0

I just faced a weird problem with $_SESSION.
I have built a Real Estate website for a client but after a while he called me and said that the Back-end disconnect by itself whenever he does an update, delete or create action on a property.
The weird part is that this problem happens only to him when I try to do it on my computer I don't face this problem.
In my code I'm doing a simple test for all paths of the Back-end to check if there is a user connected to display the page for him, otherwise the visitor will be redirected to the login page.
Here is my code:

if(!isset($_SESSION['user'])) 
     $this->redirectToRoute($loginRoute);//---this is not symfony function it's a simple function I created to redirect to the selected path

So my conclusion is that the session is being destroyed by itself that's why when he do an update, create or delete action he find himself in the login page !

What can be the source of such problem ?!!

SlimenTN
  • 3,383
  • 7
  • 31
  • 78
  • Could it be a session timeout ? – RiggsFolly May 11 '17 at 10:33
  • did you started session_start(); on page top ? – JYoThI May 11 '17 at 10:34
  • @RiggsFolly but I'm not using timeout, and as mentioned in the quesiton the problem happens only in his computer. In mine works well, I'm already doing some test and the site works well for me! – SlimenTN May 11 '17 at 10:35
  • @JYoThI yes I did. – SlimenTN May 11 '17 at 10:35
  • Have you got any session hijacking prevention code, perhaps using some kind of user fingerprinting, going on when you start up the session? – CD001 May 11 '17 at 10:35
  • @CD001 sorry what is `session hijacking` ? – SlimenTN May 11 '17 at 10:36
  • I'll take that as a no then ... https://www.owasp.org/index.php/Session_hijacking_attack – CD001 May 11 '17 at 10:37
  • 1
    have you checked the php.ini in his machine. find a line session.gc_maxlifetime and check what is the value or is this enabled or not – Exprator May 11 '17 at 10:37
  • @Exprator it's a website, it's working on a remote server not in his machine. – SlimenTN May 11 '17 at 10:38
  • @CD001 I will take a look at that. – SlimenTN May 11 '17 at 10:38
  • ok, so try to do it with a different browser. have you tried that? – Exprator May 11 '17 at 10:40
  • could it be linked to high-level security settings in the browser ? – OldPadawan May 11 '17 at 10:43
  • 1
    My point is you are probably quick, your user may not be. ALL Session have a timeout set in `php.ini` param is `session.gc_maxlifetime` maybe you need to increase this to allow your user more time to complete whatever they are doing – RiggsFolly May 11 '17 at 10:44
  • Does your client delete cookies? – sebastianwagner May 11 '17 at 10:47
  • check also your session configuration, like `session.use_only_cookies` or `session.cookie_lifetime`. Your client might have forbidden cookies on the site by mistake – Kaddath May 11 '17 at 10:49
  • @Kaddath how do I do that ? – SlimenTN May 11 '17 at 10:51
  • @RiggsFolly nop I did wait for a long time to do some actions and still works fine – SlimenTN May 11 '17 at 10:52
  • @Exprator yes I did and workes well. – SlimenTN May 11 '17 at 10:53
  • @sebastianwagner but I'm using session and not cookies, is there any relation between them ? – SlimenTN May 11 '17 at 10:53
  • The frequency at which garbage collection might run depends on the `gc_probability` and `gc_divisor` settings, only if it runs does `gc_maxlifetime` come into play, so on an admin system with very low levels of usage it's quite possible that session data won't be deleted as frequently as you might hope... `session.cookie_lifetime` is just as likely a culprit as is the possibility that a cookie expiration time **is** being set at all (and it doesn't work like you might imagine) : http://stackoverflow.com/questions/520237/how-do-i-expire-a-php-session-after-30-minutes/1270960#1270960 – CD001 May 11 '17 at 10:54
  • @SlimenTunis sure: browsers send session-cookies back to your webserver. PHP uses them to load session-data for them and equip your variables. – sebastianwagner May 11 '17 at 10:57

0 Answers0