Solved

Session variables clearing too soon

Posted on 2011-02-13
7
569 Views
Last Modified: 2012-08-13
Hi Experts-

I have managed private server running LAMP with over 30 sites on the server. All of the sites handle session variables perfectly except for one.

I can set the time limit on the session variables for all of the other sites to any length that I want except for one of the sites. No matter what I enter, all of the session variables clear at a default of 20 minutes. I currently have it set to a maxlifetime of 86400 which should be 24 hours.

When I look at the phpinfo file it shows the maxlifetime set to 86400.

Where can I look or how do I find what is overwriting this session lifetime variable?

Thanks for your help.
0
Comment
Question by:danjen
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 3

Expert Comment

by:wwwdeveloper2
Comment Utility
My initial thoughts:

1) Is the script/php app that is creating the sessions setting their own timeouts using ini_sets?

http://prajapatinilesh.wordpress.com/2009/01/14/manually-set-php-session-timeout-php-session/

2) If you haven't did this yet, maybe you can put one of your own files out without ini_sets and use php to write a session and see if it expires in 20 minutes - It should listen to your php.ini file, since no ini_sets for the script were set.

3) Is the apache session settings for that account set at 20 minutes?  Maybe the apache settings have more priority over the php settings?  I would look at the apache settings for that account and also any .htaccess files in that account's directories to see if they have a setting of 20 minutes for the sessions.

I have never experienced this problem, but these are just some of the thoughts that came to mind.  If you need additional information, please feel free to ask me.   I'll help/brainstorm anyway I can.
0
 
LVL 11

Expert Comment

by:mattibutt
Comment Utility
I think there is value in your tenth application which is destroying the session
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
There are complex interactions between cookies, sessions and the garbage collector.  The default time for session garbage collection is, in effect, the end of session life plus 1440 seconds.  The cookie that connects the browser to the session data expires when the browser is closed.  So there are two easy ways to lose your session.  You can close the browser, or you can wait for 20 minutes of inactivity - and note that inactivity is important because the session handler sets the cookie each time your script does session_start().

Sessions are used to maintain stateful information between web pages during the life of a visit to a web site.  Most clients visit a web site for a little while, then do something else.  I would not expect any client to spend 24 consecutive hours on my web site.  If you want to keep client state information for that long, you might consider using a login cookie instead of a session.  Or you could consider setting the session cookie manually.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:danjen
Comment Utility
I believe there is something in one of my programs that is destroying these session variables, but I don't know how to find that.

Ray, I understand what you are saying, but my issue is, this same script works perfectly on over 30 sites. Just this one site is losing the session variables. All of the sites are hosted on the same server which has global php and apache settings.

How can I find out what is destroying the session variables on just this one site?

Thanks for the replies.
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
It's hard to know without having access to the test data.  Like I said, there are a lot of moving parts.  Some things to look for...

$_SESSION = array(); // Or any other assignment that wipes out the data
setcookie(session_name(), ... // With an invalid argument that causes the cookie to fail
Using session_start() in a sub-directory or sub-domain
Having links like these: href="www.url.com/path" vs href="url.com/path"

What do you mean when you say "destroying the session variables?"  How do identify the symptom of the "destruction?"  Is the session cookie still there, but the $_SESSION array is empty?
0
 
LVL 3

Accepted Solution

by:
wwwdeveloper2 earned 500 total points
Comment Utility
danjen - Use some software like notepad++ and do a find to search the source code in that account's directory.

Look for ini_set to see if there are any programs overwriting the settings for the session life

Also, if you want to see if any files are destroying the session search for:  session_destroy();

I have some systems were we do keep session alive for 8 hours.  Many of our applications have user's who need to stay logged in all day.  Many times they might be interrupted by somebody stopping by their office or have to rush off for a meeting in the middle of working in the application.  They get very angry if they come back to their work and see their session has been timed out.

0
 

Author Closing Comment

by:danjen
Comment Utility
Thank you for your help. I wasn't able to find the issue causing the sessions to be destroyed but your answer was helpful.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Introduction JSON is an acronym for JavaScript Object Notation.  It is a text-string data transport mechanism, capable of representing simple or complex data structures in a consistent and easy-to-read manner.  Similar in concept to XML, but more e…
This article demonstrates how to create a simple responsive confirmation dialog with Ok and Cancel buttons using HTML, CSS, jQuery and Promises
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now