PHP Session Data Lost Between [Some] Pages

frustrated

Ugh… So I’ve been working on a website for a student group at the University of Oregon. I’m developing a custom content management system for the site that uses jQuery UI and AJAX. It’s pretty spiffy actually.

Unfortunately I’ve always had problems maintaining $_SESSION data on the University web-server. For some reason my authentication class would work fine on my dev environment, but would randomly lose and then remember the $_SESSION data on the University web-server. This means that administrators would randomly get logged out when they were trying to update the site.

So after getting frustrated and avoiding the problem for several weeks, I finally found a solution here.

It turns out that the session.save_path value in php.ini was not set. The solution was to run session_save_path() at the top of my script and set the path manually to my home directory (one level below public_html).

<?php
  session_save_path('/home5/twadding/session_data/');
?>

This seems to have resolved the problem nicely. One caveat. Don’t keep your session data anywhere that is publicly accessible. Otherwise malicious users could access any of your session data on a whim.

Spending a week pouring over my code was incredibly frustrating, but at least my authentication class is nicely tuned now.

Thanks to turkguy0319 for the great image.

17 thoughts on “PHP Session Data Lost Between [Some] Pages

  1. Hi. Thanks for this!

    I had the same problem and it was very frustrating due to the random and seemingly unpredictable nature of it. Sessions could last anywhere from 20 seconds to 20 minutes.

    However in my case the server DID have a valid setting for save_path (it was simply “/tmp” which is quite a normal setting for linux servers) but I was still getting the random loss of session data. After setting the save_path to a local folder near my own home directory as you suggested, the problem went away.

    So what causes the problem in the first place? It should be quite acceptable to store session data in temporary folders. It could be that the folder was being prematurely cleansed by some other process, but that wouldn’t explain how, as you also mention, the session data would randomly disappear and then sometimes RE-appear! This to me indicates a file access problem, where the file is still there but unable to be read on occasion. I think that when it comes down to it, if the server is hosting a large number of sites, each of which is running potentially a large number of sessions simultaneously, it becomes a bit too much for the system when all of those processes need access to the same folder at the same time.

    It would have been nice if I had received some kind of notification that the session data file could not be read, but hey, perhaps there is a log file somewhere I’m not privy to. It’s not my server after all.

    Enough of my waffling! Thanks again for the tip :)

  2. hello
    thanks for ur help

    but i tried ur tip and it doesnt work
    if u have another solution plz publish it as i need it .

    my session lost in certain page
    any page else doesnt lose sessions

  3. Hey
    i Sollved IT :)

    and i posted that to make easy for every one searches on this issue
    may be my sloution goes well with u , may be not !

    all i did is changing name of session that i play on

    $_SESSION[‘type’] changed to $_SESSION[‘Tipe’]

    Hope that helps

  4. There’s a cron job that deletes session data older than session.gc_maxlifetime. Changing the directory worked for you because the cron doesn’t find the session data anymore, but I believe the right way to do this is to extend the session.gc_maxlifetime in php.ini.
    Give it a try, end the voodoo misconceptions around loosing the session data.

  5. It’s the UI css that’s causing the problem. Remove it and your session variables should be intact but there goes your styling. I had the same problem with datepicker UI but still have not found an answer..

    • Hey There, I appreciate the comment, but CSS would not affect your PHP code in any way. There must be something else going on in your case.

  6. Thanks for this, I’ve read of this being resolved by editing the setting in the php.ini file but this was not working for me. Setting the variable in the code works great.

  7. I just solved an issue where PHP session variables were being lost if I reloaded the page. The problem was a CSS file with an invalid URL. Once I fixed the href attribute of that LINK tag to point to the correct file, the issue went away. So CSS _can_ apparently affect PHP session variables. Must be some weirdness with the 404 response/headers or something.

    • Big thanks for that tip. I was struggling forever with why my sessions were being lost. Lo and behold, if I commented out the 404 redirect in my .htaccess the problem went away. Two issues I had there, first, my 404 redirect was going to the wrong path (needed to go to a sub-folder on the domain) and second, I must have had a wrong URL in my CSS or some other page that wasn’t being found and was being sent to the incorrect 404 page, where the sessions were getting lost (because, I believe, that page didnt have a session_save path).

  8. Dude! You just saved me from shooting myself! I was having this exact problem for weeks until I found your post, thanks!!!

  9. WOW!!!!
    Like thanks a million! Oh My Goodness i was looking my mind…..till i saw this…..who da fargh!! configures these servers. I spent more time finding a solution than making the damn website.

    Once again, thank you.

  10. Pingback: PHP: perdita di sessioni durante il cambio delle pagine

  11. Hi.
    i have problem. could anyone help me ?!!!
    I am writing online shopping website.I set as session (its name is ‘shop’). after I verify my basket shop it goes to payment page of bank(page of online payment of bank website).after payment is done it return to my page bud now i dont have my session data?

  12. You may have trouble if you use ‘|’ in the key:

    $_SESSION[“foo|bar”] = “fuzzy”;

    This does not work for me. I think it’s because the serialisation of session object is using this char so the server reset your session when it cannot read it.

    To make it work I replaced ‘|’ by ‘…..’

  13. Hi, I would like to share my experience in dealing with randomly missing session variables.

    It turns out to be simple solution, after I uploaded to my web server all my images was not able to display with error message 403 forbidden. And somehow these caused my session variable to disappear each time it tries to load some pictures. The solution was the hotlink protection features that I have set earlier in my cpanel webhost for my previously configured sites. Now all I did was to include my domain to the hotlink protection field and it works! No more missing variables! :)

Comments are closed.