Sessions drop?

[fflandrath53]

Hello everyone,
Over the last few days I've noticed that sessions seem to be dropping and logging users out in shorter and shorter amounts of time? I have not made any changes to my script (see code below) at greenfloyd.org

Prior to this, sessions would last indefinitely, or until a user logs out, or is inactive until the garbage collector runs.

Code:

require "./includes/_roller.session.php";
	session_start();
	$_SESSION['IP']="";
	$_SESSION['proxy']="";
	$_SESSION['host']="";

/_roller.session.php

Code:

<?php
	session_save_path("/home/floyd/public_html/tmp");
	ini_set("session.gc_maxlifetime", 86400);
	ini_set("session.gc_probability", 1);
	ini_set("session.gc_divisor",200);
	ini_set("session.bug_compat_warn", off);
?>

TIA Floyd...

[stpvoice]

Moved to programming help.

[ellescuba27]

In order for require to work, you need brackets, cause it's a function, like so:
require("./includes/_roller.session.php");
Also, on most hosts, sessions expire after 60 minutes. Do you have session_start() in the header of every page?

[fflandrath53]

Hi ellescuba27,

Thank you for your reply.

The "require" (include) seems to be working fine as shown above. According to the php manual, "Because include() is a special language construct, parentheses are not needed around its argument."

Yes, I have session_start() on each page where it's needed.

As I mentioned I haven't made any changes to the script so I had hoped that perhaps some server side change was recently made in the php config and that would explain the sudden change in session behavior...

[essellar]

La sao?

Huh???? Please don't post into threads if you can't add anything to the discussion.

As for the original question:

I'm not saying that this is definitely what's going on; it's just the merest supposition on my part, but... you are working in an environment where the "server" is actually a cluster of machines, and there is no guarantee that your users are going to be connected to the same physical server with every page request. If the sessions are stored in a way that can make the session created on one physical server inaccessible to other servers in the cluster, then a perfectly valid session may appear to have been timed out or terminated when the user goes to a different page. This can happen whenever network difficulties (routing problems, issues with the cluster controller, sheer volume of traffic) prevent the two (or more) machines from synchronizing properly on schedule. And it may be one of those coming-and-going problems that's difficult to identify, since it won't affect all users and all sessions equally -- a user who is directed to the same physical server on every request by the load balancer will never experience the issue, while another user who is unlucky enough to be bounced from one machine to another all of the time will appear to have major authentication problems. And it will often be temporary and self-healing. All in all, it's a real SOB to pin down.

One way around the problem is to use a database (rather than the filesystem) to store sessions. Database replication (if multiple replicas of the database on different servers are being used) is usually much more efficient and reliable than file system synchronization, so things like traffic will have less of an impact. Again, I'm not sure of the network topology here, but it's normal to have several clustered web servers all addressing a single database server and save replicas for backup and failover, so replication delays from the active server to the backup/failover server is usually not an issue until something big goes wrong -- you will see stale-data issues as well as occasional session problems.

So, the TL;DR version is: do nothing and wait out what may be datacenter network issues, or move your session handling to MySQL.

[fflandrath53]

Hello essellar,
Today, after about 10 hours from log in it appears my session is remaining valid ... quite the turn-around from the last few days. But that's cool, it looks like things are back to normal (whatever that is) ...

Putting session on Mysql is an interesting idea and I'll look into it but I have no idea how to implement it at this point and would need to study how it's done. Do you have any references or examples I could look at?

I very much appreciate all your time and effort. I hope I can return the favor someday.

Floyd

[essellar]

Here's a link I've kept handy for some time for a Session PDO class. The link is to the documentation, but there's a download link on the documentation page.

[fflandrath53]

Oh hell, looks like I posted too soon. Sessions are screwed up again! I also notice a new thread on the same subject so it's not just me. Something was changed somewhere and it's having a downstream effect, it's pretty frustrating. Should I open a ticket?

[essellar]

No -- staff are aware of the problem, and there's no quick fix. As I said, it's probably to do with internal network issues at the datacenter, and there have been some problem reports relayed to us (as users here). Since the issues are beyond x10Hosting's control, all you can do is tell them about an existing issue.

Moving to a DB-backed session system is about the only suggestion I can make for a long-term solution -- it will work as long as the database itself is accessible, and when that goes down, you have bigger problems that sessions to worry about.

[fflandrath53]

essellar, I understand and I'm sure Corey and his staff can clear this up in short order. Your point about a db based session system makes a lot of sense and it does appear not to be as big a job as I first thought.
thanks again...