[thelist] PHP Sessions Problems

Richard Harb rharb at earthling.net
Thu Sep 23 18:44:39 CDT 2004 

-----Original Message-----
From: Erik Bennett
Sent: Thursday, September 23, 2004, 11:25:57 PM
> I'm at my wits end with a PHP sessions issue and our hosting company has
> been absolutely no help. 

On http://www.php.net/manual/en/ref.session.php On there are some words of caution given on the topic of using MM shared memory management ... Maybe your hosting company does just that?


> Any help you guys can offer, even if it's just
> a 'have you tried this?' would be oh so appreciated. My sad story
> follows (I apologize if it seems a little terse at times it's not
> directed at you guys at all. This is cut verbatim from our most recent
> ticket with the hosting company, after three previous attempts for help
> and their answers were 'everyone else is using sessions and not having
> any problems...' How helpful of them):

> __
> At times, no sessions can be used at all. Anyone who tries to log into
> our site is automatically redirected to the login page. This happens
> for... oh... 3 hours at a time it seems, then everything is fine again
> with no intervention from us. During this time, PHPSESSID will get
> appended automatically to all links on the site, something that should
> not be happening.

> Obviously, something isn't working. There seems to be no rhyme nor
> reason as to why this is happening. At times, everything is working
> absolutely perfectly, at others _no one_ can get in.

> After some digging we found this: "In PHP4, if a cookie can't be set, if
> the session times out, or if the connection is lost, PHP will send the
> session ID in the URL in order to refresh the session." -
> http://lists.evolt.org/archive/Week-of-Mon-20010611/034652.html

> In our mind, something is happening. I don't know if the /tmp folder
> where session information is stored is filling up, or what it is, but it
> really seems like something is happening to cause our sessions to start
> failing.

If hard disk space is rather limited on your /tmp drive you could change which folder the session files get written to. It's a simple 
    ini_set('session.save_path', '/path/to/dir');  
as you are undoubtedly know.

Or you could write session information to a database (although it might slightly affect performance). It's easy to set up...


> We've already researched some possible solutions. We're using
> session_start and all that. (We know it's ok, because at times
> everything works perfectly). We're also using _SESSION[] for our
> variables, and not using session_register at all. 

I'm doing that as well - works as advertised :)

>We've added a modified
> .htaccess which contains the following:

> --code--
> php_flag session.use_trans_sid Off
> php_value session.auto_start "1"
> php_value session.use_only_cookies On
> php_value session.gc_divisor "20"
> --code--

> Our site currently has about 1650 members, and will grow larger. Is
> there anything related to that amount of people having created sessions
> at one time or another (or even a few hundred at a time) that might
> cause this?

> We've found out one more interesting tidbit this afternoon. When a
> person logs in, and is able to make it to their "home page" but then
> gets a redirect to their login page if they try and go anywhere else, if
> they back up to their "home page" and click on logout it will dispaly
> that they are not logged in (part of the logout checks that) and then
> redirects them to the site's home page. If they log in there, then
> everything works fine. The logout part that's part of this is:

I've had a website at some shared hosting environment and had similar problems: Users lost their session information without any reason I could discern. I used error_reporting(E_ALL) and didn't have a single error/notice and it worked perfectly well on other machines.
I tried everything apart from hacking into the server to take a look at the config files myself.
And I couldn't get it fixed within the application - as there was nothing wrong with it. After moving to a server I set up the problem ceased to exist.


> --code--
>    unset($_SESSION['UserName']);
>    unset($_SESSION['Password']);
>    session_unset();// reset session array
>    session_destroy();   // destroy session.
> --code--

> I'm at the end of my rope, and hopefully this email isn't too lengthy
> (too late) or too muddled (probably too late). Like I said before, any
> help, even a "did you do this" is greatly appreciated!

I realize my email might not help you at all.
However, if the hosting company is no help, maybe it might be time to change - or, if the site is a huge success, get your own server?

Or maybe some of the cracks over on the php-general list might be able to actually offer some advice. A couple of them really know what they are doing.

/Richard

More information about the thelist mailing list