6

I'm trying to store sessions in a database using Zend Sessions however for some reason my sessions die out. Im not sure if there's some code being executed which does this or whether its something else.

I've noticed that the session ID seems to be regenerated after a breif time after having logged in.

This is even despite having added the following line in my htaccess file:

php_value session.auto_start 0

The end result is that I'm logged out every minute I'm logged in.

Heres my code in my bootstrap file

$config = array(
    'name'           => 'session',
    'primary'        => 'id',
    'modifiedColumn' => 'modified',
    'dataColumn'     => 'data',
    'lifetimeColumn' => 'lifetime'
);


$saveHandler = new Zend_Session_SaveHandler_DbTable($config);
Zend_Session::rememberMe($seconds = (60 * 60 * 24 * 30)); 

$saveHandler->setLifetime($seconds)->setOverrideLifetime(true); 

Zend_Session::setSaveHandler($saveHandler);
//start your session!
Zend_Session::start();

I'm not using any other session related function except perhaps for Zend_Auth when logging in.

Infact rememberme calls the regenerateID function of the Session class - the end result is that I'm constantly logged out every few minutes now.

Martijn Pieters
  • 1,048,767
  • 296
  • 4,058
  • 3,343
Ali
  • 7,353
  • 20
  • 103
  • 161
  • And what is the table structure you use? – wimvds May 11 '11 at 13:37
  • Have you been able to figure it out Ali? – Jerry Saravia May 14 '11 at 02:50
  • Not yet I'm afraid - I've put it aside for now but need a solution – Ali May 23 '11 at 11:51
  • Hey, this might be worth trying since nothing else works. Try changing the order that you're calling things again. Call the rememberMe AFTER you've set the savehandler. – Jerry Saravia May 25 '11 at 12:44
  • I've done that and the end result is that I'm logged out every few minutes :( infact I've commented out the rememberme function so atleast I stay logged in until the browser window is closed. Frankly I'm stumped here... – Ali May 26 '11 at 05:37

4 Answers4

5

I think that you might be having this problem because you're calling rememberMe BEFORE starting the session.

You have to start the session first otherwise rememberMe won't do anything since it needs a session to set the rememberMe time on.

rememberMe calls the regenerateId function and the regeneration of the Id is what really needs the session to exist.

Place the rememberMe call after the session start then see how that works for you.

If that isn't it then I don't know what it could be since my code looks similar to yours.

Jerry Saravia
  • 3,737
  • 3
  • 24
  • 39
  • OK - I'll try that! I'll be back in a while! – Ali May 11 '11 at 12:01
  • The documentation however states the opposite http://framework.zend.com/manual/en/zend.session.global_session_management.html that Rememberme must be called before starting a session :( – Ali May 11 '11 at 12:03
  • hmmm? That's very strange. I looked directly at the code and the rememberMe function calls regenerateId. RegenerateId does nothing if the session isn't set, however. – Jerry Saravia May 11 '11 at 20:54
  • ?? The documentation is weird. On that same page it states that rememberMe uses regenerateId but that has to do with something else probably. My suggestion now is to check that the php value for session.use_cookies = 1 and that session.cookie_lifetime = 0. Other than that I've run out of ideas right now. – Jerry Saravia May 11 '11 at 21:30
  • This is perplexing here - whats a better way to implement session handling in this case? – Ali May 12 '11 at 07:03
  • One other thing that popped into my mind is that your browser is doing something that ignores the session length in cookies. – Jerry Saravia May 12 '11 at 16:56
  • if thats the case then this is something all my browsers are doing :( I'm frankly stumped here – Ali May 23 '11 at 11:52
  • do your browsers have something that deletes cookies periodically? because – Jerry Saravia Jun 02 '11 at 02:52
  • I doubt that - I'm always signed into stackoverflow...browser hasnt signed out of here yet :) – Ali Jun 05 '11 at 08:43
5

Have you tried something like this?

protected function _initSession() {
    $config = array(
        'name'  => 'session',
        'primary'  => 'id',
        'modifiedColumn' => 'modified',
        'dataColumn' => 'data',
        'lifetimeColumn' => 'lifetime',
        'lifetime' => 60*60*24*30,
    );

    Zend_Session::setSaveHandler(new F_Session_SaveHandler_DbTable($config));        
}

This way the lifetime isn't set after initialising the database sessions, but is directly included in the initialisation options - it works for me, I see no reason why this should fail in your case :).

mingos
  • 23,778
  • 12
  • 70
  • 107
  • I doubt its the lifetime issue - as when an entry is made into the database the correct lifetime is entered. However the session ID is regenerated it seems. I'm checking the entries made in the session table here. – Ali May 11 '11 at 12:02
2

I think you need to look once into following values after bootstrap code

session.gc_maxlifetime
session.cookie_lifetime
Sandeep Manne
  • 6,030
  • 5
  • 39
  • 55
  • WHere in my bootstarp file should I check for this? – Ali Jun 05 '11 at 08:42
  • check in index.php and check it in init function of any controller, so that you can track whether any modifications is happening in b/w by framework – Sandeep Manne Jun 06 '11 at 08:16
0

If You configure session resources in *.ini config file, check resources.session.cookie_domain parameter. I spend 3 hours when I remembered about it.

Jerzy Drożdż
  • 438
  • 6
  • 8