What would cause PHP sessions to time out very fast? WordPress
This is actually a question about WPQuestions.com, not WordPress. Several people have complained that the sessions on this site time out quickly, and they are forced to log in every 5 minutes. I've noticed this too. The PHP sessions on this server are stored in this folder:
/var/lib/php5
I have actually started watching that folder, checking every few minutes to get a sense of how fast the sessions disappear. There are some weird cases. Sometimes I am cruising around WP Questions and suddenly my session id changes, as a click from one page to another. PHP sessions should not function this way. But the files do disappear, suddenly, from /var/lib/php5, and they disappear before they should.
Has anyone seen problems like this before? Any suggestions?
Answers (3)
Martin Pham answers:
Hi Lawrence,
You can check value of php sessions timeout in php.ini
;http://php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime
session.gc_maxlifetime = second_value
if you use session cookie
; Lifetime in seconds of cookie or, if 0, until browser is restarted.
; http://php.net/session.cookie-lifetime
session.cookie_lifetime = 0
please modify these values to suit your requirements and restart apache/nginx/...
Lawrence Krubner comments:
I am sorry about my previous reply, that was actually meant for a different question that I had asked. I accidentally posted it here.
Lawrence Krubner comments:
This is from my php.ini:
php -i | grep session
session
session.auto_start => Off => Off
session.bug_compat_42 => Off => Off
session.bug_compat_warn => Off => Off
session.cache_expire => 180 => 180
session.cache_limiter => nocache => nocache
session.cookie_domain => no value => no value
session.cookie_httponly => Off => Off
session.cookie_lifetime => 0 => 0
session.cookie_path => / => /
session.cookie_secure => Off => Off
session.entropy_file => no value => no value
session.entropy_length => 0 => 0
session.gc_divisor => 1000 => 1000
session.gc_maxlifetime => 1440 => 1440
session.gc_probability => 0 => 0
session.hash_bits_per_character => 5 => 5
session.hash_function => 0 => 0
session.name => PHPSESSID => PHPSESSID
session.referer_check => no value => no value
session.save_handler => files => files
session.save_path => /var/lib/php5 => /var/lib/php5
session.serialize_handler => php => php
session.use_cookies => On => On
session.use_only_cookies => On => On
session.use_trans_sid => 0 => 0
root@dublin:/home/lawrence#
Mike Van Winkle answers:
If your site is using cloudflare or the server is using Varnish, this will often cause inconsistent session IDs, depending on the configuration.
Lawrence Krubner comments:
Interesting. The site is, in part, using the Symfony framework, which does some black magic regarding the cache. I will turn off the cache and see if that helps.
Daniel Yoen answers:
try this : http://stackoverflow.com/a/6069585
Hope this help
Lawrence Krubner comments:
Wow, this is really interesting:
<blockquote>On a shared server that runs multiple sites that use a shared session directory the session.gc_maxlifetime is in effect the shortest lifetime of all sites accessing that shared directory.</blockquote>
We have been working on cloud computers. I wonder if the other instances on the same machine effect the session timeout? Very interesting if true, though that suggests that all the sessions are being written to the same place, which can not be true because I can sudo to root and look in /var/lib/php5 and see that the sessions correspond to my websites.