Incorrect page redirection after form submit

Question

I recently got Pair Networks to migrate my app to a new pair server. Since then I noticed the following:

1. Some users with extra permission are no longer able to access those areas they should normally have permission for. They get redirected to the login page which also serves as the Access Denied page.

2. Some pages with forms now redirect users to login.php on submit of the form. Form data are submitted to the db as expected though. I have checked the db and the users are configured correctly. Also, user do not lose session when this happens, as they can click Back and navigate to a different area. I have also had a look at the log files but unable to gather much apart from the HTTP 302 code appearing a number or times to login.php probably describing the redirect to the login page.

Can anyone please suggest what could be responsible for this? Could it be a configuration problem and how can I deal with that? Could it be a conflict in those two servers I don't suppose it's pair's server, as I haven't really encountered similar problems in the past. Any directions will be very much appreciated.

Answer 1

Seams like you are using PHP sessions out of the box, PHP is probably storing temp cookies on a folder that gets cleaned way to often.

If this is the case there is a security risk as the folder is server-shared and your services can be compromised.

A simple way to fix this is to change your session_save_path that can be done in the following fashion:

<?php
session_save_path('/home/example.com/sessions'); // where this a personal directory
ini_set('session.gc_probability', 1);
?>