Random logout of PHP Session

Here's a couple ideas:

1. Cookie expiring in users browser cache or being deleted. This can be caused by the user clock, have the user check when the cookie is set to expire after he logs in. Make sure there's no automated program deleting the cookies. Since the timeout is so short, I'm guessing it's a clock problem.
2. I remember on the old BB where the session were being delete with all the other crap in the /tmp folder by a cron. I doubt that's the problem, everyone on your server would be up-in-arms.
3. Might check the session.cache_expire and session.cookie_lifetime setting in PHP.INI.

Last month I was having the same problem, it was because of a bad cron script deleteing all the sessions from /tmp

Odd... I'm having that problem too with a new website / script. I thought it was a programming bug, but maybe not.

It is happening to multiple users, and there aren't any cron jobs running.

Ihost, if you find out what it is, please let us know.

Answer I got from Andrew this morning was that YES there is a Cron job running that deletes the contents of /tmp every two hours. If your session is active at the time of that process running you will lose your session.

The best solution is to use session_save_path('/home/*username*/tmp') within the script. That line needs to be before session_start(). Alternatively use a custom php.ini file in your directory and use session.save_path "/home/*username*/tmp"

This way you get your session data into your own directory which is unaffected by the Cron job, and also away from the prying eyes of other users on your server.

I don't know if this applies to all servers, but it does to Cpanel19.

This could be very annoyiing. That cron job should kill old files not all of them. for instance, if it leaves all files younger that two hours it will leave space for people to be logged in at least two hours without being interrupted.

custom php.ini solved the problem for me, syntax is:
session.save_path = /home/username/tmp

but the php.ini file had to be in the exact directory of the script that uses sessions, i.e. I could not just place php.ini in public_html like you can with .htaccess because the settings didn't apply to subdirectories.

Anyway, the best solution is to modify the cron script to check timestamps of all /tmp files before deleteing them. I don't want to have to put a php.ini in every script directory on every account I have.

i seem to have this same problem with squirel mail all the time (the default one installed that comes with the account)

i go in to check mail, then compose some mail, usually a lengthy mail message. and then i goto send it out, and opps, you have been logged out.. im like crap.. this has happend a few times already. dunno if it occours in this time period of the two hour thing, but.... is their a way to change the temp folder for the default install of this script on the server? and also is their a way to change the time of the session (dunno im a noob with this sorta thing), just wana test out and make sure this doesnt happen to me to often. most of the time i try to use notepad to write stuff out, but dont remember a lot of the time.

Yesterday I started getting a ton of complaints that users were getting logged out at every page they were on.

My awesome programmer contacted me and sent me the message below. I wanted to get comments / suggestions before I put in a ticket.

"The server no longer supports hadling objects thru session. I believe they
have made some upgrade on PHP or sth like that. I always receive
PHP_Incomplete class object error, althought, my objects are loaded before
session_start() (this is info for the hosting support if you decide to
inform them for the problem). I tried even with the simples object i have
and the same problem appeared. No such problems on my localhost."

Any ideas, comments, suggestions? Thanks in advance!

I was having the same problem with squirrelmail, but I've figured up a solution that works for me. In your squirrelmail/config directory, you'll see a file called "config_local.php". In this file, change the session path to some directory besides /tmp. This works because config_local.php is included by config.php, which is included by everything else in squirrelmail. We can't change config.php itself, since it is generated by a script (and your change would get overwritten in you add/delete a plugin).

I added a line to the bottom of config_local.php that looks like this:

session_save_path("/home/{user}/tmp");

where '{user}' is your dathorn user name. Make sure the /home/{user}/tmp directory exists.

The good news is that session data gets saved to that new directory. The bad news is that if a user doesn't log out correctly, the session data file will not get deleted. Eventually you'll run out of disk space. So, to fix this problem, we'll set up our own cron job to delete old session data files, but we'll do it correctly.

Create a cron job (either from the command line or from the cpanel interface) that runs this command:

find /home/{user}/tmp -name 'sess_*' -mtime +1 | xargs rm -f

What this does is find all files that start with 'sess_' in the new tmp directory that haven't been modified in a day or more ("-mtime +1") and removes them.

I hope this helps...