How to check what is the reason of session lost in php?

Go To StackoverFlow.com

1

I have stored the user id when the user login , however, i found it sometime will lost , what is the common reason of session lost?

I have used the timeout plugin (idle for sometime will warning and help you logout) and there are some javascript to transfer between pages

You have edited the list. <a href='view.php' onClick='window.location.reload()'>Back</a></div>

<input type="button" value="Back" onclick="location.href='add.php'" class="btn" style="width:100px"/> 

and unset the session, but it should not be the reason?

$(function(){
  $("#closeTab").click(function() {
            $.post("clear.php",function(data){
             window.parent.$('#tt').tabs('close','Create List'); 
             location.reload();     
      });
  });
});

clear.php

    if (isset($_SESSION['lname']))
unset($_SESSION['lname']);
if (isset($_SESSION['creminder']))
unset($_SESSION['creminder']);
if (isset($_SESSION['subscribe']))
unset($_SESSION['subscribe']);
if (isset($_SESSION['unsubscribe']))
unset($_SESSION['unsubscribe']);

This is used for store session

$user=$_SESSION['username'];

Thank you

2012-04-05 14:57
by user782104
If you unset your $_SESSION['SID'] you lose the contents yes? Or is that not your question - Bono 2012-04-05 15:01
Perhaps a clearer explanation of what your question actually is or problem is will get you an answer - buymypies 2012-04-05 15:06
simply unset($_SESSION)Dion 2012-04-05 15:08
i have store $_SESSION['username'], and it lost even i have not logout the system, i would like to know what is the problem and fix it , thank - user782104 2012-04-05 15:28


1

PHP manages sessions this way:

When session_start() a file on the webserver is created. The file is a text file called for example session1234. On the user browser a cookie is set the cookie contains the value "session1234". Every time the user calls a page on the same domain the browser silently sends that cookie.

So the user is recognized and user's session data are taken out from the session file on the server.

Reason a session expire:

  1. Usually when logout from webapplication we use session_destroy() which destroys the file on the server session1234. So if user calls again the site with cookie content session1234: no file session1234 exists on the server (has been removed with logout) the user is not authenticated
  2. Timeout occurs: file session1234 is removed from server default 20 min (configurable in php.ini). If user calls again the site, same as before. Every time the user take an action (call the server) the server updates the time to live of the session file
  3. Users clear browser cookie (can happen if someone want to clear the history of the browser): cookie is lost, the browser doesn't send the cookie the server doesn't receive it and cannot authenticated the user

Hope it helps

2012-04-05 15:07
by ab_dev86
>
  • Server misconfiguration sets wrong cookie path/domain and becomes "invisible" to other parts of the site in other directories or subdomains.
  • - Marc B 2012-04-05 15:10
    file session1234 is removed from server default 20 min , may be that is the server setting problem. What is the title of this setting? thank - user782104 2012-04-05 15:26


    1

    There's also a foible with the way PHP handles non-zero expiries on sessions; basically if you set the session cookie to expire in 15 minutes, it will expire 15 minutes from the start of the session... it won't refresh that expiry time.

    To run a session that refreshes whenever the user "does something" you need to store an expiry date as a session variable and, when booting up the session, check that variable and if necessary respawn the session.

    I've tried to update the expiry date in the session cookie previously, when the session is started... it led to some interesting problems.

    It's highly unlikely, but it is possible, the session garbage collection lifetime is also below the lifetime of the cookie expiry. There are a load of ini variables that can deal with some of these common session problems and you can override most of them by setting them at runtime:

    ini_set('session.gc_maxlifetime' 900);
    ini_set('session.cookie_lifetime' 0); //ALWAYS set this to 0 - so the cookie will only expire when the browser is closed
    ini_set('session.cookie_domain', '.domain.ext'); //always start with a "." if you want to cover multiple sub-domains
    ini_set('session.cookie_path', '/'); //always use "/" unless you want to limit the cookie to a specific path "/admin" for instance
    

    Personally, I'd put all the session handling stuff into a (Singleton pattern) class and deal with validation and expiry in the constructor.

    2012-04-05 15:22
    by CD001
    perharps it is server setting problem, how can i check ? thank - user782104 2012-04-05 15:27
    Ads