1

I am having issues with session data disappearing. While I won't say it's not code related, the conditions seem that way. After logging in, I can see the session data stored in the session file in the session data store. After 3 minutes, without doing anything with the browser, the data in the session file disappears. I'm using CentOS 6.8 and PHP 5.6.0.

session_start();    
if(($_REQUEST['login_btn'] || $_REQUEST['username'] || $_REQUEST['password']) && !$_SESSION['auth']) {
    if(!$_REQUEST['username'] && !$_REQUEST['username']) {
        header("Location: /?msg=bp");
        exit();
    }
    if($_SESSION['auth']!=1)
    {
        if(!$conn)
            $conn=mysql_conn();
        $sql="select pid,CONCAT(fname, ' ', lname) as pname,email1,password FROM people WHERE email1 = '".addslashes(str_replace(" ","",trim($_REQUEST['username'])))."'";
        $res=mysql_query($sql,$conn);
        if(mysql_num_rows($res)<1) {
            header("Location: /?msg=bp");
            exit();
        }
        else {
            $row=mysql_fetch_array($res);
            $user=$row['email1'];
            $pass=$row['password'];
            if($pass != $_REQUEST['password']){
                header("Location: /?msg=bp");
            }
            else {
                $_SESSION['pid'] = $row['pid'];
                $_SESSION['email'] = $user;
                $_SESSION['pname'] = $row['pname'];
                $_SESSION['auth'] = true;
            }
        }
    }
}

Relevant php.ini settings:

session.save_handler = files
session.save_path = "/data/session"
session.auto_start = 0
session.cookie_lifetime = 0
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor = 1000
session.gc_maxlifetime = 0
session.cache_limiter = nocache

Any help would be greatly appreciated!

jerbeast
  • 11
  • 1
  • Is this on a shared host? – Matt Apr 11 '17 at 01:21
  • No, it's a dedicated server. – jerbeast Apr 11 '17 at 01:27
  • Run phpinfo(); and see if gc_maxlifetime is still set to 0. – Matt Apr 11 '17 at 01:29
  • session.gc_maxlifetime = 0 according to phpinfo(). – jerbeast Apr 11 '17 at 02:06
  • Any crons doing any cleanup on that save path? – Matt Apr 11 '17 at 02:23
  • Not yet. I changed gc_maxlifetime to zero to try to solve this, with the plan to add a cron job for garbage collection. – jerbeast Apr 11 '17 at 02:36
  • If you try a number greater than 3 minutes does it obey? – Matt Apr 11 '17 at 02:37
  • I set gc_maxlifetime to 5 minutes (300), but still have no session data in the session file after 3 minutes. Sometimes the file is gone, other times just empty. – jerbeast Apr 11 '17 at 02:45
  • Hmmm. I'm not sure what else to check. Absolutely tied to this install? This might be good reading material: http://stackoverflow.com/questions/1516266/how-long-will-my-session-last/1516284 – Matt Apr 11 '17 at 02:51
  • Thanks for trying. I'd read that link already, which led me to change gc_maxlifetime, although the default 1440 is longer than the 3 minutes I'm experiencing. Yes, tied to this install. I have an identical server with the same php.ini (copied and diffed), same php.conf, and same httpd.conf that is not experiencing the issue. Versions are the same. I'm stumped, but the users are frustrated with timing out every 3 minutes. – jerbeast Apr 11 '17 at 02:57
  • You could install auditd to possibly track down what is deleting them. Have you tried a different save_path? – Matt Apr 11 '17 at 03:25
  • Changing back to default of /var/lib/php/session yields the same 3 minute lifespan. – jerbeast Apr 11 '17 at 03:47

0 Answers0