> From: "freaky deaky" <[EMAIL PROTECTED]>
>
> i am experiencing a major problem with sessions expiring randomly in some of
> my
> apps. i will log in and start clicking around and then i will eventually
> arrive at a page that tells me that i'm not logged in anymore. this happens
> apparently randomly. i have seen it on ie6, ie for mac, netscape 4.7 for pc,
> and mozilla
>
> the apps are hosted on
>
> freebsd 4.7-release p2
> apache 1.3.27
> php version 4.2.3
> compiled with --enable-trans-sid
>
> i can't go into production if there's the possibility that users will be
> randomly logged off. i went through all of my code over the weekend, and i
> don't think i can attribute this to a miscoding:
>
> when a user logs in, i create a session with
>
> session_start();
> $valid_user=$_POST['username'];
> session_register("valid_user");
>
> i have the following code at the top of each page to check to see if the
> session
> is valid:
>
> session_start();
> $valid_user=$_SESSION['valid_user'];
> global $valid_user;
> if (session_is_registered("valid_user")
> {...function to spit out an error message if the session is not valid...;}
>
> i have a logout page that destroys the session
>
> session_start();
> session_destroy();
>
> i also have a javascript timer in the header of every page that redirects to
> the
> logout page if the user has been inactive for 20 minutes.
>
> i have played around with session.gc_probability, setting it to 100, but that
> doesn't seem to have fixed the problem.
>
> this is a huge problem.
> if anyone can give some advice, i'd really appreciate it.
Is your session.save_path set to /tmp? It's my understanding that you should
specify a directory for saving session data -- or use a database -- that
/tmp is subject to garbage collection, and specifying a directory prevents
that. I made this change to a site recently. In tests prior to the change
the session would last up to about 2.5 hours with no activity. After
specifying a directory with session_save_path() right before
session_start(), the session was still OK after almost 4 hours of
inactivity. (Not much of a controlled test, I admit.)
That said, here's a disturbing fact that turned up last week -- a designer
working on the same site was continually being logged off unexpectedly.
After many tests he identified that the problem was Microsoft IE/Entourage.
Every time he checks email he's no longer recognized as logged in (Mac OSX
IE). He got Microsoft tech support to duplicate the behavior and confirm
it's a problem with IE -- doesn't happen with Mozilla.
So, it's important to verify the problem with more than one system, but it
sounds like you have since you mention both IE6 and IE Mac!
--
Lowell Allen
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
