Page 1 of 1

Session expiring too early...

Posted: Mon Sep 19, 2005 3:13 pm
by MicahCarrick
I have a cart written using SESSION variables. All session settings are default and therefore cache expire is at 180. However, I keep finding that the session ID is still the same, but all the variables have been destroyed after just 60 minutes. There is some header() functions but I have a call to session_write_close(); before redirecting. I can't figure out why this is happening. Any ideas?

Micah

Posted: Mon Sep 19, 2005 6:26 pm
by feyd
The session id on the client will not expire until the browser it closed or your site destroys it. The session data on the server may be destroyed at almost any time, depending on the server and settings...

Posted: Mon Sep 19, 2005 8:05 pm
by Buddha443556
Shared server? Move your sessions from /tmp to your own folder. Shared hosts will purge sessions from /tmp regularly.

session.save_path

Posted: Mon Sep 19, 2005 9:26 pm
by MicahCarrick
It's not a shared server, however, I do have more information....

This code I'm working on was written initially by another programmer. It's a shopping cart that is put into every page on the site via an include statement. The previous programmer has the following to prevent caching so that the changes in the cart are updated visually:

Code: Select all

// Date in the past
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
// always modified
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
// HTTP/1.1
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
// HTTP/1.0
header("Pragma: no-cache");
.. which I did some reading up and tried this instead:

Code: Select all

header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: must-revalidate");
session_cache_limiter("must-revalidate");
.. however, session cache is still deleted after 60 minutes. I'm not too savy on headers... any more advice?

- Micah

Posted: Mon Sep 19, 2005 9:47 pm
by feyd
what are all the exact values from the session.* settings in php.ini? (you can find them through a phpinfo() or looking through ini_get_all()

Posted: Mon Sep 19, 2005 10:08 pm
by MicahCarrick
Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path /tmp /tmp
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid Off Off

Posted: Mon Sep 19, 2005 10:51 pm
by feyd
it looks like there's an automated cleanup of the /tmp folder being run, as Buddha443556 theorized...

Posted: Tue Sep 20, 2005 3:14 am
by n00b Saibot
I have implemented a error catching framework which uses Sessions to maintain and pass around information/errors. The problem was that if an error was caught just before sending header() redirect. It would not appear on the next page. Is it so because I haven't used session_write_close() :?: :?

Posted: Tue Sep 20, 2005 11:46 am
by MicahCarrick
Well, it was the cache path. Changed it from tmp and it's working now. I wish I hadn't dismissed that possibility so early on. Thank you all very much!