Session Cookies Expiring Unexpectedly - PHP Server Side Scripting forum at WebmasterWorld - WebmasterWorld

Forum Moderators: coopster

Message Too Old, No Replies

Session Cookies Expiring Unexpectedly

At my wits end!

rabbit_fufu

11:39 pm on Apr 20, 2004 (gmt 0)

10+ Year Member

Ok Guys, I'm at a total loss here, and I'm hoping someone has seen this problem before and can help me out.

I've written a fairly straightforward session login system. And it works just great on all the computers I've tested. However, the person who is going to be using the system is experiencing a problem where once in a blue moon, seemingly without pattern or reason, after using the system successfully for awhile the session cookies expire unexpectedly and they consequently get logged out.

The code is dead simple. Stripped down, it essentially works like this.

Here's where the login page creates the auth:

session_start();
$_SESSION['auth']=TRUE;

...and on consequent pages I test for the existence of the token auth.

Apparently there were some old bugs in IE that sometimes resulted in session weirdness, but I have made certain that everyone is using the latest version of ie6. This is doubly frustrating because I have been completely unable to reproduce this bug on my end.

Has anyone ever encountered anything like this before? Can you think of anything in the configuration of a local system that would possibly cause the session cookies to expire without warning?

Am I going crazy?

Thanks for your help, much appreciated

-trav

Timotheos

11:50 pm on Apr 20, 2004 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

This help?
[webmasterworld.com...]

rabbit_fufu

11:52 pm on Apr 20, 2004 (gmt 0)

10+ Year Member

I know sometimes it's a bit hard to know just what's going on without a closer look at the code, so here's the stripped down version of my page auth. As you can see, I'm actually storing all the session info in a DB. (And in case you're wondering, only 1 person is allowed to access the system at a time.) As I say, this works fine on every system I've tested, so I really am confused here...

session_start();
$sessionid = session_id();

// confirm that session is valid
$auth = mysql_result(mysql_query("SELECT COUNT(uniqueid) FROM sessiontable WHERE sessionid = '$sessionid'"),0);
if ($auth==1) { // update auth timestamp
$query = "UPDATE sessiontable SET timestamp='$nowtime' WHERE sessionid='$sessionid'";
$result = mysql_query($query)
or die("Couldn't update timestamp");
} else {
mysql_close($connection);
header("Location: logout.php");
}

rabbit_fufu

11:57 pm on Apr 20, 2004 (gmt 0)

10+ Year Member

Hi thanks for the quick reply, I actually saw this thread already, but I don't think it applies to me. For them the solution was changing the session.save_path since some sort of process on the server was killing sessions off. However, I think this problem must be being caused by something about the local machine. I've tested this extensively from my end, using the live system, and I cannot reproduce the problem, so that is why I think it is not a problem with php or the server - rather it is something weird on the user's system that is causing the cookies to die early. At least, this is the only thing that makes any sense to me... Any ideas?

coopster

9:22 pm on Apr 21, 2004 (gmt 0)

WebmasterWorld Administrator

10+ Year Member

One common problem that folks run into is the

session.cookie_domain

. Have a look at msg #3 in this thread where the PHP Session ID - randomonly resets [webmasterworld.com].

rabbit_fufu

12:48 am on Apr 22, 2004 (gmt 0)

10+ Year Member

hi there, thanks for the reply, but i don't think that's it... I'm careful only to use relative links, and if I understand this issue correctly, it only crops up if you have 'www' in the url.

rabbit_fufu

5:19 pm on Apr 22, 2004 (gmt 0)

10+ Year Member

> One common problem that folks run into is the
> session.cookie_domain. Have a look at msg #3
> in this thread where the PHP Session ID -
> randomonly resets.

Thanks for the help guys, much appreciated. I have a question - in cases where session.cookie_domain is what is causing a session to 'reset' itself, is the effect observable on all client systems, or does it depend on something in a clients config? (I would assume the bug would occur on all systems, and I had ruled this possibility out since I haven't been able to reproduce the problem on any of my computers... But now I'm wondering...) The problem appears to be occurring on a machine that is on a network - though why that would make any difference I have no idea...