Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 576
  • Last Modified:

Session variables clearing too soon

Hi Experts-

I have managed private server running LAMP with over 30 sites on the server. All of the sites handle session variables perfectly except for one.

I can set the time limit on the session variables for all of the other sites to any length that I want except for one of the sites. No matter what I enter, all of the session variables clear at a default of 20 minutes. I currently have it set to a maxlifetime of 86400 which should be 24 hours.

When I look at the phpinfo file it shows the maxlifetime set to 86400.

Where can I look or how do I find what is overwriting this session lifetime variable?

Thanks for your help.
0
danjen
Asked:
danjen
  • 2
  • 2
  • 2
  • +1
1 Solution
 
wwwdeveloper2Commented:
My initial thoughts:

1) Is the script/php app that is creating the sessions setting their own timeouts using ini_sets?

http://prajapatinilesh.wordpress.com/2009/01/14/manually-set-php-session-timeout-php-session/

2) If you haven't did this yet, maybe you can put one of your own files out without ini_sets and use php to write a session and see if it expires in 20 minutes - It should listen to your php.ini file, since no ini_sets for the script were set.

3) Is the apache session settings for that account set at 20 minutes?  Maybe the apache settings have more priority over the php settings?  I would look at the apache settings for that account and also any .htaccess files in that account's directories to see if they have a setting of 20 minutes for the sessions.

I have never experienced this problem, but these are just some of the thoughts that came to mind.  If you need additional information, please feel free to ask me.   I'll help/brainstorm anyway I can.
0
 
mattibuttCommented:
I think there is value in your tenth application which is destroying the session
0
 
Ray PaseurCommented:
There are complex interactions between cookies, sessions and the garbage collector.  The default time for session garbage collection is, in effect, the end of session life plus 1440 seconds.  The cookie that connects the browser to the session data expires when the browser is closed.  So there are two easy ways to lose your session.  You can close the browser, or you can wait for 20 minutes of inactivity - and note that inactivity is important because the session handler sets the cookie each time your script does session_start().

Sessions are used to maintain stateful information between web pages during the life of a visit to a web site.  Most clients visit a web site for a little while, then do something else.  I would not expect any client to spend 24 consecutive hours on my web site.  If you want to keep client state information for that long, you might consider using a login cookie instead of a session.  Or you could consider setting the session cookie manually.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
danjenAuthor Commented:
I believe there is something in one of my programs that is destroying these session variables, but I don't know how to find that.

Ray, I understand what you are saying, but my issue is, this same script works perfectly on over 30 sites. Just this one site is losing the session variables. All of the sites are hosted on the same server which has global php and apache settings.

How can I find out what is destroying the session variables on just this one site?

Thanks for the replies.
0
 
Ray PaseurCommented:
It's hard to know without having access to the test data.  Like I said, there are a lot of moving parts.  Some things to look for...

$_SESSION = array(); // Or any other assignment that wipes out the data
setcookie(session_name(), ... // With an invalid argument that causes the cookie to fail
Using session_start() in a sub-directory or sub-domain
Having links like these: href="www.url.com/path" vs href="url.com/path"

What do you mean when you say "destroying the session variables?"  How do identify the symptom of the "destruction?"  Is the session cookie still there, but the $_SESSION array is empty?
0
 
wwwdeveloper2Commented:
danjen - Use some software like notepad++ and do a find to search the source code in that account's directory.

Look for ini_set to see if there are any programs overwriting the settings for the session life

Also, if you want to see if any files are destroying the session search for:  session_destroy();

I have some systems were we do keep session alive for 8 hours.  Many of our applications have user's who need to stay logged in all day.  Many times they might be interrupted by somebody stopping by their office or have to rush off for a meeting in the middle of working in the application.  They get very angry if they come back to their work and see their session has been timed out.

0
 
danjenAuthor Commented:
Thank you for your help. I wasn't able to find the issue causing the sessions to be destroyed but your answer was helpful.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now