2

I'm having some issues with my CodeIgnighter site losing session data when pushed through to the production server.

We have a CodeIgnighter site that uses the session to store data related to bookings while people navigate the site. I can quite happily leave the page for 15+ minutes, return and everything works fine.

However, when pushing the code live to the production server, the session seems to timeout/lose data after the 5 minute mark.

I have set the default session timeout in the CodeIgnighter config files but i'm wondering if there's something server/php/apache level that could be overwriting my CodeIgnighter settings? Unfortunately my knowledge of session handling isn't great and Google hasn't helped so far!

I've attached the session information from a phpinfo(); from both the working site, and the broken production site.

Any help would be most appreciated!!

Working Development site:


    Directive   Local Value Master Value
    session.auto_start  Off Off
    session.bug_compat_42   On  On
    session.bug_compat_warn On  On
    session.cache_expire    180 180
    session.cache_limiter   nocache nocache
    session.cookie_domain   no value    no value
    session.cookie_httponly Off Off
    session.cookie_lifetime 0   0
    session.cookie_path /   /
    session.cookie_secure   Off Off
    session.entropy_file    no value    no value
    session.entropy_length  0   0
    session.gc_divisor  100 100
    session.gc_maxlifetime  1440    1440
    session.gc_probability  1   1
    session.hash_bits_per_character 4   4
    session.hash_function   0   0
    session.name    PHPSESSID   PHPSESSID
    session.referer_check   no value    no value
    session.save_handler    files   files
    session.save_path   /tmp    /tmp
    session.serialize_handler   php php
    session.use_cookies On  On
    session.use_only_cookies    On  On
    session.use_trans_sid   0   0

Broken production site:


    Directive   Local Value Master Value
    session.auto_start  Off Off
    session.bug_compat_42   Off Off
    session.bug_compat_warn Off Off
    session.cache_expire    180 180
    session.cache_limiter   nocache nocache
    session.cookie_domain   no value    no value
    session.cookie_httponly Off Off
    session.cookie_lifetime 0   0
    session.cookie_path /   /
    session.cookie_secure   Off Off
    session.entropy_file    no value    no value
    session.entropy_length  0   0
    session.gc_divisor  1000    1000
    session.gc_maxlifetime  1440    1440
    session.gc_probability  1   1
    session.hash_bits_per_character 5   5
    session.hash_function   0   0
    session.name    PHPSESSID   PHPSESSID
    session.referer_check   no value    no value
    session.save_handler    files   files
    session.save_path   no value    no value
    session.serialize_handler   php php
    session.use_cookies On  On
    session.use_only_cookies    On  On
    session.use_trans_sid   0   0
xpda
  • 15,585
  • 8
  • 51
  • 82
Joel
  • 384
  • 5
  • 18
  • I believe you will find a suitable solution from the accepted answer to this question: http://stackoverflow.com/questions/1516266/how-long-will-my-session-last/1516284 –  Jan 22 '13 at 10:55
  • Thanks, i'm using CodeIgniter so it should be managing the session's on it's own already but i dig deeper in those posts. I think the fact that the session.save_path isn't set on the production server might be causing issues? – Joel Jan 22 '13 at 12:58
  • CI uses its own sessions, you should probably check what's going on there... I doubt it can be something Apache-related. – Shomz Jan 28 '13 at 00:36
  • It is interesting that you're experiencing session issues after five minutes, since that is the default setting for "$config['sess_time_to_update']" in APPPATH/config/config.php. What is $config['sess_expiration'] time set to? -- On a side note, the one thing that trips me up almost every time is forgetting to set the encryption key in config.php since it is required for sessions whether you're using encrypted sessions or not :) – T.P. Feb 05 '13 at 23:53
  • 1
    CI has session problems with AJAX calls. Take a look: https://github.com/EllisLab/CodeIgniter/pull/1283 – Patrick Savalle Feb 16 '13 at 11:29
  • And https://github.com/EllisLab/CodeIgniter/issues/154 – Patrick Savalle Feb 16 '13 at 11:31
  • did setting the session path help? also is you production environment load balanced? since you are using file based session handler if you are load balanced you can be saving the session on one server and then hitting another where the session has not been set yet.. if this is this case you can either switch to db based session handler or mount the session save dir – plague Feb 16 '13 at 21:53

1 Answers1

0

Actually I would suggest a totally different solution and tell you to use database as the handler for your sessions.I prefer using database as you can have multiple servers and it is optimal for session security.

tix3
  • 1,142
  • 8
  • 17