[thelist] PHP Sessions Problems

Erik Bennett work at erikbennett.com
Thu Sep 23 16:25:57 CDT 2004

I'm at my wits end with a PHP sessions issue and our hosting company has
been absolutely no help. Any help you guys can offer, even if it's just
a 'have you tried this?' would be oh so appreciated. My sad story
follows (I apologize if it seems a little terse at times it's not
directed at you guys at all. This is cut verbatim from our most recent
ticket with the hosting company, after three previous attempts for help
and their answers were 'everyone else is using sessions and not having
any problems...' How helpful of them):

At times, no sessions can be used at all. Anyone who tries to log into
our site is automatically redirected to the login page. This happens
for... oh... 3 hours at a time it seems, then everything is fine again
with no intervention from us. During this time, PHPSESSID will get
appended automatically to all links on the site, something that should
not be happening.

Obviously, something isn't working. There seems to be no rhyme nor
reason as to why this is happening. At times, everything is working
absolutely perfectly, at others _no one_ can get in.

After some digging we found this: "In PHP4, if a cookie can't be set, if
the session times out, or if the connection is lost, PHP will send the
session ID in the URL in order to refresh the session." -

In our mind, something is happening. I don't know if the /tmp folder
where session information is stored is filling up, or what it is, but it
really seems like something is happening to cause our sessions to start

We've already researched some possible solutions. We're using
session_start and all that. (We know it's ok, because at times
everything works perfectly). We're also using _SESSION[] for our
variables, and not using session_register at all. We've added a modified
.htaccess which contains the following:

php_flag session.use_trans_sid Off
php_value session.auto_start "1"
php_value session.use_only_cookies On
php_value session.gc_divisor "20"

Our site currently has about 1650 members, and will grow larger. Is
there anything related to that amount of people having created sessions
at one time or another (or even a few hundred at a time) that might
cause this?

We've found out one more interesting tidbit this afternoon. When a
person logs in, and is able to make it to their "home page" but then
gets a redirect to their login page if they try and go anywhere else, if
they back up to their "home page" and click on logout it will dispaly
that they are not logged in (part of the logout checks that) and then
redirects them to the site's home page. If they log in there, then
everything works fine. The logout part that's part of this is:

   session_unset();// reset session array
   session_destroy();   // destroy session.

I'm at the end of my rope, and hopefully this email isn't too lengthy
(too late) or too muddled (probably too late). Like I said before, any
help, even a "did you do this" is greatly appreciated!


More information about the thelist mailing list