hi dreamcatcher,

please keep in mind, that there are multiple reasons, why this can happen.

- check session id-links and/or your cookies. if this is not set at all, your session will be reinitiated each time you request a page.

- check if you can use $_SESSION instad of session_register().

that's all for now i can think about. maybe some little

<? echo("<pre>"); print_r($_GLOBALS); echo("</pre>");?>

will help you analyse the glitch.

--hakre

Thanks for the help hakre.

Well I used print_r($_SESSION) and the correct values are present right through all the pages, so the session variables are being registered ok.

Its a strange, I can click around for 5mins and everything is ok, but as soon as I stop for a few seconds then refresh the current page or click another link, I`m back to the login page again and the variables are gone.

The pages are all present in the one file via a switch statement. ie:

admin.php?cmd=login
admin.php?cmd=upload
admin.php?cmd=contact

etc

The session stuff is checked before the switch statement executes.

What I dont understand is if I keep refreshing a page it seems ok, but as soon as I leave it for a few seconds, then do another refresh, its back to the login page again.

Its like someone is doing abracadabra on my sessions. LOL!

Could it be a Header/Refresh w/timing/Location that plays a trick on you

I had that problem once

regards

Henry

Dreamcatcher, this makes sense. Basically, the way the session timeout works is every time you run session_start() the clock gets reset.

Run phpinfo() and see what value you have for session.cache_expire.

Try running
session_cache_expire(180); // session expires in 180 minutes
session_start();

If that helps, you can change the setting in your php.ini file.

If you are on a shared host, you may be a victim of an active cron job, which happened to me a few months ago. In that case you can either
- use the session_save_path() [php.net] in your script or set the session.save_path in your .htacces/php.ini

Ultimately, if it persists, you can build custom session handling functions.

Tom

Thanks for the info Tom.

I am on a shared hosting server, and the session_cache_expire() is set to 180.

If its just a server related issue I`m not too concerned. Obviously I would like a fix for it myself, but I was mainly checking that the code I was using was correct and that the problem wasn`t script related.

So if I use session_save_path() what happens there? Can I assume this over writes the path specified by the server?

if (($_SESSION['username']) && ($_SESSION['username']))

Well, that code *is* a bit redundant, but it should work ;-)

session_save_path('path');

or setting session.save_path in the .htaccess should change it. I'm not saying it's not a script problem, but to me if you have no problems when you keep clicking around and only have problems if you sit idle for a while, there's no reason the script should affect that, but an aggressive cron job could.

Also, I'm fairly sure that if someone else is on the server and they have their session garbage collection set to be super aggressive, this will affect all sessions in the system /tmp directory, so when her sessions get cleaned up, so will yours if they fall within that user's parameters.

Whether or not this fixes your problem, it's generally better on a shared host to not use the total default setting for sessions.

Tom

Tom
Could your suggestion works (shared server) in a particlular setup where a JS new window containing a PHP script is called

I have not been able to carry over the session

Henry

Thanks Tom, as always there`s some interesting stuff there. Can you give me some more info on an aggressive cron job? I`ve not heard that term before.

This session problem occurs in most scripts that I have used come to think of it, and not just my own. Easiest way out is just to set a cookie, which does work and does keep me logged in. I`m not 100% certain if I had this problem on my last server. I do have another server which I can test the script on, so maybe I`ll try that out of curiosity.

With regards to the if statement, I used to do...

if (!session_is_registered('password'))

..but saw somewhere on another forum that this shouldn`t be used. Is that correct?

I will try the session_save_path() idea. Thanks for that.

David.

- cron is a unix daemon that executes scheduled commands. Google on cron and crontab.

- a cron job is one of those scheduled tasks and by "aggressive" I just meant something that fires every couple of minutes and cleans out all files older than X seconds, effectively deleting the session.

Like I say, it could also be a user who has set PHP parameters to clean out the session folder as well.

if (!session_is_registered('password'))

..but saw somewhere on another forum that this shouldn`t be used.

Have a look at the manual [php.net] and the user-contributed notes. This is really only useful for use if you are registering session vars as globals rather than using $_SESSION. Using the superglobals ($_SESSION) is going to be more stable.

Tom

Excellent. Well, thanks for your insights Tom, its been very useful. I do use cron jobs so I am familiar with them, just never heard of an aggressive one.

Thanks again!

This may be of some help as well...

Session is timing out - how do I increase cookie time? [webmasterworld.com]

Hello, Im having a quite similar problem with my sessions,
I have a CMS (Content Management System?) and I use sessions in the admin area and also in the user area

when Im working in the admin area and then I open the user are, my session seems to expire or some values are changed, how do I prevent that?

Thank you in advance

Octavio