Page 1 of 1

Random Session Failure

Posted: Mon Jun 16, 2003 12:10 pm
by d3ik
Okay... I have been trying to get a handle on this bug for awhile... I tried bugs.php.net but just got sniper and his 'fixed in CVS' BS. I'm hoping someone has heard of this bug before and can shoot me a quick fix.

99% of the time sessions work fine, 1% of the time the session fails and the user is logged out of my site. Let's start by shooting down the obvious:

- session maxlifetime is set to 2 hours
- cookie maxlifetime is set to die with the browser (0)
- It is not my code... it could not get any simpler than what I am running... just a simple session validation at the top of every page.
- I have read the 'sessions with a minor in user login'... all stuff I already knew but I knew if I didn't read it and someone pointed something out in there that fixed my problem I'd feel stupid (and I hate it when that happens)

So we're back to square one. Sessions randomly go kerplunk. Setup is as follows:

Win2K SP3 (forced to run Windows, would rather not)
Apache 1.3.26
PHP 4.3.2 (just released 29 May 2003)


Any suggestions would be GREATLY appreciated as the 'suits' are cracking down on this error and pointing fingers... mostly at me. Thank you!

Posted: Mon Jun 16, 2003 12:21 pm
by nielsene
Can you show any code? You say its simple. Have you removed everything but the session validation and a simple echo and can you still generate the error?

Have you investigating if there's any correlation between the user's platform/browser/request that causes the session to get dropped? Is the server running out of storage space?

We need more information if we're to help....

Posted: Mon Jun 16, 2003 12:47 pm
by d3ik
At the top of each page I have an include for this:

<?php
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");

session_start();
$user = @$_SESSION["username"];

if ( isset($user) AND $user!=="" ) {
$loggedin=true;
}else{
$loggedin=false;
}

if( $loggedin == true ) {
//DO STUFF
}else{
//POST ERROR
}


And to start the party I've got a checklogin.php that looks like this:

session_start();
$_SESSION["username"] = $username;
$_SESSION["pass"] = $pass;

// session_register($username);
// session_register($pass);

echo "<SCRIPT LANGUAGE=\"Javascript\">\r\n";
echo "window.location='index.php'\r\n";
echo "</SCRIPT>\r\n";


I've considered putting session_start() above the header output but that shouldn't have an effect on the session functioning properly. Ideas??

Posted: Mon Jun 16, 2003 12:48 pm
by twigletmac
Have you tried it without the cache control?

Mac

Posted: Mon Jun 16, 2003 1:17 pm
by d3ik
I'm kind of stuck in the cache-control... every page loads database info, and it's essential that the browser refreshes the page every time...

Posted: Mon Jun 16, 2003 1:24 pm
by nielsene
Well can you make some test pages that don't hit the database, and remove the cache control to test if that is the problem or not?

Have you tried snooping around in the logs to see if there is anything there when the session is dropped? Have you tried checking to filesystem to see if the session file is still there when the file is dropped.

Have you confirmed that its not just "user error", maybe they were away for more than 2 hours, and got garbage collected and aren't including the idle time in their "error-report"? How many UI elements could generate a legimate log-out? Is it possible the user hit one of these?