...

View Full Version : Problems with session



XmisterIS
01-03-2012, 11:22 AM
Sometimes I get weird problems with sessions in my development code (i.e. not live code, just the development code on my local server).

For example, if the browser has been idle for a while, some (but not all) of the information stored in session is lost. If the browser is idle for a while longer, all the information is lost. It seems that the session information "disappears" randomly when the browser has been idle for a while (let's say 10 minutes).

I know this all sounds rather vague and wooly, but it seems to be an intermittent error that is hard to reproduce! And the information that disappears seems to be random too.

Any ideas as to what may be causing this?

One thing I can think of is that I use a kind of "shorthand" way of referring to elements of the session superglobal array inside a class, as per the following example:



class myclass
{
public function __construct()
{
$this->m_myvar1 =& $this->m_sessionRegister("m_myvar1");
$this->m_myvar2 =& $this->m_sessionRegister("m_myvar2");
}

public function doStuff()
{
//Use m_myvar1, m_myvar2 and m_session as normal variables. Just don't assign them by reference!
}

private function& m_sessionRegister($name)
{
if (empty($this->m_session))
$this->m_session =& $_SESSION;

if (!array_key_exists("registered", $_SESSION))
$this->m_session["registered"] = array();

if (!array_key_exists($name, $_SESSION["registered"]))
$this->m_session["registered"][$name] = NULL;

return $this->m_session["registered"][$name];
}

private $m_myvar1;
private $m_myvar2;
private $m_session;
}


I am not convinced that is the the problem though, because I see nothing wrong with my code. It works well, however when the browser has been idle for a while, perhaps m_myvar1 might be empty after having been assigned a value, whereas m_myvar2 will still contain its assigned value (for example!)

tangoforce
01-03-2012, 01:14 PM
I've been experiencing this a lot myself using UniformServer (another wamp system but less popular than xampp despite being better).

It's one of those issues I've (wrongfully) never actually bothered to fix but from various bits I've read this is a php configuration file issue which controls the lifetime of the session. On many windows wamp setups php does a sweep of 'old' sessions whereas on linux its a bit more leniant and doesn't seem to do this.

This is contained in my php.ini file (though I've never changed it):


; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
; http://php.net/session.gc-maxlifetime
session.gc_maxlifetime = 1440


That works out at 24 minutes however it doesn't state whether thats idle time or from the very start of the session being created - I guess thats an experiment needed to determine that.

Dan13071992
01-03-2012, 09:01 PM
believe it or not, even i who am on shared linux hosting, have been having trouble with sessions dying alot and it taking me back to the index page on my website, Ive changed the phpini to something like maxlife of 4-5 days withouit GC yet the sessions still die after about 7-10 minutes of inactivity.

XmisterIS
01-04-2012, 08:51 AM
I'm thinking that the only robust solution will be to set the lifetime of session to x, then store a timeout parameter equal to, for example, x/2 in a bit of javascript on the page and use a circular timer which calls back to the server using JSON and manually resets the session each time the timer gets to zero.

A bit of a faff, I know, but not that hard to do and it will fix these problems we're having.

But if anyone else knows of a much easier and simpler solution, I'd love to know it!

tangoforce
01-04-2012, 01:40 PM
This may apply to us all:



If different scripts have different values of session.gc_maxlifetime but share the same place for storing the session data then the script with the minimum value will be cleaning the data. In this case, use this directive together with session.save_path.


In other words, on shared hosts whoever has the minimum setting has probably doomed the other users and on dedicated servers / wamp setups .. well still haven't tinkered with it myself yet.

Dan13071992
01-04-2012, 01:46 PM
This may apply to us all:



In other words, on shared hosts whoever has the minimum setting has probably doomed the other users and on dedicated servers / wamp setups .. well still haven't tinkered with it myself yet.

in question to this post TF, is there no fix around this, ive changed my phpini setting countless times, with nothing working, however it does seem random, the fact that it sometimes logs me out after 7 minutes or so, and other times logs me out after 10 :s

also, if i wanted to use session.save_path() to change my saved sessions directory, how would i correct my scripts to collect the sessions from that folder?

tangoforce
01-04-2012, 11:13 PM
Unfortunately I don't really know but I have suffered similar fates using the uniformserver on windows where sessions will randomly expire.

I've never had chance to look into this in detail but if you can PM me in a week or so I may have more time to investigate it.

Dan13071992
01-04-2012, 11:33 PM
will do, just a quick question though, is it possible to keep a session alive by using a time session variable eg:


santex might be wrong as off the top of my head:



/////set the session variables\\\\

$_SESSION['timeLoggedIn'] = time();
$_SESSION['uID']=$intUserID;
//////uID is working already i know that much\\\\



can we keep that $_SESSION['timeLoggedIn'] = time()+1440; so that if the time reaches that time given in the $_SESSION['timeLoggedIn'] when the user refreshes and they believe they are still logged in, the $_SESSION['timeLoggedIn'] will reset itself?

just wondering if this is possible, if any of that makes sense to you?

tangoforce
01-04-2012, 11:44 PM
It makes sense and yes it will work - but only for things that your script relies on - EG if you have a "log user out after x mins" type feature for your program.

For the session itself that php handles (IE the session file where the session array is stored) no it won't work. As I say, I may have time to investigate this next week if you can remind me.

Spookster
01-04-2012, 11:45 PM
For shared hosting if your changes aren't working i'd first check to make sure your custom php.ini file is actually being read. You will be able to check that through phpinfo(). If your changes show up in that then it is being read so the problem may be elsewhere. If not then your account is not set up correctly for you to use your custom file or the file is not in the right path.

tangoforce
01-05-2012, 12:02 AM
But how does that affect wamp setups where sessions randomly get destroyed?

