Random Session Failure

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
d3ik
Forum Newbie
Posts: 3
Joined: Mon Jun 16, 2003 12:10 pm

Random Session Failure

Post by d3ik »

Okay... I have been trying to get a handle on this bug for awhile... I tried bugs.php.net but just got sniper and his 'fixed in CVS' BS. I'm hoping someone has heard of this bug before and can shoot me a quick fix.

99% of the time sessions work fine, 1% of the time the session fails and the user is logged out of my site. Let's start by shooting down the obvious:

- session maxlifetime is set to 2 hours
- cookie maxlifetime is set to die with the browser (0)
- It is not my code... it could not get any simpler than what I am running... just a simple session validation at the top of every page.
- I have read the 'sessions with a minor in user login'... all stuff I already knew but I knew if I didn't read it and someone pointed something out in there that fixed my problem I'd feel stupid (and I hate it when that happens)

So we're back to square one. Sessions randomly go kerplunk. Setup is as follows:

Win2K SP3 (forced to run Windows, would rather not)
Apache 1.3.26
PHP 4.3.2 (just released 29 May 2003)


Any suggestions would be GREATLY appreciated as the 'suits' are cracking down on this error and pointing fingers... mostly at me. Thank you!
User avatar
nielsene
DevNet Resident
Posts: 1834
Joined: Fri Aug 16, 2002 8:57 am
Location: Watertown, MA

Post by nielsene »

Can you show any code? You say its simple. Have you removed everything but the session validation and a simple echo and can you still generate the error?

Have you investigating if there's any correlation between the user's platform/browser/request that causes the session to get dropped? Is the server running out of storage space?

We need more information if we're to help....
d3ik
Forum Newbie
Posts: 3
Joined: Mon Jun 16, 2003 12:10 pm

Post by d3ik »

At the top of each page I have an include for this:

<?php
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");

session_start();
$user = @$_SESSION["username"];

if ( isset($user) AND $user!=="" ) {
$loggedin=true;
}else{
$loggedin=false;
}

if( $loggedin == true ) {
//DO STUFF
}else{
//POST ERROR
}


And to start the party I've got a checklogin.php that looks like this:

session_start();
$_SESSION["username"] = $username;
$_SESSION["pass"] = $pass;

// session_register($username);
// session_register($pass);

echo "<SCRIPT LANGUAGE=\"Javascript\">\r\n";
echo "window.location='index.php'\r\n";
echo "</SCRIPT>\r\n";


I've considered putting session_start() above the header output but that shouldn't have an effect on the session functioning properly. Ideas??
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

Have you tried it without the cache control?

Mac
d3ik
Forum Newbie
Posts: 3
Joined: Mon Jun 16, 2003 12:10 pm

Post by d3ik »

I'm kind of stuck in the cache-control... every page loads database info, and it's essential that the browser refreshes the page every time...
User avatar
nielsene
DevNet Resident
Posts: 1834
Joined: Fri Aug 16, 2002 8:57 am
Location: Watertown, MA

Post by nielsene »

Well can you make some test pages that don't hit the database, and remove the cache control to test if that is the problem or not?

Have you tried snooping around in the logs to see if there is anything there when the session is dropped? Have you tried checking to filesystem to see if the session file is still there when the file is dropped.

Have you confirmed that its not just "user error", maybe they were away for more than 2 hours, and got garbage collected and aren't including the idle time in their "error-report"? How many UI elements could generate a legimate log-out? Is it possible the user hit one of these?
Post Reply