Welcome to WebmasterWorld, raheelajk.

I would double check the login logic. Also, be certain to review your garbage collection routine.

Coopster,

Thanks for reply.

I checked login logic a number of times but nothing considerable was revealed to me. I am using gc function like this.

function gc($sessMaxLifeTime) {
// delete old sessions
mysql_query("DELETE FROM ws_sessions WHERE session_expires < ".time(),$this->dbHandle);
// return affected rows
return mysql_affected_rows($this->dbHandle);
}

Do u see anything wrong in it?

One other thing to check, do you force session cookies? Or the links can also include the session id? Also what happens when they login? Usually you should regenerate another session especially if you allow the id to be passed with the url. See what happens if you block cookies with your browser. Can you login? And if the id can be set with the url check if the user profile links contain it in that case.

As of the time stamp on the garbage collector seems normal to me. But the write function sets the timestamp.

Yeah, you are not taking

$sessMaxLifeTime

into account whatsoever in your query calculation to compare time before a row should be removed.

Coopster,

I am not considering $sessMaxLifeTime in my query calculation because `session_expires` field of ws_sessions table have already calculated session expire time. So gc function simply removes those rows which have `session_expires` < time().

Enigma1,

Thanks for your reply. I am not saving any session cookies. I am just simply writing session to `ws_sessions` table by using following function.
/**
* @param $sessID
* @param $sessData
* @return unknown_type
*/
function write($sessID,$sessData) {
// new session-expire-time
$newExp = time() + $this->lifeTime;
// is a session with this id in the database?
$res = mysql_query("SELECT * FROM ws_sessions
WHERE session_id = '$sessID'",$this->dbHandle);
// if yes,
if(mysql_num_rows($res)) {
// ...update session-data
mysql_query("UPDATE ws_sessions
SET session_expires = '$newExp',
session_data = '$sessData'
WHERE session_id = '$sessID'",$this->dbHandle);
// if something happened, return true
if(mysql_affected_rows($this->dbHandle))
return true;
}
// if no session-data was found,
else {
// create a new row
mysql_query("INSERT INTO ws_sessions (
session_id,
session_expires,
session_data)
VALUES(
'$sessID',
'$newExp',
'$sessData')",$this->dbHandle);
// if row was created, return true
if(mysql_affected_rows($this->dbHandle))
return true;
}
// an unknown error occured
return false;
}

When user logs in I can see only one automatically created session cookie in cookie's list which is PHPSESSID.

The bizarre thing is it happens only out of even. May be once in a week :-(

I am not considering $sessMaxLifeTime in my query calculation because `session_expires` field of ws_sessions table have already calculated session expire time.

This could potentially be an issue, but not in your case. If you were using CURRENT_TIMESTAMP in the database for the write() method but time() for the gc() method you could have a discrepancy. However, I see from the write() method that you are using time() to calculate the value and write it, and you are also using time() to check during garbage collection.

Have you browsed the user contributed notes on the session_set_save_handler() [php.net] page? There may be something in there that you can check too.

I am adding one more note may be that will make situation more clear. A user is successfully getting logged in on my computer and if I click any link inside of profile area it was keeping session alive but same user on other computer is successfully getting logged in but if clicked any link inside of profile area is getting thrown out.

And you know after sometime (may be session expire time) its working fine on second computer too.

isn't this weird?