Spookster
01-05-2012, 12:15 AM
This may apply to us all:



If different scripts have different values of session.gc_maxlifetime but share the same place for storing the session data then the script with the minimum value will be cleaning the data. In this case, use this directive together with session.save_path.


In other words, on shared hosts whoever has the minimum setting has probably doomed the other users and on dedicated servers / wamp setups .. well still haven't tinkered with it myself yet.


It wouldn't make sense for a host to set it up that way and have every account using the same directory for session data. That would be allowing one account holder to affect other account holders website which could get that host sued in a heartbeat.

Spookster
01-05-2012, 12:17 AM
But how does that affect wamp setups where sessions randomly get destroyed?


I didn't say it affected wamp setups. I was referring to shared hosting and Dans post about how he changed the max lifetime in his custom ini file and he didn't see a change.

Spookster
01-05-2012, 12:24 AM
in question to this post TF, is there no fix around this, ive changed my phpini setting countless times, with nothing working, however it does seem random, the fact that it sometimes logs me out after 7 minutes or so, and other times logs me out after 10 :s

also, if i wanted to use session.save_path() to change my saved sessions directory, how would i correct my scripts to collect the sessions from that folder?

You shouldn't need to change anything in your scripts. That ini file is telling PHP where to save your session data. On your shared host run a file with phpinfo() in it and you can see where the host has defaulted your session data to. You should see a line like this in the Session section

Directive / Local Value / Master Value
session.save_pathC:/rw_apps/wamp/tmpC:/rw_apps/wamp/tmp
session.save_path / C:/rw_apps/wamp/tmp / C:/rw_apps/wamp/tmp

The local value will be different if you are overrideing the master php.ini file otherwise they should be the same. Check your master value and it should hopefully be some location within your own account.

Dan13071992
01-05-2012, 10:36 AM
session.save_path /tmp /tmp
session.gc_maxlifetime 2592000 1440
session.gc_divisor 0 100
session.gc_probability 0 1


thats on my shared hosting, however nothing ever gets added to my /tmp folder on the server :s and as you can see i set the session.gc.maxlife to 2592000 just to test it, and played around with the other setting the see if that worked, still not keeping sessions longer than 10 minutes of being in active, and even sometimes when im active, my session will just destroy itself :s

Spookster
01-05-2012, 02:46 PM
session.save_path /tmp /tmp
session.gc_maxlifetime 2592000 1440
session.gc_divisor 0 100
session.gc_probability 0 1


thats on my shared hosting, however nothing ever gets added to my /tmp folder on the server :s and as you can see i set the session.gc.maxlife to 2592000 just to test it, and played around with the other setting the see if that worked, still not keeping sessions longer than 10 minutes of being in active, and even sometimes when im active, my session will just destroy itself :s

So I presume you have access to this /tmp directory then? How are you viewing it? From a terminal access, web based control panel?

Dan13071992
01-05-2012, 03:00 PM
Yes I do, I use filezilla

Spookster
01-05-2012, 03:21 PM
Yes I do, I use filezilla

So the good news then is your session data is not be affected by other account holders. I'm not familiar with Filezilla other than it is an FTP client? Does it also provide a secure shell for terminal access? What I am trying to determine is what you are using to view the directories because what you are using may not allow you to see the session files in that /tmp directory.

Dan13071992
01-05-2012, 05:02 PM
I think filezilla is just a simple upload/download ftp program, if I go into the tmp folder on my web hosts file and folder viewer (can't remeber correct name, but its through the control panel) would I be able to view them then?

tangoforce
01-05-2012, 05:38 PM
if I go into the tmp folder on my web hosts file and folder viewer (can't remeber correct name, but its through the control panel) would I be able to view them then?

Realistically, how would you expect us to know that? - We don't have access to your control panel, what type of control panel or your server configuration.

There are some things you need to look into yourself, whether or not you can see session files via your control panel is definitely one of them.

Spookster
01-05-2012, 06:11 PM
I think filezilla is just a simple upload/download ftp program, if I go into the tmp folder on my web hosts file and folder viewer (can't remeber correct name, but its through the control panel) would I be able to view them then?

Don't know if your web based control panel (probably cpanel) would make those files visibile to you or not. I would recommend just using terminal access. Most hosts allow terminal access although some might require that you ask them to enable it on your account and then you just need to use a SSH client such as Putty to login so you have command line access to your account. Then it's just a matter of navigating to your /tmp directory and do an ls -la to list all the files in there. Then while you are logged in you can create a session from your website and see if the session file shows up.

Dan13071992
01-07-2012, 01:50 PM
hey guys, i was looking through the phpmanual website and found this, i dont know if its useful but i think it might be to do with this?

[quote]
e dot mortoray at ecircle dot com 17-Apr-2009 12:02
There is a nuance we found with session timing out although the user is still active in the session. The problem has to do with never modifying the session variable.

The GC will clear the session data files based on their last modification time. Thus if you never modify the session, you simply read from it, then the GC will eventually clean up.

To prevent this you need to ensure that your session is modified within the GC delete time. You can accomplish this like below.


<?php
if( !isset($_SESSION['last_access']) || (time() - $_SESSION['last_access']) > 60 )
$_SESSION['last_access'] = time();
?>

This will update the session every 60s to ensure that the modification date is altered.
[quote]

this was taken from the site http://www.php.net/manual/en/book.session.php just over half way downj the page.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum