the single servers.

When a server receives request with a session id that was assigned by a different server, it will not recognize the session id as it is missing in its local session storage/cache. Hence, it will send a 401 - Unauthorized header for the client to re-authenticate.

The solution for this can be implemented in two layers:

• In the networking layer by configuring "sticky sessions" in the load balancers.
• In the application layer by configuring session storage to be shared between the different application servers (i.e. as @50ShardsOfGray suggested to use a redis/memcached cache or database for having a shared session storage).

Both these solutions have their advantages as well as disadvantages, with the main disadvantage being loss of flexibility. This is one of the reasons that micro-service architectures are using exclusively jwt tokens for authentication and authorization.

IMHO which layer you decide to implement will depend on performance and effort requirements to implement the change. As I see it, you could easily change the app configuration to store sessions in the database (although cache is far more preferred) but there would definitely be a performance hit.

Answer 2

i ran into the same issue since the servers used load balancing. When changing the host, the session was lost. Did you contact BigRock already?

You can put the session into database or redis/memcached to solve this issue.